Google's AI-powered bug hunter, Big Sleep, has identified and reported 20 security vulnerabilities in open source software like FFmpeg and ImageMagick. Developed by DeepMind and Project Zero, Big Sleep found these flaws without human intervention, though a human expert reviews the reports before submission.
While details of the vulnerabilities are withheld until fixes are available, this achievement highlights the potential of AI in automated vulnerability discovery. Other tools like RunSybil and XBOW are also emerging in this field. The rise of AI in bug hunting also brings challenges, including concerns about inaccurate or hallucinated bug reports.