Feed: Slashdot
Feed Link: https://slashdot.org/
---

Title: Google Says Its AI-Based Bug Hunter Found 20 Security Vulnerabilities

Link: https://it.slashdot.org/story/25/08/09/194723...

"Heather Adkins, Google's vice president of security, announced Monday that
its LLM-based vulnerability researcher Big Sleep found and reported 20 flaws
in various popular open source software," reports TechCrunch: Adkins said
that Big Sleep, which is developed by the company's AI department DeepMind as
well as its elite team of hackers Project Zero, reported its first-ever
vulnerabilities, mostly in open source software such as audio and video
library FFmpeg and image-editing suite ImageMagick. [There's also a "medium
impact" issue in Redis] Given that the vulnerabilities are not fixed yet, we
don't have details of their impact or severity, as Google does not yet want
to provide details, which is a standard policy when waiting for bugs to be
fixed. But the simple fact that Big Sleep found these vulnerabilities is
significant, as it shows these tools are starting to get real results, even
if there was a human involved in this case. "To ensure high quality and
actionable reports, we have a human expert in the loop before reporting, but
each vulnerability was found and reproduced by the AI agent without human
intervention," Google's spokesperson Kimberly Samra told TechCrunch. Google's
vice president of engineering posted on social media that this demonstrates
"a new frontier in automated vulnerability discovery."

Read more of this story at Slashdot.

---
VRSS v2.1.180528