Widely used open-source software, including the ImageMagick image editing suite and FFmpeg media library, had 20 security bugs identified by Google's new artificial intelligence-based vulnerability research tool Big Sleep, which has been co-developed by Google's DeepMind department and Project Zero hackers, TechCrunch reports.
"To ensure high quality and actionable reports, we have a human expert in the loop before reporting, but each vulnerability was found and reproduced by the AI agent without human intervention," said Google spokesperson Kimberly Samra. More information regarding the nature and severity of the discovered security issues has not been provided as fixes are still underway. While Big Sleep and other AI-powered vulnerability discovery tools, such as XBOW and RunSybil, have already shown promise in determining security defects with human assistance, such systems were also noted by multiple software project maintainers to produce hallucinations. "That's the problem people are running into, is we're getting a lot of stuff that looks like gold, but it's actually just crap," said RunSybil co-founder and Chief Technology Officer Vlad Ionescu.
"To ensure high quality and actionable reports, we have a human expert in the loop before reporting, but each vulnerability was found and reproduced by the AI agent without human intervention," said Google spokesperson Kimberly Samra. More information regarding the nature and severity of the discovered security issues has not been provided as fixes are still underway. While Big Sleep and other AI-powered vulnerability discovery tools, such as XBOW and RunSybil, have already shown promise in determining security defects with human assistance, such systems were also noted by multiple software project maintainers to produce hallucinations. "That's the problem people are running into, is we're getting a lot of stuff that looks like gold, but it's actually just crap," said RunSybil co-founder and Chief Technology Officer Vlad Ionescu.




