Google’s AI ‘Big Sleep’ Detects Critical SQLite 0-Day, Halts Ongoing Attacks

Google’s artificial intelligence agent “Big Sleep” has made cybersecurity history by discovering and stopping the exploitation of a critical zero-day vulnerability in SQLite, marking the first time an AI system has directly foiled real-world cyberattacks.

The AI agent, developed by Google DeepMind and Project Zero, identified the SQLite vulnerability (CVE-2025-6965) based on threat intelligence indicating imminent exploitation attempts, allowing Google to coordinate patches before widespread attacks could occur.

AI Agents Give Defenders the Upper Hand

Big Sleep represents a breakthrough in autonomous vulnerability discovery, actively searching software for unknown security flaws without human intervention.

Since its November 2024 debut when it found its first real-world vulnerability, the AI agent has exceeded expectations by discovering multiple critical security issues in widely-used software.

The SQLite discovery proves particularly significant because the vulnerability was known only to threat actors and was actively being prepared for exploitation.

The AI system combines threat intelligence with advanced code analysis to predict vulnerabilities before they’re weaponized.

By analyzing obfuscated payloads detected in the wild, Big Sleep can reverse-engineer attack patterns and identify the underlying software flaws targeted by cybercriminals.

This proactive approach represents a fundamental shift from reactive security patching to predictive threat prevention.

Google emphasizes that Big Sleep operates with robust safety guardrails and human oversight. Every vulnerability discovery undergoes validation by Project Zero analysts before disclosure, ensuring responsible reporting while maintaining rapid response capabilities.

The SQLite case compressed the entire vulnerability lifecycle from detection to patch deployment into just 48 hours.

Next-Generation Security Platform Integration

Beyond standalone vulnerability discovery, Google is integrating AI capabilities across its security infrastructure.

The company is extending Timesketch, its open-source digital forensics platform, with “Sec-Gemini” AI capabilities that automatically perform initial forensic investigations, drastically reducing incident response times while allowing analysts to focus on complex threats.

Google will also demonstrate FACADE, an AI-based insider threat detection system that has been protecting Google’s internal systems since 2018.

Using contrastive learning, FACADE processes billions of daily security events to identify internal threats without requiring historical attack data, showcasing AI’s potential for large-scale security monitoring.

Recognizing that cybersecurity requires collective action, Google is expanding collaborative efforts through the Coalition for Secure AI (CoSAI) and partnerships with DARPA’s AI Cyber Challenge.

The company is contributing data from its Secure AI Framework to accelerate industry-wide adoption of AI-powered security tools.

These partnerships aim to democratize advanced security capabilities beyond Google’s infrastructure, helping secure open-source projects and critical infrastructure that underpin the broader internet ecosystem.

The SQLite discovery demonstrates how AI can protect widely-used software that affects billions of users worldwide.

As cybersecurity conferences approach this summer, Google’s advances signal a transformative moment where AI shifts from experimental technology to operational necessity in defending against sophisticated threats.

Stay Updated on Daily Cybersecurity News . Follow us on Google News, LinkedIn, and X.