Checkmarx CheckAI GPT
CheckAI GPT is an innovative GPT, the industry’s pioneer in guarding against potential attacks within ChatGPT-generated code. The plugin enables developers and security teams to detect and prevent attacks caused by malicious open-source packages and dependencies, while working within the ChatGPT interface.
The video below provides a visual walkthrough of the outlined procedures:
Getting started
To get started, activate the CheckAI GPT within your ChatGPT account as described below:
Access GPT Store and search for
CheckAI
. The CheckAI tile is displayed.Click on the GPT name to open the CheckAI GPT page.
Click on Try CheckAI.
You can also access CheckAI GPT directly via this link.
Scanning GPT generated code with CheckAI
Once you've successfully activated the CheckAI GPT, continue your interaction with GPT as usual.
Upon detecting GPT-generated code, the CheckAI GPT will automatically initiate a scan of the generated code.
Note
If GPT prompts you to validate the code, answer yes.
There are three possible outcomes:
Valid: The generated code does not have any open-source issues.
Suspicious: The generated code includes a suspicious package, posing a potential risk of hallucination attacks.
Malicious: The generated code includes a package recognized as malicious.
If the SCA APIs identify a package with a known security vulnerability or issue, the CheckAI GTP may propose version pinning to the latest known secure version to address these concerns.
If the generated code includes a package with a restricted license, such as GPL, the GPT will alert you about the licensing issue. However, if the package has a permissive license, like MIT, the GPT will not present any specific license information.