AISLE Emerges From Stealth With AI-Based Reasoning System to Remediate Vulnerabilities on the Fly

AISLE has emerged from stealth with a new AI-based cyber reasoning system (CRS). The term CRS originates from DARPA’s Cyber Grand Challenge, held in 2016 and designed for research into systems able to detect, exploit, and patch software vulnerabilities in real time.

Since that Challenge, AI-driven software has become mainstream, and AISLE’s new CRS is described as an “AI-native cyber reasoning system that autonomously identifies, triages and remediates with verification both known and zero-day application vulnerabilities.”

Ondrej Vlcek (CEO and co-founder at AISLE) explains, “AI is reshaping the economics of cybersecurity, but to date, it’s almost entirely in favor of malicious actors – speeding up attacks and driving down the costs of weaponizing vulnerabilities. AISLE flips the advantage back to defenders by solving the hardest problem in security: fast and accurate vulnerability remediation.”

The new company has co-founder pedigree: Vlcek, CEO (former CEO at Avast); Jaya Baloo, COO (former CSO at Rapid7); and Stanislav Fort, chief scientist (former research scientist at DeepMind and Anthropic). The firm’s angel investors include DeepMind’s current chief scientist, Hugging Face’s co-founder and chief science officer, Datadog’s co-founder and CEO, and Microsoft’s CPO for AI experiences.

The need for automated remediation going beyond anomaly detection is clear and becoming more urgent. “In 2024, more than 40,000 new software vulnerabilities were discovered. Each one represents potential exposure [and] even the critical ones take organizations on average 45 days to fix,” explains Vicek in an accompanying blog. Meanwhile, attackers take only five days to exploit a vulnerability. They have adopted and adapted AI for attack faster than defenders have done so for defense – the attackers have not waited to see how AI evolves: they have no company, employees nor shareholders to worry about.

AISLE aims to reverse this differential by automating the complete process of vulnerability remediation. “Our system doesn’t just identify risks – it resolves them autonomously, verifying results against a continuously updated twin of an enterprise’s software stack. This collapses the remediation loop from weeks or months to days or even minutes, while preventing any disruptions and still allowing full human oversight,” says Vicek.

The analysis process finds known and unknown vulnerabilities. In its first weeks of operation, AISLE found more than 100 new vulnerabilities within foundational software, including the Linux kernel, OpenSSL, cURL, and the Apache stack. But its analyzer also goes beyond simple code flaws. It can identify vulnerabilities such as race conditions, business logic flaws, missing authentication and more.

The remediation process automatically fixes the discovered flaws in both first party and third party code – there is no need to wait for third party patches nor any need to ignore them when they arrive. “Remediation means creating the fix (the actual code patch), validating that patch (using our Verifier Agent, that can actually create an on-the-fly docker image with the patch candidate to test it), all the way to pushing the changes to Git,” Vicek told SecurityWeek.

Advertisement. Scroll to continue reading.

The existing tension between full automation (for speed and the elimination of human error), and human control (keeping a human in the loop ‘just in case…’) is configurable. “Some customers want to stay fully in control and use AISLE just in an assistant/copilot mode, which is fine. Some may prefer more autonomy, which is also supported. The point is that the level at which the human is kept in the loop can be chosen by the customer,” explained Vicek.

“Developers and security professionals can now operate together at machine speed, get free of the backlog burden, and finally move toward a future of self-defending software stacks,” he says. He describes the product as ‘accelerating to zero’ – that is, rapidly achieving a state of zero exploitable zero days.

Related: Beyond the Black Box: Building Trust and Governance in the Age of AI

Related: AI Takes Center Stage at DataTribe’s Cyber Innovation Day

Related: Google DeepMind’s New AI Agent Finds and Fixes Vulnerabilities

Related: Google Patches Gemini AI Hacks Involving Poisoned Logs, Search Results