Google’s newest AI safety bulletins
1. Giving defenders an edge with agentic capabilities
Final 12 months, we introduced Big Sleep, an AI agent developed by Google DeepMind and Google Mission Zero, that actively searches and finds unknown safety vulnerabilities in software program. By November 2024, Large Sleep was capable of finding its first real-world safety vulnerability, exhibiting the immense potential of AI to plug safety holes earlier than they affect customers.
Since then, Large Sleep has continued to find a number of real-world vulnerabilities, exceeding our expectations and accelerating AI-powered vulnerability analysis. Most just lately, based mostly on intel from Google Risk Intelligence, the Large Sleep agent found an SQLite vulnerability (CVE-2025-6965) — a crucial safety flaw, and one which was identified solely to menace actors and was susceptible to being exploited. By means of the mix of menace intelligence and Large Sleep, Google was in a position to truly predict {that a} vulnerability was imminently going for use and we had been in a position to reduce it off beforehand. We consider that is the primary time an AI agent has been used to immediately foil efforts to take advantage of a vulnerability within the wild.
These AI advances don’t simply assist safe Google’s merchandise. Large Sleep can also be being deployed to assist enhance the safety of broadly used open-source initiatives — a significant win for guaranteeing quicker, more practical safety throughout the web extra broadly. These cybersecurity brokers are a game changer, releasing up safety groups to give attention to high-complexity threats, dramatically scaling their affect and attain.
However after all this work must be carried out safely and responsibly. In our newest white paper, we define our method to constructing AI brokers in ways in which safeguard privateness, mitigate the dangers of rogue actions, and make sure the brokers function with the good thing about human oversight and transparency. When deployed in line with secure-by-design principles, brokers can provide defenders an edge like no different software that got here earlier than them.
We’ll proceed to share our agentic AI insights and report findings by means of our industry-standard disclosure course of. You may hold tabs on all publicly disclosed vulnerabilities from Large Sleep on our issue tracker page.
