Google’s AI tool, Big Sleep, has successfully identified a critical vulnerability, CVE-2025-6965, today. Originating from research by Google Project Zero and Google DeepMind, Big Sleep uses large language models to uncover unknown security flaws. This specific vulnerability was known only to threat actors and targeted SQLite, a widely-used open-source database engine. Google claimed this is the first instance of an AI being utilized to thwart real-time exploits. The threat intelligence group detected signs that hackers were preparing to use the flaw but couldn’t pinpoint it until Big Sleep isolated it. Since its launch in November, Big Sleep has exceeded expectations by identifying multiple real-world vulnerabilities. Google emphasizes the potential of AI agents like Big Sleep to enhance security by allowing teams to concentrate on complex threats. A white paper detailing their AI’s development highlights privacy safeguards and operational transparency. The U.S. Defense Department plans to announce AI competition winners next month to secure critical code systems.
Source link
