| ▲ | excitedrustle 3 days ago | |
Working on Fraim, open-source agents for cloudsec and appsec engineers to complement existing deterministic scanners. Born out of our 3 years of learnings building such scanners for IaC. Turns out in the real world policies are subjective enough to make this hard. Examples: - Policies are frequently subjective. Hard to codify, but LLMs can evaluate them more like a security engineer would. "IAM policies should use least privilege." What is "least" enough? "Admin ports shouldn't be exposed to the Internet." What's an admin port? - Security engineers are stretched thin. LLMs can watch PRs for potentially risky changes that need closer human review. "PR loosens authz/authn." "PR changes network perimeter configuration." - Traditional check runs (SAST, IaC, etc.) flood PRs with findings. Security doesn't have time to review them all. Devs tends to ignore them. Frequent false positives. LLMs can draw attention to the important ones. "If the findings are unusual for this repo, require the author to acknowledge the risk before merging." | ||
| ▲ | epolanski 3 days ago | parent [-] | |
Super interesting! | ||