AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent

GitHub Security Lab has been leveraging large language models (LLMs) to improve the process of triaging security alerts, which is often repetitive and prone to false positives. Utilizing the GitHub Security Lab Taskflow Agent AI framework, they have created taskflows that break down the triage process into smaller, precise tasks, allowing LLMs to efficiently identify real vulnerabilities while minimizing false positives. The taskflows involve stages of information collection, auditing, and report generation, which are meticulously designed to handle complex tasks that are challenging for traditional programming methods. By storing task results in a database and creating reusable components, the lab can efficiently rerun taskflows and apply tweaks across different scenarios. This approach has successfully uncovered approximately 30 real-world vulnerabilities from CodeQL alerts since August. The taskflows are open source, enabling others to develop similar automated workflows for security research, although the lab advises careful review of generated outputs and consideration of resource quotas when running these taskflows on external repositories.