Detecting Zero-Day Vulnerabilities in Containers Using Generative AI

Zero-day threats in container bypass traditional scanners - what if AI could catch them first? This talk reveals how to integrate Generative AI with your CI/CD pipeline to detect unknown vulnerabilities in real time and move from reactive defense to predictive container security.

Zero-day vulnerabilities in container images pose silent threats to the organization which are unidentified, unpatched, and often destructive. Existing scanners are only capable of scanning images based on known CVEs, which means that in today’s DevOps pipelines the scanning tooling has an incomplete point of view about the security of the container image. This talk uses a new approach that merges traditional container scanning tools with Generative AI to uncover unknown vulnerabilities, risks, and which we can pursue mature vulnerability attribution.

The session will show how large language models such as GPT can review and aggregate scan results, configurations, and behavioral artifacts in the CI/CD pipeline and Kubernetes deployments to find risky misconfigurations and zero-day risks through the basis of inference. Participants will leave with the knowledge and blueprint on how to add AI to their existing DevSecOps workflows and elevate their security outcome from reactive to predictive.

Whether you’re a DevOps engineer, security practitioner, or looking at AI from the outside, this session will inspire new ideas about how to enforce predictable outcomes for container security in an era of intelligent automation.

I have over 18 years of experience in secure software engineering and cloud-scale architecture and am currently a Principal Software Engineer at Microsoft. For the past ten years, I have led the design and development of Microsoft’s secure software supply chain platform. The platform has been adopted by core products including Azure, Office, and Windows. The proposed talk “Isolated Build Environments for Supply Chain Security: Defending Against Insider Threats” is informed by my experience delivering confidential, tamper-resistant build systems using secure enclaves, ephemeral containers, and attestation workflows. This architecture was effective to eliminate interactive access vectors such as SSH and shell injection which represent a significant risk from a malicious insider threat.

I have also written papers on cloud-native security and confidential computing and helped multiple internal teams transition to this model. I believe I am uniquely qualified to deliver this topic since I built and deployed at scale in one of the most heavily threatened software environments in the world.

There are no special technical requirements for this session. I will be using standard slides, and maybe some diagrams/architectural flows to aid understanding of the concepts. I look forward to sharing practical experiences with the Conf42 audience to harden supply chains against internal threats.