• Dana Epp

AI for security: Microsoft Security Risk Detection makes debut

This is why I love the Microsoft Cloud.

Microsoft has released a cloud service that uses artificial intelligence to track down bugs in software, both for Windows and Linux.

Microsoft Security Risk Detection, previously known as Project Springfield, is a cloud-based tool that developers can use to look for bugs and other security vulnerabilities in the software they are preparing to release or use. The tool is designed to catch the vulnerabilities before the software goes out the door, saving companies the heartache of having to patch a bug, deal with crashes or respond to an attack after it has been released.

Security Risk Detection is Microsoft's unique fuzz testing service for finding security critical bugs in software. Security Risk Detection helps customers quickly adopt practices and technology battle-tested over the last 15 years at Microsoft.

What is really cool is that they use AI to automate the same reasoning process that you or I would use to find a bug, and then scale it out with the power of the cloud so they can be found quicker. There is a great video case study from Docusign on how this works for them:

This is a great asset to anyone's Security Development LifeCycle. I applaud Microsoft for making this available to us. I know some of the fuzz testing backing comes from an internal project called SAGE that they have used themselves for years for Windows and Office (and many other products). Getting this in our hands is just awesome.