Google’s Gemini artificial intelligence-powered Big Sleep system has found further vulnerabilities in popular software, as part of the company’s push towards automated security research.
Vice president of security Heather Adkins outlined a batch of 20 vulnerabilities, all rated as priority two (P2) for fixing urgency, and with low, medium and high impact levels if successfully exploited.
They are in an open source graphics layer engine and popular bitmap converter, a multimedia framework and printer filters, an embeddable JavaScript engine, an extended markup language transformer and the Redis in-memory database.
As the vulnerabilities have been reported to maintainers but not yet fixed, details of the flaws are not made public at this stage.
Google security engineering vice president Royal Hansen said the vulnerabilities were found after a large scale run with the Big Sleep AI.
Initial results from a large scale run of @Google Big Sleep are here!Our AI agent found a series of vulnerabilities in widely used & reviewed software,demonstrating a new frontier in automated vulnerability discovery.Full details once the issues are fixed: https://t.co/9OIAffoatb
— Royal Hansen (@royalhansen) August 4, 2025
Developed with the company’s DeepMind AI division using the Gemini large language model (LLM), the Big Sleep agent found and reproduced the bugs without humain intervention.
Last month, Google said Big Sleep had found a critical memory corruption flaw, known only to threat actors.
Using the AI, security researchers were able to report the bug before it was exploited, foiling the threat actors in question.
