Artificial intelligence (AI) is transforming the world and being integrated into every aspect of our lives. The latest one was in programming, where the Lightning Cat AI model detected vulnerabilities in smart contracts with an f1 score of 94%.
In a recent paper, five AI experts dug into Application of deep learning in detecting vulnerabilities in smart contracts.
Currently, developers rely on tedious human reviews and static analysis tools that rely on predefined rules and lack the ability to analyze complex semantics, making them prone to recording false negatives and false positives. depends on. Additionally, new data typically makes predefined rules obsolete.
Deep learning techniques do not require predefined detection rules and can be adapted to learn new characteristics of vulnerabilities.
Introducing Lightning Cat, a deep learning-based model. This paper reveals that Optimized-CodeBERT, trained using Lightning Cat, outperforms the best existing solution by at least 11% in detecting code vulnerabilities.
“Based on experimental evaluation results, Lightning Cat proposed in this paper shows better detection performance than other vulnerability detection tools. [It] We achieved recall of 93.55%, precision of 96.77%, and f1 score of 93.53%, which is 11.85% higher than Slither,” the researchers said.
Lightning Cat’s scope can extend beyond smart contracts to detect vulnerabilities in other types of code. We also collect data on new vulnerabilities and update model parameters to address new challenges.
But while it’s an essential asset for developers, it can be deadly in the wrong hands. These parties can use Lightning Cat to smartly detect undisclosed vulnerabilities in their contracts and launch attacks before developers patch their code.
To prevent such attacks, researchers advise that developers should conduct regular human audits.
But experts say that while AI is making inroads into programming, it is still a long way from becoming independent with the ability to work on its own. As with all other common queries, AI tends to miss some obvious answers and may invent solutions to challenges that don’t exist.
According to blockchain security company CertiK, AI should be used to assist developers and cannot be trusted to build alone. In September, the company’s chief security officer warned against amateur developers outsourcing their work to AI, as the company’s products are easy for legitimate attackers to break into.
Watch: Does AI know what it’s doing?
New to blockchain? Check out CoinGeek’s Blockchain for Beginners section. This is the ultimate resource guide to learn more about blockchain technology.