GMO Flatt Security Releases New Black Box Diagnosis Functionality for Takumi byGMO

GMO Flatt Security Enhances Takumi byGMO with Black Box Testing

GMO Flatt Security, under its mission to support engineers, has officially rolled out its new black box diagnosis feature for the AI security assessment agent, Takumi byGMO, on November 12, 2025. This functionality allows users to conduct dynamic application security testing (DAST) without requiring additional fees or changes in their current plans. Previously, users mainly benefitted from the white box diagnosis feature, which leverages source code analysis to reveal vulnerabilities. The newly introduced methodology enables a complementary approach, allowing users to fortify their applications even further with a dual-testing strategy.

What is Takumi byGMO?

Takumi byGMO is a specialized AI agent designed by GMO Flatt Security. It harnesses the power of AI to significantly enhance vulnerability detection, allowing the identification of vulnerabilities that traditional automated tools often miss. The efficacy of Takumi has already been validated with over ten zero-day vulnerabilities reported in renowned open-source software, including Vim and Next.js.

Black Box vs. White Box Testing

To understand the significance of the new feature, we need to distinguish between black box and white box testing:

- Black Box Testing: This method involves simulating attacks on the system to discover vulnerabilities. Since it does not rely on internal information, it may be less comprehensive than white box testing; however, it is particularly adept at identifying vulnerabilities that can be exploited in real-world environments.

- White Box Testing: This technique analyzes the source code of the application. While it offers a thorough risk assessment due to its access to internal data, it often concludes on theoretical vulnerabilities without practical confirmation of their exploitability.

Both testing methods are complementary, and their combined use is recommended for optimal security assessments. GMO Flatt Security integrates both methods in its vulnerability assessments, analyzing both source code and demo environments to enhance accuracy and comprehensiveness.

The Need for Black Box Diagnostics

As AI technologies rapidly advance, so too do the means of potential malicious exploitation. The introduction of the black box diagnosis feature is strategically significant in this landscape. By identifying risks through simulated attacks, it helps developers prioritize vulnerabilities likely to be targeted by AI-driven attackers. Furthermore, the new feature serves as a robust complement to the already potent white box capabilities of Takumi byGMO, setting it apart as an unparalleled service in the security diagnosis market.

Performance of the Black Box Feature

In tests conducted with a demo application embedded with vulnerabilities by GMO Flatt Security, the black box diagnosis achieved a detection rate of 48% over approximately 20 hours of scanning, with a false positive rate of 33.3%. Notably, when excluding vulnerabilities that solely require code analysis, the detection rate rose to an impressive 70%. The findings also revealed vulnerabilities linked to application logic, which traditional automated tools typically fail to detect.

User-Friendly Interface and Automated Diagnosis

One of the standout features of the black box diagnosis is its user-friendly interface. Users need only to input the demo environment URL and necessary login credentials to initiate the diagnosis. Unlike previous DAST tools that required exhaustive preparation, this new functionality simplifies the setup process, making it accessible to all users—regardless of their technical expertise.

Additionally, the black box diagnosis includes features such as the ability to re-diagnose after vulnerability remediation, which allows for efficient and focused checks on specific aspects of the application, saving time and costs.

Glowing User Feedback

Pre-launch testing of the black box feature garnered positive feedback from users, who praised its ease of use and comprehensive reporting capabilities. For instance, game production companies completed tests, highlighting the utility of AI-driven assessments as a way to systematically enhance security from development to operational phases.

Looking Ahead: Integrating Testing Methods

The future of Takumi byGMO aims at integrating black and white box nursing into a unified gray box testing framework. This combined approach intends to address the drawbacks of each individual method while maximizing their benefits, striving for higher detection rates and reduced false positives.

In a world where cyber threats are evolving, finding and addressing critical vulnerabilities before they can be exploited is paramount. Continuing its commitment to safeguarding software developers, GMO Flatt Security remains dedicated to the development of Takumi byGMO as a comprehensive security solution that lets engineers focus on advancing their projects with peace of mind.

About GMO Flatt Security

GMO Flatt Security is a pioneering security professional firm headquartered in Japan, committed to supporting the digital transformation (DX) and software development security across various industries. It leverages deep engagement with users to provide tailored security services, ensuring that organizations can navigate the complexities of cybersecurity effectively.

For more information about Takumi byGMO and other services, visit GMO Flatt Security.