AI-supported integration for automatic threat analysis (AIBA)

Reports of cyberattacks are no longer a rarity in the media. With the increasing number of networked systems and the growing exchange of data, new and diverse opportunities are emerging for attackers to exploit vulnerabilities in software products. At the same time, new legal requirements such as the Cyber Resilience Act (CRA) oblige companies to improve the security of their software in the long term.

Regular, extensive threat modeling plays a crucial role: it enables potential vulnerabilities and attack scenarios to be identified early on, prioritized based on risk, and used to derive appropriate security requirements and countermeasures that can be planned and implemented right at the start of the development process.

However, many development teams reach their limits here. They do not have sufficient time, knowledge, or experience to implement threat analyses effectively and continuously. Against this background, the AIBA (AI-supported integration for automatic threat analysis) research project is investigating the extent to which generative AI systems such as ChatGPT or GitHub Copilot are suitable for automating threat analyses and integrating them into the development process in the long term. The aim is to reduce the manual effort involved in continuous analyses while increasing their effectiveness – for a secure digital future.