Latest news with #KevinSurace
Business Wire
6 days ago
- Business
- Business Wire
Appvance Granted Seminal U.S. Patent Enabling Fully Autonomous Test Script Generation from Natural Language
SANTA CLARA, Calif.--(BUSINESS WIRE)-- Appvance, the leader in AI-driven software test automation, today announced the issuance of U.S. Patent No. 12,353,317 for 'Methods for Creating Test Scripts and/or Updating a Model of an Application.' This foundational patent cements Appvance's leadership in the field of generative AI for software testing and directly underpins the company's GENI™ technology—the only system in the world that fully automates test script creation from English test cases, without human intervention. Appvance, the leader in AI-driven software test automation, today announced the issuance of U.S. Patent No. 12,353,317 for 'Methods for Creating Test Scripts and/or Updating a Model of an Application.' This patent describes how Appvance's AI leverages a dynamic Digital Twin —referred to in the patent as a 'blueprint'—alongside one or more transformer-based large language models (LLMs), to convert manual test cases into fully executable automation scripts. The system continuously updates its model of the application and autonomously generates test scripts by mapping natural language steps to real interactions in the application. It even processes visual input via image recognition to match UI elements intelligently, allowing test cases to include text, images, or both. 'The era of record-and-play is over,' said Kevin Surace, CEO of Appvance and lead inventor on the patent. 'With this patent, the industry now has a blueprint—literally and legally—for how AI can truly replace manual scripting and maintenance and obsolete all recorders. It's a monumental step forward not just for Appvance, but for the entire QA and DevOps landscape.' Appvance's GENI engine, which implements this patented technology, is already in use across major enterprises, converting thousands of legacy test cases per day and enabling 90%+ reductions in labor cost and test cycle time. Unlike 'AI-washed' tools that simply assist humans or automate UI element recognition, GENI performs full script generation autonomously, with no recorders, no script editing, and no test logic authoring required. This patent sets a new industry benchmark and affirms that Appvance's technology is not just ahead of the curve—it is the curve. For enterprises seeking to reduce cost, accelerate delivery, and improve coverage, GENI powered by this newly patented invention is the only path forward. For more information, please visit and join the conversation on LinkedIn, X and Facebook. About Appvance: Appvance is the leader in generative AI for Software Quality. For the past decade, its flagship product AIQ has led the industry as an AI-first, unified software quality platform that delivers unprecedented levels of productivity to accelerate digital transformation in the enterprise. GENI ushers in a new era for Appvance and its customers – harnessing the power of AIQ to deliver fully autonomous AI-first software Quality Assurance and Testing. Leveraging generative AI and machine learning, AIQ can validate all likely user flows as well as generate new test cases and scripts from existing test cases to achieve complete application coverage™.
Business Wire
23-06-2025
- Business
- Business Wire
The Aflac Breach Was Preventable — Token's Technology Proves It
ROCHESTER, N.Y.--(BUSINESS WIRE)-- Token, a revolutionary provider of secure, biometric identity protection solutions, announced that its technology is the industry's only available solution that could have prevented the serious data breach that Aflac confirmed on June 20, 2025. The Alflac breach possibly exposed customers' Social Security numbers, insurance claims, and personal health information and is considered to be the biggest breach in a growing wave of cyberattacks targeting the insurance industry. 'With billions in revenue and millions of customers, Aflac now joins a troubling list,' said Kevin Surace, Chair, Token. 'Erie Insurance and Philadelphia Insurance Companies were also hit this month, with major IT disruptions affecting customer services.' Share 'With billions in revenue and millions of customers, Aflac now joins a troubling list,' said Kevin Surace, Chair, Token. 'Erie Insurance and Philadelphia Insurance Companies were also hit this month, with major IT disruptions affecting customer services.' According to industry experts, sources close to the investigation say all signs point to Scattered Spider —a fast-moving, aggressive cybercrime group that's quickly becoming a top threat. The breach method relies on (and expects) legacy multi-factor authentication (MFA) — where SMS codes can be intercepted or relayed, and users can be tricked into approving authenticator app prompts during real-time phishing. These methods are easily manipulated and no longer offer protection. This type of hack requires little to no technical ability, and almost anyone who can create a simple spoofed webpage can execute this hack in minutes, leaving every company fully exposed today. Token Ring and Token BioStick leverage a combination of biometric ID (fingerprint) and proximity (using encrypted Bluetooth) to the specific device logging in to the actual registered application. Token stores a unique private key per site, secured by fingerprint. During login, it signs a one-time challenge from the real site's FIDO2 server, which verifies the signature and origin. If the origin doesn't match, the login is rejected — blocking phishing and spoofing outright. This stops real-time phishing because every credential is cryptographically locked to the exact web origin it was created for, and the authenticator will only sign a challenge that (a) comes from that origin and (b) is confirmed by a live fingerprint-match. A phisher can steal nothing re-usable and cannot trick the token into signing for the wrong site. If Aflac employees were using a Token product, the hack could not have occurred. Why the 'real-time relay' trick fails 1. User originally registered a Token device with the true site a. during the registration with the true site, public/private cryptographic key pair is negotiated which is required and validated during every subsequent passkey operation from that device to that site b. the serving site retains the public key which is used for further trusted communications with the private key on the device 2. Hacker pushes a phishing email to the victim. 3. Victim opens the phish page. The page's origin is 4. A sophisticated Phish page could potentially ask for Authentication for the true site not Browser passes rpIdHash = SHA-256(" to the token. Token Ring has no key for that hash ⇒ authentication fails. 5. Even if the Browser passes the true page name to the Token FIDO2 authenticator, the attacker's domain does not possess the cryptographic credentials for the true page to complete the authentication process with the private key on the device 6. Token Device has no identity for the incorrectly cyphered request ⇒ authentication fails - technically doesn't occur If the attacker tries to be very clever and relay the legitimate site's WebAuthn challenge through its proxy: The challenge was generated for the browser at the phish site still reports its own origin, so the signature the authenticator creates cannot be validated by the real server (rpIdHash mismatch). Expand Summary: Because Token products store a negotiated key pair per site and will only release a signature when: The site matches the domain the user is really visiting, and the domain has the secret key pair which matches the initial device registration, and The fingerprint sensor verifies the legitimate user. A remote adversary has no path to 'spoof the key' or 'forward the signature' the way they can with OTP codes or push-approval apps. Implemented correctly, FIDO2 offers true phishing-resistant MFA — and that's what makes biometric Token products orders of magnitude safer than legacy MFA. The fastest, most effective way to lock down your data and networks is to roll out Token Ring or Token BioStick across your workforce. Even if an employee falls for a phishing email, hackers still hit a dead end. Why? Because legacy MFA — like SMS codes and authenticator apps — is laughably easy to bypass. Hackers relay codes, spoof app prompts, and trick users every day. But Token's biometric FIDO2 authentication and proximity controls make that impossible. Credentials never leave the device, can't be replayed, and only work with a live fingerprint match and the right domain next to the actual device logging in. It's the difference between a padlock and a vault. About Token In a world of stolen identities and compromised user credentials, Token is changing the way our customers secure their organizations by providing passwordless, biometric, multifactor authentication. We deliver the next generation of multifactor authentication that is invulnerable to social engineering, malware, and tampering for organizations where breaches, data loss, and ransomware must be prevented. To learn more, visit
