• AI-DevAssist: AI-supported, secure software development

    achelos improves software development in safety-relevant industrial projects

Digitisation is increasingly finding its way into all areas of life. The escalating number of critical vulnerabilities in software development represents a significant security threat. This project explores ways to use artificial intelligence (AI) to detect vulnerabilities in software code and prevent cyber attacks. The total volume of the project is EUR 2.24 million, including the project partners’ own funds.

Logo German Federal Ministry for Education and Researc


AI-assisted, secure software development


Project duration

01/2021 - 12/2023


Project partners

Fraunhofer IEM, Paderborn
Rheinische Friedrich Wilhelms University of Bonn
University of Paderborn
achelos, Paderborn


Project coordinator

Code Intelligence GmbH, Bonn


Project contribution by achelos (sub-project)

Benchmark creation and evaluation support in the field of secure software development based on artificial intelligence (AI)


Project volume

€2.24 million (82% of which is funded by the Federal Ministry of Education and Research (BMBF))


Project sponsor

VDI/VDE Innovation + Technik GmbH


Project website

AI-assisted secure software development AI-DevAssist


Developing secure and reliable software is still a major and unresolved challenge. Despite efforts to contain them, the number of critical vulnerabilities is on the rise, as demonstrated by the upward trend in CVE (Common Vulnerabilities and Exposures (1)) from 2006 to 2018. An analysis conducted by Microsoft Research suggests that developers are still making many of the same mistakes they were 20 years ago (2). The aim of this project is to explore AI-assisted vulnerability detection methods and develop demonstrators that enable developers to build software more easily and securely.

To be more specific, the objective is to advance the state-of-the-art in security analysis, using Java as a model. Methods of artificial intelligence are being created that expand on existing static and fuzzing analysis tools, while also providing a direct line of interaction between the AI and the software developers. Fuzzing, a dynamic software analysis method, already integrates basic machine learning techniques. 

AI-DevAssist aims to accomplish this goal by pooling the knowledge of top-tier expert teams worldwide across the research domains of artificial intelligence, secure software engineering, and usable security. Usable security primarily deals with the human element in security and explores how technology can aid individuals in creating secure software. The strategy employed by AI-DevAssist involves creating AI components designed to identify software errors. AI-DevAssist adopts groundbreaking techniques in Secure Software Engineering, notably automated code analysis, to build an AI assistant adept at identifying vulnerabilities by leveraging semantic program characteristics. Furthermore, research is being conducted to explore and develop methods for interactions between AI systems and software developers, with the goal of improving knowledge transfer between developers and security tools.

Vulnerabilities 2006–2018 | Source: Matt Miller – BlueHat IL 2019

achelos sets creates a benchmark and facilitates the evaluation of secure software development powered by Artificial Intelligence (AI)

The overarching goal of the achelos sub-project is to outline requirements for the analysis software, establish a benchmark, and evaluate the solutions developed within the project. Building on its extensive track record in developing security-sensitive software for industrial projects, achelos brings this expertise to the table.

Main task: to create the benchmark

achelos exploits weaknesses from known benchmarks and supplements these with vulnerabilities that current tools cannot detect. The benchmark will be integrated into a training and evaluation infrastructure by achelos, facilitating continuous assessment of the solutions developed within the project. The achelos development team, with its background in industrial security projects, will play a key role in evaluating the human-AI interface.

achelos has a long-standing track record in providing consulting, development and testing solutions for software in safety-critical domains. The achelos portfolio includes automated test suites for secure network protocols, certificate security and high-secure components. Our test suites are used specifically for the acceptance of products that have to be certified according to Common Criteria. Secure implementation and vulnerability assessment are key criteria for certification at a designated Evaluation Assurance Level (EAL) – Level (EAL 1–7). achelos’ skill set in test suite development is instrumental in designing and developing the benchmark.

In the it’s OWL transfer project ‘Integration of CogniCrypt, achelos gained practical insights into static code analysis using the CogniCrypt tool. CogniCrypt was integrated into achelos’ continuous integration environment and embedded as a plug-in into the Eclipse software development environment, with additional rules applied to the BouncyCastle cryptographic library.

In addition, achelos is engaged in the BMBF project AutoSCA, collaborating with project partners to automate the analysis and prevention of side-channel attacks targeting cryptographic protocols for the first time. To this end, achelos is collaborating with cryptographers and machine learning experts from various disciplines. Through this collaboration, they aim to deepen their understanding of machine learning principles and apply appropriate machine learning methods to identify further cryptographic vulnerabilities through their test suites for secure network protocols.

(1) cve.mitre.org (2) Matt Miller. Trends, Challenges, and Strategic Shifts in the Software Vulnerability Mitigation Landscape. In BlueHat IL, 2019.

achelos leverages its expertise in developing security-relevant software.

Any questions? Your contact person for queries in this field is:

Dr. Claudia Priesterjahn

Team Lead Research & Secure Communication Development

claudia.priesterjahn@achelos.de +49 5251 14212-0