Google publishes 20 new vulnerabilities found by its Big Sleep AI

Google publishes 20 new vulnerabilities found by its Big Sleep AI

Google’s Gemini artificial intelligence-powered Big Sleep system has found further vulnerabilities in popular software, as part of the company’s push towards automated security research.



Vice president of security Heather Adkins outlined a batch of 20 vulnerabilities, all rated as priority two (P2) for fixing urgency, and with low, medium and high impact levels if successfully exploited.

They are in an open source graphics layer engine and popular bitmap converter, a multimedia framework and printer filters, an embeddable JavaScript engine, an extended markup language transformer and the Redis in-memory database.

As the vulnerabilities have been reported to maintainers but not yet fixed, details of the flaws are not made public at this stage.

Google security engineering vice president Royal Hansen said the vulnerabilities were found after a large scale run with the Big Sleep AI.

Developed with the company’s DeepMind AI division using the Gemini large language model (LLM), the Big Sleep agent found and reproduced the bugs without humain intervention.

Last month, Google said Big Sleep had found a critical memory corruption flaw, known only to threat actors. 

Using the AI, security researchers were able to report the bug before it was exploited, foiling the threat actors in question.




Source link