Google’s Hunter Bug Hunter has just mentioned the first batch of security vulnerabilities.
Heather Adkins, Vice President of Google Security, announced Monday that LLM -based vulnerability researcher Big Sleep found and reported 20 imperfections to various popular open source software.
Adkins said Big Sleep, who is developing by the AI Deepmind section of the company, as well as from the elite of the project Hacker Zero, reported her first vulnerabilitiesMostly in open source software, such as the FFMPEG audio and video library and the Imagemagick Suite Suite.
Since vulnerabilities have not yet been specified, we do not have details of their impact or severity, such as Google does not yet want to provide detailswhich is a formal policy when you expect errors to be corrected. But the simple fact that the big sleep found that these vulnerabilities are important, as it shows that these tools are starting to have real results, even if there was a person involved in this case.
“To ensure high quality and action reports, we have a human expert in the loop before the report, but every vulnerability was found and reproduced by AI agent without human intervention,” Google Kimberly Samra spokesman in Techcrunch said.
Royal Hansen, Vice President of Google Engineering, wrote to x that the findings demonstrate “a new border in the automated discovery of vulnerability”.
LLM -powered tools that can seek and find vulnerabilities are already a reality. In addition to the big sleep, there is Runsybil And XBow, among others.
TechCrunch event
Francisco
|
27-29 October 2025
XBOW has gathered titles after Reached the top One of the American leaderboards on the Bug Bounty Hackerone platform. It is important to note that in most cases, these reports have a human being at some point in the process to verify that the Hunter Bug -powered Hunter bug has found a legal vulnerability, as is the case with big sleep.
Vlad Ionescu, co -founder and head of technology at Runsybil, a starting start -up Bug hunters powered by AI, in TechCrunch that big sleep is a “legal” project, since it has “good design, people behind it know what they do, Project Zero Firepower and tokens to throw on it. “
There is obviously a lot of promise with these tools, but also significant disadvantages. Many people who maintain different software projects have complained about fault reports that are truly illusions, with some calling them AI’s equivalent bug bounty.
“This is the problem that people are running. It is that we get a lot of things that look like gold, but it’s actually just crap,” Ionescu told TechCrunch.
