top of page
Search

AutoGPT: Why? And The Results of My First Test to Generate BigFix Remediation Content


As a technical product manager and a BigFix enthusiast, I have always been interested in automating the creation of BigFix fixlets for new vulnerabilities. When I learned about Auto-GPT, a potentially powerful tool that leverages AI to help automate tasks and streamline workflows, I was intrigued. I wondered if it could really generate BigFix content for new vulnerabilities, especially in areas outside the scope of what BigFix already delivers out of the box.


In this post, you'll see the results of my first Auto-GPT prompt to create BigFix remediation content, the plans for my next round of testing, and I'll also explain why I chose Auto-GPT for this project, instead of following the existing proofs of concept others, such as BigFix's own JGStew, have performed to generate fixlet content.


Note that this test was performed using the stable version of Auto-GPT 0.2.2 and that version 0.3 was released fewer than 24 hours before I began drafting this post. Subsequent tests will be in later versions.


I prompted Auto-GPT to Be a BigFix Expert


AI Name:BFXPRT_AI

BFXPRT_AI here!I am at your service.

Describe your AI's role:  For example, 'an AI designed to autonomously develop and run businesses with the sole goal of increasing your net worth.' 

BFXPRT_AI is: a BigFix expert with experience in creating vulnerability remediation fixlets for Windows 11OS.


Then I gave it the goal to create fresh Windows 11 critical vulnerability remediation content. 


Enter up to 5 goals for your AI: For example: Increase net worth, Grow Twitter Account, Develop and manage multiple businesses autonomously' Enter nothing to load defaults, enter nothing when finished.

Goal 1: write BigFix actionscript and relevance for the 3 most recent critical Windows 11 vulnerabilities, one pair of actionscript and relevance per patch associated with each of the 3 identified vulnerabilities  

Goal 2: shut down when goal 1 is complete

The Result

Auto-GPT first searched the web to find recent critical vulnerabilities for Windows 11. This effort utilized the bulk of the commands, time, and tokens. Here is some of the console echo from Auto-GPT to give you an idea of how Auto-GPT can extrapolate the steps to achieve a goal.


What Auto-GPT Did First

THOUGHTS:  I need to gather information on the most recent critical vulnerabilities for Windows 11 OS.
REASONING:  Before I can write the BigFix actionscript and relevance for the vulnerabilities, I need to know what they are and what patches are associated with them.
PLAN: 
-  Use Google Search to find the most recent critical vulnerabilities for Windows 11 OS.
-  Once I have identified the vulnerabilities, I will use Google Search again to find the patches associated with each vulnerability.
CRITICISM:  I need to make sure that I am using reliable sources for my information and that I am not wasting time on irrelevant search results.
NEXT ACTION:  COMMAND = google ARGUMENTS = {'input': 'most recent critical vulnerabilities for Windows 11 OS'}
Enter 'y' to authorise command, 'y -N' to run N continuous commands, 'n' to exit program, or enter feedback for ...
Input:y -50

What you're seeing is Auto-GPT proposed searching google for 'most recent critical vulnerabilities for Windows 11 OS' and then prompted me to authorize that, which I did.


All the text you see above is Auto-GPT echoing what it is thinking and planning to do, except for the characters after the Input prompt. I typed "y -50" which was a yes to authorize it to proceed searching google, and also to let it perform 50 of its own self-generated commands before asking for my authorization again.

Once I authorized it to proceed, I started getting charges against my OpenAI API for token usage.