Security News > 2024 > February > Using AI to reduce false positives in secrets scanners

Identifying and securing these secrets has proven challenging, in part because of high rates of false positives.

AI and ML hold promise in identifying secrets more accurately; our recent research has found they can reduce the rate of false positives by as much as 86%. The article will explore the types of secrets, limitations of current security solutions, and the efficacy of integrating artificial intelligence and machine learning in security tools, allowing cybersecurity leaders to focus on the most critical risks.

Keeping secrets safe involves increasing awareness of development teams, strengthening the security posture of all your SDLC assets, employing strict permissions policies, and using secrets scanners.

Secrets scanners were created to find leaks of such secrets before they reach malicious hands.

The inclination towards relaxed rules to capture more potential secrets results in frequent false positives, leading to alert fatigue among those tasked with addressing these alarms.

Some scanners implement additional rule-based filters to decrease false alerts, like checking if the secret resides in a test file or whether it looks like a code variable, function call, CSS selection, etc.

News URL

https://www.helpnetsecurity.com/2024/02/27/secrets-scanners-false-positives/