AI is getting scary good at finding hidden software bugs - even in decades-old code (www.zdnet.com)

A recent experiment demonstrated that AI, specifically Claude, can effectively identify hidden software bugs in decades-old code, including a significant logic error related to a carry flag that had evaded detection for years. This ability is notable as it showcases AI's capacity to analyze legacy code, which predates current programming paradigms and security protocols. While the potential for AI to uncover vulnerabilities presents an opportunity for improvement in software quality, it also raises alarms about the security of outdated systems. Experts warn that AI's prowess in reverse-engineering complicated architectures could expose previously secure binaries, transforming those once considered safe into new targets for cybercriminals. Current AI models complement traditional static analysis tools by shifting focus from merely adhering to established rule sets to probing for potential failure modes and attack paths, enhancing their bug-detection capabilities. However, researchers caution that while AI can be a powerful ally in code auditing, it is not a substitute for established security measures. Studies have shown that AI may inadvertently introduce new security flaws, underscoring that reliance on AI for complete oversight is premature. As the landscape of software vulnerabilities evolves, especially concerning legacy systems, a balanced approach employing both AI and traditional techniques is essential for maintaining security integrity.