Vulnerability Management, AI/ML

Multiple open-source flaws discovered by Google’s Big Sleep tool

Google sign is seen at Googleplex, the corporate headquarters complex of Google and its parent company, Alphabet, Inc., in Mountain View, California.

Widely used open-source software, including the ImageMagick image editing suite and FFmpeg media library, had 20 security bugs identified by Google's new artificial intelligence-based vulnerability research tool Big Sleep, which has been co-developed by Google's DeepMind department and Project Zero hackers, TechCrunch reports.

"To ensure high quality and actionable reports, we have a human expert in the loop before reporting, but each vulnerability was found and reproduced by the AI agent without human intervention," said Google spokesperson Kimberly Samra. More information regarding the nature and severity of the discovered security issues has not been provided as fixes are still underway. While Big Sleep and other AI-powered vulnerability discovery tools, such as XBOW and RunSybil, have already shown promise in determining security defects with human assistance, such systems were also noted by multiple software project maintainers to produce hallucinations. "That's the problem people are running into, is we're getting a lot of stuff that looks like gold, but it's actually just crap," said RunSybil co-founder and Chief Technology Officer Vlad Ionescu.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds