Google has claimed a world-first with its AI tool, Big Sleep, which has detected a vulnerability in the SQLite database. This significant milestone in the field of cybersecurity was announced on November 5, 2024. It’s the first time an AI has identified such a vulnerability in real-world code.
Big Sleep was developed through a collaboration between Google’s Project Zero and DeepMind. It uses advanced language models to analyze code commits. It also helps identify potential security threats. Unlike traditional fuzzing methods, which randomly inject data to find errors, Big Sleep simulates human behavior to understand code at a deeper level.
In October 2024, Big Sleep successfully identified a stack buffer underflow vulnerability in SQLite, which could have allowed attackers to crash the database or execute arbitrary code. Since it was discovered before the code was publicly released, it might not strictly qualify as a zero-day vulnerability. However, this discovery still showcases the effectiveness of AI in the early detection of security flaws.