Google's new AI bug-hunting tool "Big Sleep" finds 20 security flaws (www.techradar.com)

Google’s new AI-driven vulnerability hunter, Big Sleep, developed collaboratively by DeepMind and Project Zero, has successfully identified its first 20 security flaws in widely used open source software such as FFmpeg and ImageMagick. These discoveries mark a significant milestone, demonstrating AI’s growing ability to autonomously detect and reproduce software bugs with a level of efficiency and scale beyond traditional human-led security audits. Each finding undergoes expert human review to minimize false positives, ensuring that only credible vulnerabilities are reported to developers for patching. While specific technical details, including CVE identifiers and exploit proofs, remain under embargo following Google’s 90-day disclosure policy, this proactive approach underscores Big Sleep’s potential to enhance cybersecurity by addressing weaknesses before they can be exploited. Google plans to share a full technical briefing at major security conferences including Black Hat USA and DEF CON 33, and will contribute anonymized training data to the Secure AI Framework, fostering wider collaboration in AI-powered security research. Big Sleep’s success signals a transformative shift in vulnerability management, positioning AI as a critical tool in safeguarding the software ecosystem amid increasing cyber threats.