Google has announced that its LLM-based vulnerability researcher Big Sleep, developed by DeepMind and Project Zero, has found and reported 20 security vulnerabilities in popular open-source software. The vulnerabilities were discovered using AI-powered tools that can look for and find weaknesses without human intervention.
Big Sleep’s findings demonstrate a new frontier in automated vulnerability discovery, according to Royal Hansen, Google’s vice president of engineering. However, the report also highlights the challenges of relying on AI-powered bug hunters, as some users have reported receiving false or “hallucinated” bug reports.
Despite these concerns, the development of AI-powered bug hunters is significant, and companies like RunSybil are already gaining attention for their tools. The discovery of Big Sleep’s vulnerabilities is a promising sign that these tools can produce high-quality results, even if they require human oversight to verify their accuracy.
Google has not yet disclosed details on the impact or severity of the vulnerabilities found by Big Sleep. As with many security reports, Google is waiting for the bugs to be fixed before providing further information.
Source: https://techcrunch.com/2025/08/04/google-says-its-ai-based-bug-hunter-found-20-security-vulnerabilities