Enhanced Security Scanning with Improved AI Alert Defaults

Roughly a year ago, we publicly announced Socket AI. Socket AI powers our internal threat feed, scrutinizing software packages for security issues and malware, both by tracking package registry feeds and conducting on-demand checks, like when a new dependency gets added to a Socket-protected project or when someone looks up a package on https://socket.dev.

Since launching, Socket AI has scanned hundreds of thousands of packages, uncovering tens of thousands of new vulnerabilities, anomalies, and malware instances.

Harnessing Large Language Models (LLMs), Socket AI automatically examines npm, PyPI, and Go packages for vulnerabilities. Detected threats undergo further investigation by our security researchers to confirm their nature or identify them as false positives.

Even without opting into AI alerts through your Socket organization's 'Security Policy,' as a Socket user, you've likely benefited from our AI scanner's findings after human verification.

However, a key advantage of AI is its ability for just-in-time code scanning and review, swiftly detecting supply chain attacks and malware campaigns soon after they are released, far outpacing traditional methods.

After a year of refining our system and processes, we're excited to update the default AI settings for organizations using Socket.

The system currently produces alerts of the following three types:

• AI detected potential malware
• AI detected security risk
• AI detected anomaly

Moving forward, the “AI detected potential malware” alert will be enabled by default per the default organization-wide security policy.

AI detected security risk and AI detected anomaly are configured to be ignored. The latter alert flags low-risk code anomalies in packages that are unusual and may pose a security risk. While a little noisy, it can still be informative to browse through what it flags even if you decide to leave them disabled as recommended.

Our revamped project reports and the Organization Alerts page on your organization dashboard provide a convenient means to browse and filter all existing alerts for your dependencies.

Customize alert settings to fit your needs on your organization's 'Security Policy' page. To opt-out of any pure AI alerts and only receive alerts on your PRs after they have undergone human review, just make sure to that all three alert types listed above are set to 'Ignore'.

We are thrilled for this broader roll-out of our AI-powered threat detection and cannot wait to share more on what we have been working on over the last months. Stay tuned for more updates!