Google says that its AI -based bug hunter has found 20 safety vulnerabilities

The Bogue Hunter powered by Google has just reported its first share of security vulnerabilities.

Heather Adkins, Google security vice-president, announcement On Monday that his vulnerability researcher based on LLM Big Sleep found and reported 20 faults in various popular open source software.

Adkins said that Big Sleep, who is developed by the Department of IA of Deepmind as well as his elite team of pirates of pirates Zero, reported his first vulnerabilitiesMainly in open source software such as audio and the FFMPEG video library and the image of imagemagick image edition.

Since vulnerabilities are not yet fixed, we have no details on their impact or gravity, because Google does not want to provide details yetwhich is a standard strategy when you wait for the bugs to be corrected. But the simple fact that the big sleep has found these vulnerabilities is significant, because it shows that these tools begin to obtain real results, even if there was a human involved in this case.

“To ensure high-quality and usable reports, we have a human expert in the loop before reporting, but each vulnerability has been found and reproduced by AI agent without human intervention,” Google spokesman Kimberly Samra told Techcrunch.

Royal Hansen, vice-president of Google engineering, Written on x that the results demonstrate “a new border in the automated discovery of vulnerability”.

Tools fueled by LLM which can seek and find vulnerabilities are already a reality. Apart from the big sleep, there is Runsybil And Xbow, among others.

Xbow made the headlines after He reached the summit One of the American rankings of Bug Bounty Platform Hackerone. It is important to note that in most cases, these reports have a human at a given time in the process to verify that the hunter of bugs propelled by AI found a legitimate vulnerability, as is the case with great sleep.

Vlad Ionescu, co-founder and technology director at Runsybil, a startup that develops Bogs hunters powered by AI, told Techcrunch that Big Sleep is a “legitimate” project, since he has “a good conception, people behind him know what they are doing, the zero project has the experience of research bugs and that Deepmind has the power of fire and throw it. “

There are obviously a lot of promises with these tools, but also important drawbacks. Several people who maintain various software projects complained of Bogues who are actually hallucinationsWith some calling them the equivalent of AI Sols bonus bonus.

“This is the problem that people encounter is that we get a lot of things that look like gold, but it’s actually shit,” said Ionescu to Techcrunch.