Big Sleep, developed by DeepMind and Project Zero, is Google’s AI-driven bug hunter that recently identified its first set of security vulnerabilities in notable open-source software, including the FFmpeg audio/video library and the ImageMagick editing suite. Each vulnerability was independently discovered and reproduced by Big Sleep, confirmed by Google spokesperson Kimberly Samra. Royal Hansen, VP of Engineering at Google, emphasized the importance of this advancement in automated vulnerability discovery on X. While Big Sleep leads the charge, other AI tools like RunSybil and XBOW are also in the race, with XBOW achieving recognition on the HackerOne bug bounty leaderboard. However, concerns about AI-generated reports have emerged, with some developers labeling them as “AI slop” due to inaccuracies. This highlights a significant challenge in ensuring the reliability of AI-powered bug hunters, underscoring the need for human verification in the process.
Source link
Share
Read more