Google’s Big Sleep AI Tool Finds Zero-Day Vulnerability

In a major breakthrough, Google’s AI-powered research tool, Big Sleep, discovered a vulnerability in SQLite, one of the most widely used database engines in the world. The Google Project Zero and Google DeepMind teams recently shared this milestone in an official blog post, marking a first for AI-driven vulnerability detection in real-world software.

The vulnerability found by Big Sleep was a stack buffer underflow in SQLite, which could potentially allow malicious actors to manipulate data in ways that compromise database integrity. Discovered and reported in early October, the SQLite development team patched the vulnerability on the same day, averting any real-world impact on users.

“We believe this is the first public example of an AI agent finding a previously unknown exploitable memory-safety issue in widely used real-world software,” the researchers said. “Earlier this year at the DARPA AIxCC event, Team Atlanta discovered a null-pointer dereference in ...