Engine 7 of 7

AI Verification Engine

Neural network-powered false positive reduction and intelligent remediation. The final arbiter that makes Bloodhound's output actionable.

Overview

The AI Verification Engine is the final stage of Bloodhound's 7-engine pipeline. It reviews findings from all previous engines, eliminates false positives, calibrates severity scores, and generates actionable remediation guidance.

False Positive Detection

94.7%

Identifies findings that are technically correct but not exploitable in context

Severity Calibration

91.2%

Adjusts severity based on exploitability, data sensitivity, and business impact

Code Context Analysis

89.5%

Understands framework idioms, security patterns, and defensive coding

Remediation Quality

87.3%

Generates fix suggestions that compile, pass tests, and follow best practices

False Positive Reduction

The AI engine understands code context beyond what static analysis can determine. It recognizes patterns that indicate a finding is not exploitable.

JavaScript

1// Example: Pattern engine flags this as "Hardcoded Secret"
2const API_KEY = "sk_test_1234567890";
3
4// AI Engine Analysis:
5// ┌──────────────────────────────────────────────────────────┐
6// │ Finding: Hardcoded API Key                               │
7// │ Engine: Pattern Matching                                 │
8// │ Initial Severity: HIGH                                   │
9// ├──────────────────────────────────────────────────────────┤
10// │ AI Verification:                                         │
11// │                                                          │
12// │ ✓ Key prefix "sk_test_" indicates test/sandbox key       │
13// │ ✓ File location: src/tests/fixtures.ts                   │
14// │ ✓ Git history: Never used in production config           │
15// │ ✓ Pattern matches Stripe test key format                 │
16// │                                                          │
17// │ Verdict: FALSE POSITIVE                                  │
18// │ Reason: Test credential in test fixture file             │
19// │ Action: Suppressed from report                           │
20// └──────────────────────────────────────────────────────────┘
21
22// Another example: This IS flagged as a true positive
23const PROD_API_KEY = "sk_live_abcdef123456";  // 🚨 Real secret!

What AI Considers

•File location and naming (test, mock, fixture)
•Variable naming conventions
•Surrounding code context

•Framework-specific patterns
•Defense mechanisms in scope
•Historical patterns from training data

Severity Calibration

Raw vulnerability scores don't account for real-world exploitability. AI calibrates severity based on multiple contextual factors.

Text

1// Severity Calibration Example
2
3Finding: SQL Injection in searchProducts()
4Base CVSS: 9.8 (Critical)
5
6AI Calibration Factors:
7┌─────────────────────────────────────────────────────────┐
8│ Factor                          │ Impact    │ Score    │
9├─────────────────────────────────────────────────────────┤
10│ Authentication required?        │ Yes       │ -1.5     │
11│ Rate limiting in place?         │ Yes       │ -0.5     │
12│ WAF/input filtering upstream?   │ Partial   │ -0.3     │
13│ Data sensitivity level?         │ Low (SKU) │ -1.0     │
14│ Network exposure?               │ Internal  │ -1.5     │
15│ Exploit complexity?             │ Medium    │ -0.2     │
16└─────────────────────────────────────────────────────────┘
17
18Calibrated Score: 9.8 - 5.0 = 4.8 (Medium)
19
20Rationale:
21"While technically a SQL injection, this endpoint requires
22authentication, is rate-limited, only exposes non-sensitive
23product data, and is not reachable from the public internet.
24Recommend fixing in next sprint rather than emergency patch."

Remediation Guidance

AI generates context-aware fix suggestions that understand your codebase's patterns and dependencies.

TypeScript

1// Original vulnerable code
2app.get('/user/:id', (req, res) => {
3  const query = `SELECT * FROM users WHERE id = '${req.params.id}'`;
4  db.query(query, (err, result) => {
5    res.json(result);
6  });
7});
8
9// AI-Generated Fix (tailored to your codebase)
10//
11// Analysis: Your codebase uses mysql2 with promise wrapper
12// and follows repository pattern. Generating compatible fix:
13
14import { userRepository } from '../repositories/user';
15import { validateId } from '../validators/common';
16
17app.get('/user/:id', async (req, res, next) => {
18  try {
19    const id = validateId(req.params.id);  // Added: Input validation
20    const user = await userRepository.findById(id);  // Uses parameterized query
21
22    if (!user) {
23      return res.status(404).json({ error: 'User not found' });
24    }
25
26    res.json(user);
27  } catch (error) {
28    next(error);  // Uses your existing error handler
29  }
30});
31
32// Note: This fix also adds error handling and 404 response
33// which were missing in the original code.

One-Click Fixes

In VS Code, click "Apply Fix" to automatically apply AI-generated remediations. Changes are staged for your review before committing.

Training & Privacy

The AI model is trained on public vulnerability databases and open source code. Your private code is never used for training.

Data Handling

✓

Local Processing

VS Code extension runs AI inference locally. Your code never leaves your machine.

✓

No Training on Private Code

Models are trained only on public datasets. Customer code is never used.

✓

Enterprise Air-Gap

Enterprise customers can run fully offline with on-premises model hosting.

Accuracy Metrics

Metric	Before AI	After AI	Improvement
True Positive Rate	76%	94.7%	+18.7%
False Positive Rate	24%	5.3%	-18.7%
Severity Accuracy	68%	91.2%	+23.2%
Developer Trust	41%	89%	+48%

All 7 Engines Complete

The AI Engine is the final stage of the pipeline. Results are now ready for display in the VS Code extension or CLI report output.