Blog

Google discovers vulnerability in SQLite using Big Sleep AI

Google has announced a breakthrough in cybersecurity:  Big Sleep AI discovers a bug in the SQLite database. This is the first time a generative AI agent has identified a real vulnerability, demonstrating the potential of advanced AI to prevent future risks.

Big Sleep’s discovery of vulnerability

The vulnerability discovered by Big Sleep is a significant milestone, as it is the first time that an AI has found a real security flaw in a widely used software program. Specifically, Big Sleep identified a stack buffer underflow in an experimental version of the SQLite database . This type of error occurs when a program attempts to access an area of ​​memory that is older than the designated one, potentially causing stability and security issues .

In detail, the Google team explained that the vulnerability resided in a specific function of the SQLite code. This function did not correctly handle an edge case: when a query with constraints on the ‘rowid’ column was executed, the program attempted to write to a portion of memory with a negative index. This behavior could open the way to an exploitable flaw that, in the hands of malicious actors, could lead to the execution of unwanted code or a system crash.

The AI ​​Detection Process

The discovery process was made possible by the power of Big Sleep AI , which uses advanced machine learning techniques to analyze software code. Unlike traditional testing tools, Big Sleep does not simply test software with random data (fuzzing) but uses a variant analysis approach . This method allows the AI ​​to start from already fixed or known vulnerabilities to search for other similar flaws, eliminating many ambiguities that make it difficult to find new errors.

In the case of SQLite, Big Sleep analyzed patterns in existing code and discovered that the vulnerability was not present in previous versions of the software, but had emerged following an update. With its powerful pattern recognition system , the AI ​​was able to spot this new flaw, providing the Google team with a detailed vulnerability report.

Collaboration with the SQLite development team

After discovering the flaw, Google immediately contacted SQLite developers , providing them with the technical details needed to fix the issue. The SQLite team then patched the vulnerability on the same day it was reported, preventing potential risks to users and following security best practices . This timely collaboration ensured that the bug was eliminated before the official release of the database, demonstrating the importance of a proactive approach to managing software vulnerabilities.

Implications for software security

The discovery of Big Sleep is a milestone not only for Google, but for the entire cybersecurity community. It demonstrates how artificial intelligence can offer invaluable support in finding and preventing software flaws. As more and more digital applications and services become central to our daily lives, the ability to find vulnerabilities before they can be exploited by malicious actors becomes an essential weapon in cybersecurity .

The Importance of AI-Powered Security

Big Sleep is a collaboration between the Google Project Zero team and DeepMind , Google’s advanced machine learning research center . This AI agent can identify bugs similar to those found by human analysts, and its continuous learning can make systems more secure over time. Big Sleep represents an important step toward more automated and effective cybersecurity .

A New Era for Vulnerability Prevention

In the past, Google and other companies have relied on techniques like fuzzing , which tests software with random data to identify flaws. However, Big Sleep goes further, using advanced language models to find flaws that traditional techniques can’t. In a world where digital security is essential, Big Sleep’s variant analysis approach offers powerful support for preventing hidden attacks and vulnerabilities.

The Future of AI-Driven Security

With the discovery of Big Sleep, Google has demonstrated how AI can protect software before it is released to the public, preventing potential attackers from exploiting vulnerabilities. The recent creation of Vulnhuntr , an open-source analyzer, demonstrates that AI-driven security is becoming an increasingly effective weapon against digital threats.

Sign up for the newsletter. Stay updated!

We will send you periodical important communications and news about the digital world. You can unsubscribe at any time by clicking the appropriate link at the bottom of the newsletter.

Dopstart

Dopstart è il sito di Paolino Donato ma anche il suo Nickname su Internet. Dopstart è un consulente SEO. Si occupa di posizionamento nei motori di ricerca fin dal 1998. Dal 2010 ha collaborato con Google in qualità di TC per Google News italiano e Google Noticias per i Paesi di Lingua spagnola e dal 2018 come Product Expert vedi curriculum

Share
Published by
Dopstart

Recent Posts

NIS2 Directive : The Italian National Cybersecurity Strategy

The Italian National Cybersecurity Strategy 2022-2026 represents a fundamental pillar to strengthen the digital protection…

1 day ago

New Google core update November 24

The November 2024 update brings new challenges for content creators. Here are some tips for…

1 week ago

AI tools and Apps for students

From language learning to writing, AI offers useful tools to improve study effectiveness Artificial Intelligence:…

2 weeks ago

Search Engine Marketing: definition and characteristics

The world of marketing is constantly evolving, and with the advent of digital technology, Search Engine…

2 weeks ago

Microsoft offers $1 Million to those who choose Bing over Google

Switch to Bing and win up to $1 million! Microsoft launches an initiative to encourage…

2 weeks ago

AI writes 25% of Google software: a new role for engineers

AI is reshaping software development, with engineers now focusing on review and innovation. AI now…

2 weeks ago