Vigolium: Open-Source Vulnerability Scanner (www.helpnetsecurity.com)

Vigolium, a new open-source vulnerability scanner, has launched its first release, merging deterministic scanning with AI-driven auditing. This tool features over 235 scanner modules and a unique in-process agent runtime called olium, which autonomously discovers endpoints, plans attacks, and performs triage. It offers two scanning paths: a multi-phase deterministic pipeline and an LLM-driven harness that customizes scans through module selection and JavaScript extensions. Notably, Vigolium incorporates budget caps to manage the resources used by its autonomous agent, ensuring that operators can control time and cost while achieving effective audits. The significance of Vigolium in the AI/ML community lies in its innovative approach to addressing common challenges in security auditing, such as managing the reliability of findings generated by LLMs. By separating the triage process, Vigolium aims to improve the accuracy and confidence of its results while allowing for customizable scanning through its JavaScript engine. However, the potential risk of running unverified code through extensions necessitates a careful trust model if a community registry emerges. With both an open-source core and a commercial Cloud Console for operations, Vigolium encourages collaboration and transparency in ongoing security efforts, aiming to build trust among its user base.