A German software testing startup claims it has developed the world’s first autonomous artificial intelligence-powered ‘test agent’ that is able to find bugs and vulnerabilities in unknown coding.
Bonn, Germany-based Code Intelligence shared that it plans to launch – on January 28 – its new platform, called Spark, which is being presented as “the first AI agent of its kind to identify a real-world vulnerability within a popular open-source software by automatically creating and running a test.”
The firm’s chief executive, Eric Brueggemann, went on to say that the solution has the capability to automate the software testing process fully. It not merely identifies bugs, but also aims to “remediate” them by fixing the broken code.
As a result, Spark is capable of reducing the barrier to entry for developers looking to employ advanced security testing techniques, such as white-box fuzz testing, which traditionally rely on human expertise, Brueggemann claimed.
He disclosed that beta tests showed that Spark can save up to 1,000 hours of manual effort on average when testing a codebase with 100,000 lines of code.
Brueggemann said test cases proved the ability of AI to aid humans in tasks that require significant expertise.
“AI can effectively take over manual tasks in software testing, such as analysing code, identifying the most likely attack vectors, generating and running tests, and can thereby yield great results,” he explained.
Brueggemann does not stop there: he said his firm intends to go a step further by teaching Spark to fix any of the bugs it uncovers automatically, thereby, to some degree, automating the entire software testing process and completing within just a few minutes.
“Humans will continue to make the final decisions,” he did stress, adding “we will provide automatically generated pull requests with a proven fix for identified vulnerabilities.”

Asked to scrutinise the new platform, Holger Mueller, who works for Constellation Research, pointed out that Code Intelligence is building on the autonomous capabilities of AI agents by giving them smart capabilities that are required to identify tasks that need to be completed by themselves.
“Code testing has long been a tedious and time-consuming task and this segment of the software market has traditionally also been under-funded, resulting in lower quality software that’s littered with bugs,” Mueller explained.
“As a sub discipline within software testing, fuzz testing has been underutilized as it requires the creation of numerous tests for each piece of software,” he continued.
“That makes it an ideal use case for generative AI, and it’s good to see this innovation, which has the potential to transform software development practices.”
“This segment of the software market has traditionally been under-funded.”
– Holger Mueller
To showcase the capabilities of Spark, the company used it to scan WolfSSL, an open-source cryptography library that is mostly used for embedded applications and is widely used within the financial services space, particularly the insurance sector.
Brueggemann said the platform first analysed WolfSSL’s codebase, after which it created a host of relevant test cases before carrying out several tests.
“It was able to spot a vulnerability that is known in the industry as a ‘heap-based use-after-free’,” he said.
“This can cause unexpected behaviour and system failures and has the potential to be used for security exploits.”
Brueggemann claimed his firm shared the bug with WolfSSL’s team, which went on to issue a warning and update in December of last year. Spark will be formally launched on January 28.
IN A FEW WEEKS

DON’T MISS

QA FINANCIAL FORUM LONDON: RECAP
In September of last year, QA Financial held the London conference of the QA Financial Forum, a global series of conference and networking meetings for software risk managers.
The agenda was designed to meet the needs of software testers working for banks and other financial firms working in regulated, complex markets.
Please check our special post-conference flipbook by clicking here.
READ MORE
- Automation is rapidly taking hold of banks’ QA strategies
- ‘Let’s redefine what quality assurance means’, says QA Mentor CEO
- Deep Dive: why do most AI testing projects fail to scale?
- Leapwork co-founder warns ‘AI is not in a state we can rely on’
- Ozone API eyes Australian banks with ProductCloud deal
Become a QA Financial subscriber – for FREE
* Receive our weekly newsletter * Priority invitations to our Forum events