The platform analyzes XIoT firmware using large language model capabilities to follow compromised or vulnerable assets back to their source. Credit: Gorodenkoff / Shutterstock Extended internet of things (XIoT) security platform developer NetRise has released its Trace solution, which the company say allows users to identify and validate compromised and vulnerable third-party and proprietary software assets using an AI-powered semantic search. NetRise, based in Austin, Texas, said Trace introduces intent-driven searches to enhance vulnerability detection and validation in firmware and software components of IT, OT, IoT, and other connected cyber-physical systems using large language model (LLM) capabilities. AI helps find code, configuration issues in XIoT devices The platform allows users to search their assets based on the intent or underlying motives or purposes behind code and configurations that can lead to vulnerabilities rather than solely relying on signature-based methods. Users can query the system based on the intent of malicious actors or negligent developers. “Identifying issues in XIoT devices and their components has been an especially challenging problem,” NetRise co-founder and CTO Michael Scott said in a statement. “This product release represents a significant advancement in product security and streamlines the detection and resolution of issues in complex systems. Moreover, it changes how NetRise customers discover and address issues more generally, with AI as a key driver in process enhancements.” The company said Trace’s semantic search capability allows it to capture a wider range of software packages, misconfigurations, or unidentified flaws than conventional methods. The software is designed to highlight affected assets, files, and packages utilizing natural language. It also maps their relationships across the software supply chain without the need for a scanning mechanism to help discover and trace the origin of code and risk back to the originating third-party or proprietary software packages. Supply chain security is a top priority for organizations and security leaders with several high-profile supply chain incidents affecting IT infrastructure in 2023. In March, it was revealed that the 3CX DesktopApp was compromised in a significant supply chain attack that saw a threat actor add an installer that communicated with command-and-control servers. In May, researchers detected suspected backdoor-like behavior within Gigabyte systems posing supply chain risks. In June, details emerged of a critical vulnerability (CVE-2023-34362) in a secure file transfer web application called MOVEit Transfer being exploited by hackers. By 2025, 60% of supply chain risk management leaders plan to use cybersecurity risk as a significant determinant in conducting third-party transactions and business engagements, according to Gartner. Related content news AT&T suffers critical breach impacting 73 million customers Data released on the dark web impacts 7.6 million existing account holders and 65.4 million past subscribers. By Shweta Sharma 01 Apr 2024 4 mins Data Breach feature Recruit for diversity: Practical ways to remove bias from the hiring process Changing the wording on job descriptions and introducing a diverse hiring panel are some of the ways to remove bias when hiring cybersecurity professionals. By Aimee Chanthadavong 01 Apr 2024 8 mins Careers feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff 01 Apr 2024 17 mins Technology Industry IT Skills Events news Top cybersecurity product news of the week New product and service announcements from Bedrock Security, GitGuardian, Legit Security, Nametag, and Cybereason and Observe By CSO staff 29 Mar 2024 70 mins Generative AI Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe