Google’s AI tool, Big Sleep, has identified 20 security vulnerabilities in popular open-source software, marking a significant step in its AI-enabled cybersecurity initiative. Announced by Heather Adkins, Google’s VP of Security, via X (formerly Twitter), Big Sleep was developed in collaboration with Google DeepMind and Project Zero. It analyzed systems like FFmpeg and ImageMagick, widely used for multimedia processing, confirming vulnerabilities independently before human verification. Big Sleep simulates malicious user behavior to scan for weak points while adapting its methods over time. Although it enhances routine testing speed, Google emphasizes that this AI tool supports rather than replaces human security analysts, allowing them to focus on strategic decisions. While AI in bug hunting presents challenges, like potential inaccuracies in reports—termed “AI slop”—experts like Vlad Ionescu endorse Big Sleep’s reliability. Other AI tools, such as RunSybil and XBOW, also contribute to evolving vulnerability discovery processes.
Source link
