Google’s AI bug finder has found 20 vulnerabilities

Big Sleep is an AI agent based on Google’s language models, which focuses solely on finding and reporting vulnerabilities. Now, the system has found no fewer than twenty vulnerabilities in popular open-source software, Heather Adkins, Google’s vice president of security, announced on X . The vulnerabilities include software such as FFmpeg – focused on audio and video – and ImageMagick, which can be used to edit photos.

The vulnerabilities haven’t yet been fixed, which is why Google isn’t sharing any further details about the vulnerabilities, TechCrunch reports . However, a complete list of the bugs found and the projects they affect has been published.

The results, however, show that tools like these are now starting to deliver results. For now, humans will remain involved, a spokesperson told TechCrunch. “To ensure high-quality and actionable reports, we involved a human expert in the reporting, but every vulnerability was found and reproduced by the AI agent without human intervention.”

Prevent Attack

Big Sleep also made headlines in mid-July. The AI system managed to detect and stop an impending cyberattack before it could happen, reported Vice at the time . Big Sleep discovered a vulnerability in SQLite, which Google described as a “critical vulnerability” known only to cybercriminals and at risk of being exploited. “The combination of threat intelligence and Big Sleep allowed Google to predict that a vulnerability would be exploited imminently and block it before it could occur,” Google said at the time.