Google has announced a breakthrough in cybersecurity: Big Sleep AI discovers a bug in the SQLite database. This is the first time a generative AI agent has identified a real vulnerability, demonstrating the potential of advanced AI to prevent future risks.
The vulnerability discovered by Big Sleep is a significant milestone, as it is the first time that an AI has found a real security flaw in a widely used software program. Specifically, Big Sleep identified a stack buffer underflow in an experimental version of the SQLite database . This type of error occurs when a program attempts to access an area of memory that is older than the designated one, potentially causing stability and security issues .
In detail, the Google team explained that the vulnerability resided in a specific function of the SQLite code. This function did not correctly handle an edge case: when a query with constraints on the ‘rowid’ column was executed, the program attempted to write to a portion of memory with a negative index. This behavior could open the way to an exploitable flaw that, in the hands of malicious actors, could lead to the execution of unwanted code or a system crash.
The discovery process was made possible by the power of Big Sleep AI , which uses advanced machine learning techniques to analyze software code. Unlike traditional testing tools, Big Sleep does not simply test software with random data (fuzzing) but uses a variant analysis approach . This method allows the AI to start from already fixed or known vulnerabilities to search for other similar flaws, eliminating many ambiguities that make it difficult to find new errors.
In the case of SQLite, Big Sleep analyzed patterns in existing code and discovered that the vulnerability was not present in previous versions of the software, but had emerged following an update. With its powerful pattern recognition system , the AI was able to spot this new flaw, providing the Google team with a detailed vulnerability report.
After discovering the flaw, Google immediately contacted SQLite developers , providing them with the technical details needed to fix the issue. The SQLite team then patched the vulnerability on the same day it was reported, preventing potential risks to users and following security best practices . This timely collaboration ensured that the bug was eliminated before the official release of the database, demonstrating the importance of a proactive approach to managing software vulnerabilities.
The discovery of Big Sleep is a milestone not only for Google, but for the entire cybersecurity community. It demonstrates how artificial intelligence can offer invaluable support in finding and preventing software flaws. As more and more digital applications and services become central to our daily lives, the ability to find vulnerabilities before they can be exploited by malicious actors becomes an essential weapon in cybersecurity .
Big Sleep is a collaboration between the Google Project Zero team and DeepMind , Google’s advanced machine learning research center . This AI agent can identify bugs similar to those found by human analysts, and its continuous learning can make systems more secure over time. Big Sleep represents an important step toward more automated and effective cybersecurity .
In the past, Google and other companies have relied on techniques like fuzzing , which tests software with random data to identify flaws. However, Big Sleep goes further, using advanced language models to find flaws that traditional techniques can’t. In a world where digital security is essential, Big Sleep’s variant analysis approach offers powerful support for preventing hidden attacks and vulnerabilities.
With the discovery of Big Sleep, Google has demonstrated how AI can protect software before it is released to the public, preventing potential attackers from exploiting vulnerabilities. The recent creation of Vulnhuntr , an open-source analyzer, demonstrates that AI-driven security is becoming an increasingly effective weapon against digital threats.
We will send you periodical important communications and news about the digital world. You can unsubscribe at any time by clicking the appropriate link at the bottom of the newsletter.
The Italian National Cybersecurity Strategy 2022-2026 represents a fundamental pillar to strengthen the digital protection…
The November 2024 update brings new challenges for content creators. Here are some tips for…
From language learning to writing, AI offers useful tools to improve study effectiveness Artificial Intelligence:…
The world of marketing is constantly evolving, and with the advent of digital technology, Search Engine…
Switch to Bing and win up to $1 million! Microsoft launches an initiative to encourage…
AI is reshaping software development, with engineers now focusing on review and innovation. AI now…