Iraklis Symeonidis
Senior researcher
Contact Iraklis
Accelerating Secure Development with AI-Driven Vulnerability Testing
Detect vulnerabilities and bugs in microservices before they impact performance, security, or your organization’s reputation. MicroSecAI is a concrete and fundamental step towards this direction to produce resilient microservices based applications.
In this year, Center for Cybersecurity at RISE funded project Automated Cybersecurity for Microservices (ACME) focuses on promoting a shift-left approach to cybersecurity. This approach emphasizes integrating security early in the software development lifecycle rather than treating it as an afterthought.
As organizations work to strengthen their security posture, the shift-left approach has become an important practice in modern software development. By addressing security early in the development lifecycle, teams can reduce risk while avoiding the higher costs and complexity of fixing vulnerabilities later.
In this landscape, cybersecurity automation, especially through artificial intelligence, plays a transformative role. AI-driven cybersecurity testing accelerates vulnerability detection, improves accuracy, and reduces manual effort. This enables development teams to identify and mitigate security risks earlier, resulting in more secure, resilient, and trustworthy microservice-based systems.
MicroSecAI
Within this project, our team concentrates on vulnerability test case generation for REST API based microservices, an essential practice for designing scalable, secure, and modular services that can support diverse business needs. ACME project is designed to set out with a vision: to develop MicroSecAI, an AI-powered automated tool designed to generate vulnerability assessment test cases for REST API–based applications. It generates vulnerability specific testcase and property-based test cases.
MicroSecAI combines vulnerability-specific and property-based test cases to deliver comprehensive vulnerability assessment coverage. It is fully compatible with the OpenAPI data model as input and the Postman data model as output. This seamless integration makes MicroSecAI especially practical for software developers, as it aligns with workflows and tools, they already use. Additionally, the project introduces an execution plan based on identified dependencies among API endpoints using a rigorous approach known as dependency graph modelling.
Traditional vulnerability assessment can be labor-intensive and technically complex, often requiring deep security expertise. By integrating AI, MicroSecAI aims to simplify this process dramatically. The solution empowers software developers and cybersecurity engineers to perform more accurate and efficient testing while reducing the risk of human error. Ultimately, this drives the creation of more secure and robust products.
Contributions:
The project’s primary contributes:
- Embedding security earlier in the development lifecycle (shift-left)
- Bringing automation and intelligence to security workflows through AI
- Reducing the complexity & effort of manual vulnerability testing
In addition to advanced testing capabilities, today’s clients demand a secure and trustworthy testing environment. For this reason, the project places strong emphasis on providing robust, secure remote access tools as part of the overall solution.
By combining automation, AI, and secure remote testing, the ACME project represents a step forward in making modern software development both more efficient and secure.
For more information about ACME and designing strategy to shift-left approach, please contact Abdul Ghafoor.
