Get AI-generated guides for remediation

AI-generated guides and automatic fixes are only available for vulnerabilities detected via static application security testing (SAST) or secure code review (SCR) in supported languages .

Always review the accuracy of remediation suggestions generated with AI.

Fluid Attacks’ Custom Fix feature provides targeted guidance for addressing specific vulnerabilities in your code. Powered by Claude Sonnet’s AI model, Custom Fix generates detailed, customized remediation guides tailored to the unique challenges each vulnerability represents. Currently, this feature is available in Fluid Attacks’ platform, VS Code extension and Cursor extension.

Below is a simple explanation of how Custom Fix works and how to use it.

How Custom Fix works

Custom Fix’s efficiency stems from its integration with Claude 3.5 Sonnet’s advanced code analysis and generation capabilities. It creates step-by-step guides to remediate security vulnerabilities. To do so, a minimal fragment of the vulnerable code is transmitted to the Claude instance hosted by Amazon Bedrock. Rest assured that your data is handled with the utmost care and in strict accordance with data usage policies . Your code is not used for any other purpose, and is not stored or shared, ensuring the confidentiality and integrity of your intellectual property.

Please take the following notes on guide generation:

Initial generation: The initial generation of a remediation guide for a specific vulnerability may take some time.
Caching for efficiency: To optimize performance, generated guides are cached for future reference. This means subsequent requests for the same vulnerability will be served much faster.
Updating guides: If the vulnerable commit changes, a new guide is automatically generated to reflect the updated code. This process utilizes the code version stored by Fluid Attacks, not your locally stored code. Therefore, if you modify the code, ensure you upload the changes to your repository and synchronize them with the Fluid Attacks vulnerability management platform.

For details on Fluid Attacks’ usage of Claude to generate fixes and data privacy in relation to it, refer to the integrations FAQ .

Use Custom Fix

You can use Custom Fix from the platform or directly from the IDE. Please note that this feature is not available for some vulnerabilities.

To use Custom Fix on the platform, follow these steps:

Access the group where the vulnerability was reported.
In the group’s Vulnerabilities section, select the type of vulnerability in question.
In the Locations section, click on the specific vulnerability you wish to fix.
In the pop-up window, click the fix button (wrench icon). The steps to remediate the vulnerability start appearing in the window.
Carefully review the output before proceeding to fix your code.

To use Custom Fix on VS Code or Cursor, you must have Fluid Attacks’ extension installed . Then, follow these steps:

Click on the Fluid Attacks extension in the IDE’s activity bar and locate the file containing the vulnerability you wish to fix.
Click the wrench icon associated with that file to initiate Custom Fix.

Custom Fix automatically establishes a connection with the Claude AI model. This connection enables the model to analyze the code and generate the necessary fixes. In no time, the step-by-step guide appears on the IDE.
Review Custom Fix’s output and follow the suggestions only after verification that the resulting code is secure.

Fluid Attacks’ GenAI is fed by the Fixes documentation , which supports languages, infrastructure as code (IaC), and configuration files such Android , Azure , CloudFormation , Docker , Docker Compose , Helm , JavaScript , Kotlin , and Terraform.

Search for vulnerabilities in your apps for free with Fluid Attacks’ automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan . If you prefer the Advanced plan, which includes the expertise of Fluid Attacks’ hacking team, fill out this contact form .