,Google's AI-based bug hunter, Big Sleep, recently revealed its first batch of 20 security vulnerabilities in open-source software. Operating independently, Big Sleep scanned codebases and replicated exploits across projects like FFmpeg and ImageMagick.
A human-in-the-loop review procedure confirmed each report before disclosure, reflecting Google's commitment to efficiency and precision. Full technical descriptions are withheld until developers patch the flaws, following a typical responsible-disclosure protocol.
The project, developed by DeepMind and Google's Project Zero team, underscores new strength in automated vulnerability research. Royal Hansen called it 'a new frontier in automated vulnerability discovery,' emphasising AI's growing role in cybersecurity.
Big Sleep adds to a growing roster of AI-driven tools, including RunSybil and XBOW, yet stands out for combining top-tier talent with robust tooling. Industry figures like RunSybil's cofounder hail it as a well-designed, credible platform.
