{"id":683312,"date":"2025-08-05T09:35:15","date_gmt":"2025-08-05T06:35:15","guid":{"rendered":"https:\/\/buradabiliyorum.com\/en\/google-says-its-ai-based-bug-hunter-found-20-security-vulnerabilities-2\/"},"modified":"2025-08-05T09:35:15","modified_gmt":"2025-08-05T06:35:15","slug":"google-says-its-ai-based-bug-hunter-found-20-security-vulnerabilities-2","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/google-says-its-ai-based-bug-hunter-found-20-security-vulnerabilities-2\/","title":{"rendered":"Google says its AI-based bug hunter found 20 security vulnerabilities"},"content":{"rendered":"<div>\n<p id=\"speakable-summary\" class=\"wp-block-paragraph\">Google\u2019s AI-powered bug hunter has just reported its first batch of security vulnerabilities.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Heather Adkins, Google\u2019s vice president of security, <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/argvee\/status\/1952390039700431184\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">announced<\/a> Monday that its LLM-based vulnerability researcher Big Sleep found and reported 20 flaws in various popular open source software.<\/p>\n<p class=\"wp-block-paragraph\">Adkins said that Big Sleep, which is developed by the company\u2019s AI department DeepMind as well as its elite team of hackers Project Zero, <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/issuetracker.google.com\/issues?q=componentid:1836411&amp;s=type:desc&amp;s=issue_id:desc&amp;pli=1\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">reported its first-ever vulnerabilities<\/a>, mostly in open source software such as audio and video library FFmpeg and image-editing suite ImageMagick.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Given that the vulnerabilities are not fixed yet, we don\u2019t have details of their impact or severity, as Google <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/googleprojectzero.blogspot.com\/2025\/07\/reporting-transparency.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">does not yet want to provide details<\/a>, which is a standard policy when waiting for bugs to be fixed. But the simple fact that Big Sleep found these vulnerabilities is significant, as it shows these tools are starting to get real results, even if there was a human involved in this case.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">\u201cTo ensure high quality and actionable reports, we have a human expert in the loop before reporting, but each vulnerability was found and reproduced by the AI agent without human intervention,\u201d Google\u2019s spokesperson Kimberly Samra told TechCrunch.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Royal Hansen, Google\u2019s vice president of engineering, <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/royalhansen\/status\/1952424018663162235\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">wrote on X<\/a> that the findings demonstrate \u201ca new frontier in automated vulnerability discovery.\u201d\u00a0<\/p>\n<p class=\"wp-block-paragraph\">LLM-powered tools that can look for and find vulnerabilities are already a reality. Other than Big Sleep, there\u2019s <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.runsybil.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">RunSybil<\/a> and XBOW, among others.\u00a0<\/p>\n<div class=\"wp-block-techcrunch-inline-cta\">\n<div class=\"inline-cta__wrapper\">\n<p>Techcrunch event<\/p>\n<div class=\"inline-cta__content\">\n<p>\n\t\t\t\t\t\t\t\t\t<span class=\"inline-cta__location\">San Francisco<\/span><br \/>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"inline-cta__separator\">|<\/span><br \/>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"inline-cta__date\">October 27-29, 2025<\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/div>\n<p class=\"wp-block-paragraph\">XBOW has garnered headlines after <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/xbow.com\/blog\/top-1-how-xbow-did-it\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">it reached the top<\/a> of one of the U.S. leaderboards at bug bounty platform HackerOne. It\u2019s important to note that in most cases, these reports have a human at some point of the process to verify that the AI-powered bug hunter found a legitimate vulnerability, as is the case with Big Sleep.<\/p>\n<p class=\"wp-block-paragraph\">Vlad Ionescu, co-founder and chief <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> officer at RunSybil, a startup that develops AI-powered bug hunters, told TechCrunch that Big Sleep is a \u201clegit\u201d project, given that it has \u201cgood design, people behind it know what they\u2019re doing, Project Zero has the bug finding experience and DeepMind has the firepower and tokens to throw at it.\u201d<\/p>\n<p class=\"wp-block-paragraph\">There is obviously a lot of promise with these tools, but also significant downsides. Several people who maintain different software projects have complained of bug reports that are actually hallucinations, with some calling them the bug bounty equivalent of AI slop.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">\u201cThat\u2019s the problem people are running into, is we\u2019re getting a lot of stuff that looks like gold, but it\u2019s actually just crap,\u201d Ionescu previously told TechCrunch.<\/p>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMN63nwsw68G3Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" target=\"_blank\" >Technology<\/a><\/span> category.<\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/techcrunch.com\/2025\/08\/04\/google-says-its-ai-based-bug-hunter-found-20-security-vulnerabilities\/\" target=\"_blank\" >Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google\u2019s AI-powered bug hunter has just reported its first batch of security vulnerabilities.\u00a0 Heather Adkins, Google\u2019s vice president of security, announced Monday that its LLM-based vulnerability researcher Big Sleep found and reported 20 flaws in various popular open source software. Adkins said that Big Sleep, which is developed by the company\u2019s AI department DeepMind as&#8230;<\/p>\n","protected":false},"author":1,"featured_media":683313,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2023\/05\/google-io-2023-google-deepmind.jpg?resize=1200,675","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[77337,157999,70375,153076,26293,70944,152032,153715,72287],"class_list":["post-683312","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-ai","tag-big-sleep","tag-cybersecurity","tag-deepmind","tag-google","tag-hackers","tag-infosec","tag-llms","tag-security"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/683312","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=683312"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/683312\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/683313"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=683312"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=683312"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=683312"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}