“In "AI Can Help Defend Against Cyberattacks" (op-ed, Feb. 20), Anne Neuberger rightly argues that AI cybersecurity has become a contest at machine speed. But before building ever-faster defensive agents, we must address a deeper vulnerability: Much of the software underpinning critical systems today is poorly understood by its own operators.
The Cybersecurity and Infrastructure Security Agency warns of a "software understanding gap." Organizations often lack visibility into the full security posture of the complex systems they rely on. A Software Bill of Materials (SBOM) is a step forward, but documentation alone does not reveal latent vulnerabilities, insecure coding practices or malicious logic buried across millions of lines of code.
Cybersecurity defense needs to begin with full-system analysis of the software already deployed -- in power grids, pipelines, financial systems and defense platforms. Advances in AI code analysis, such as those at Adronite [1] now allow deep contextual audits of entire codebases, which detect unintended weaknesses -- along with flawed assumptions, insecure design patterns and even deliberate backdoors that traditional tools and human reviewers routinely miss.
But defense doesn't stop at auditing legacy systems. Full-system AI coding agents can help embed secure coding practices into the development lifecycle itself, in addition to preventing the accumulation of tech debt: years of patches and workarounds that render systems more fragile under stress. For defense and homeland-security systems especially, continuous AI-assisted code auditing should become a requirement.
Machine-speed attacks demand machine-speed understanding. Without achieving genuine visibility into our existing systems, faster defense will be built atop fragile foundations.
Lt. Gen. Jon Davis USMC (Ret.)
Sagle, Idaho
Mr. Davis is former deputy commander of U.S. Cyber Command and an adviser to Adronite.” [2]
1. Adronite is an AI-powered software intelligence platform designed for deep, enterprise-level codebase analysis, modernization, and security. Unlike snippet-focused AI tools, Adronite ingests entire, large-scale codebases to provide full-system visibility, supporting over 20 programming languages.
Key Features and Capabilities of Adronite:
Deep Codebase Understanding: It analyzes millions of lines of code to map dependencies, trace data flow, and understand the architecture of both legacy and modern systems.
AI-Powered Insights & Chat: Users can interact with the codebase via a natural language chat interface to ask questions, explore system-wide insights, and document code at every level.
Security & Risk Remediation: The platform detects, analyzes, and helps remediate vulnerabilities by analyzing the code's context, rather than just using pattern matching.
No Context Limits: Adronite is designed to handle massive, complex codebases without the context window limitations found in traditional LLM tools.
Privacy-First Deployment: The platform can be deployed on-premise or in private clouds, ensuring code privacy.
Continous Integration/Continous Delivery: It integrates directly into development pipelines (e.g., GitHub Actions) to provide automated, ongoing analysis.
Adronite's Role in Modernization:
Adronite acts as a "virtual domain expert" for code, enabling organizations to manage technical debt, automate documentation, and facilitate language migration (e.g., COBOL to modern languages). The platform recently raised $5 million in Series A funding to expand its capabilities.
1. Systems Run on Software No One Understands. Wall Street Journal, Eastern edition; New York, N.Y.. 28 Feb 2026: A12.
Komentarų nėra:
Rašyti komentarą