Google has released the first results of its new vulnerability-finding tool, Big Sleep, which is powered by artificial intelligence, TechCrunch reports. According to Heather Adkins, Google’s vice president of security, the tool has found 20 vulnerabilities in open-source software, including the FFmpeg media library and the ImageMagick graphics editor.
Big Sleep was created in collaboration between DeepMind and the Project Zero team. Google spokeswoman Kimberly Samra clarified that all vulnerabilities were found and replicated by an AI agent without human intervention, although the final verification was carried out by an expert. Because the fixes have not yet been implemented, the company is not disclosing details about the severity or impact of the identified issues, which is in line with standard Google policy.
Royal Hansen, vice president of engineering, called the results “a new frontier” in automated vulnerability detection. In addition to Big Sleep, other AI tools are already in the works, including RunSybil and XBOW, the latter of which recently topped a leaderboard on HackerOne.
However, some open source developers have raised concerns about the quality of the reports: sometimes the AI generates false messages, which are called “hallucinations.” Vlad Ionescu, CTO of RunSybil, recognizes the potential of Big Sleep, but emphasizes the need for human control at certain stages of the verification.