- Big Sleep A vulnerability vulnerabilities hunter built by Deepmind and Project Zero
- The first lot of 20 vulnerabilities that you have seen have been announced
- The details are secret to give developers to patch them
The Google with the tool designed to find errors, Big Sleep, has reported its first batch of 20 safety vulnerabilities in open source software.
Developed by AI and Deepmind Security Teams and Project Zero de Google, the first vulnerabilities were found in FFMPEG and Imagemagick, however, the details of these vulnerabilities remain without revealing until they have been paveled.
Google says that Big Sleep marks a significant step in the security of applications, with AI capable of discovering and informing autonomously vulnerabilities more effectively than human security workers.
Big Sleep highlights dirt in open source software errors
Each of the 20 errors was found and reproduced autonomously by Big Sleep, although Google points out that a human expert reviews the findings before making the reports public, with an important human review for temperature concerns about false positives or hallucinated errors by ensuring that problems are worthwhile to be reported to their respective developers.
The finest details such as ID of CVE, technical explanations and concept tests are retained for now under the 90 -day Google policy to give developers to patch vulnerabilities without the attackers that enter first.
“By November 2024, Big Sleep was able to find his first security vulnerability in the real world, showing the immense potential of the AI to plug the security holes before they affect users,” said the president of Global Affairs Kent Walker in a blog post.
The Vice President of Security Engineering, Heather Adkins, announced the news in an X publication: “Today, as part of our commitment to transparency in this space, we are proud to announce that we have reported the first 20 vulnerabilities discovered using our” Big Sleep “system based on the GEMINI promoted.”
Google maintains a complete list of vulnerabilities, which currently includes the first 20, separated into problems of high, medium and low impact.
Google plans a complete technical session in the next Black Hat and Def events with 33, and will donate training data anonymized to the IA safe framework so that other researchers can benefit from technology.
