This disclosure describes the use of reinforcement learning techniques to generate code exploits that can validate findings of vulnerability in an automated fashion. Using static analysis, a machine learning model is built with a large corpus of code with known exploits. A cost function and associated criteria are updated to determine legitimate vulnerabilities. The model output is a number of proof-of-concept exploits that can be reused and run across the output of the static analysis tool. Executions resulting in an exploit provide proof of validity and can be flagged for remediation. Validation criteria for software mitigation and procedural controls are produced that assert the effectiveness for breaking attack chains. Practical assessments of security controls and remediations are provided, enabling early removal of vulnerabilities. Reusability (vulnerabilities of one application being used to find exploitable pathways in another) can be automated. The subject matter expertise, costs, and labor required to determine actionable exploits can thereby be reduced.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.