Please note: Most, if not all, of the articles published at this website were completed by Chat GPT (chat.openai.com) and/or copied and possibly remixed from other websites or Feedzy or WPeMatico or RSS Aggregrator or WP RSS Aggregrator. No copyright infringement is intended. If there are any copyright issues, please contact: bicycledays@yahoo.com.
Google’s AI-powered bug hunter has simply reported its first batch of safety vulnerabilities.
Heather Adkins, Google’s vice chairman of safety, introduced Monday that its LLM-based vulnerability researcher Huge Sleep discovered and reported 20 flaws in numerous well-liked open supply software program.
Adkins mentioned that Huge Sleep, which is developed by the corporate’s AI division DeepMind in addition to its elite staff of hackers Mission Zero, reported its first-ever vulnerabilities, largely in open supply software program similar to audio and video library FFmpeg and image-editing suite ImageMagick.
On condition that the vulnerabilities aren’t fastened but, we don’t have particulars of their affect or severity, as Google doesn’t but need to present particulars, which is a typical coverage when ready for bugs to be fastened. However the easy undeniable fact that Huge Sleep discovered these vulnerabilities is important, because it reveals these instruments are beginning to get actual outcomes, even when there was a human concerned on this case.
“To make sure prime quality and actionable studies, we have now a human knowledgeable within the loop earlier than reporting, however every vulnerability was discovered and reproduced by the AI agent with out human intervention,” Google’s spokesperson Kimberly Samra instructed Trendster.
Royal Hansen, Google’s vice chairman of engineering, wrote on X that the findings reveal “a brand new frontier in automated vulnerability discovery.”
LLM-powered instruments that may search for and discover vulnerabilities are already a actuality. Aside from Huge Sleep, there’s RunSybil and XBOW, amongst others.
Techcrunch occasion
San Francisco | October 27-29, 2025
XBOW has garnered headlines after it reached the highest of one of many U.S. leaderboards at bug bounty platform HackerOne. It’s vital to notice that usually, these studies have a human throughout the method to confirm that the AI-powered bug hunter discovered a reputable vulnerability, as is the case with Huge Sleep.
Vlad Ionescu, co-founder and chief expertise officer at RunSybil, a startup that develops AI-powered bug hunters, instructed Trendster that Huge Sleep is a “legit” mission, provided that it has “good design, folks behind it know what they’re doing, Mission Zero has the bug discovering expertise and DeepMind has the firepower and tokens to throw at it.”
There may be clearly a number of promise with these instruments, but additionally important downsides. A number of individuals who preserve completely different software program tasks have complained of bug studies which might be really hallucinations, with some calling them the bug bounty equal of AI slop.
“That’s the issue individuals are operating into, is we’re getting a number of stuff that appears like gold, however it’s really simply crap,” Ionescu beforehand instructed Trendster.
