1. Giving defenders an edge with agentic capabilities
Final 12 months, we introduced Huge Sleep, an AI agent developed by Google DeepMind and Google Challenge Zero, that actively searches and finds unknown safety vulnerabilities in software program. By November 2024, Huge Sleep was capable of finding its first real-world safety vulnerability, displaying the immense potential of AI to plug safety holes earlier than they impression customers.
Since then, Huge Sleep has continued to find a number of real-world vulnerabilities, exceeding our expectations and accelerating AI-powered vulnerability analysis. Most lately, based mostly on intel from Google Risk Intelligence, the Huge Sleep agent found an SQLite vulnerability (CVE-2025-6965) — a vital safety flaw, and one which was identified solely to risk actors and was prone to being exploited. By way of the mixture of risk intelligence and Huge Sleep, Google was in a position to truly predict {that a} vulnerability was imminently going for use and we had been in a position to lower it off beforehand. We consider that is the primary time an AI agent has been used to instantly foil efforts to use a vulnerability within the wild.
These AI advances don’t simply assist safe Google’s merchandise. Huge Sleep can be being deployed to assist enhance the safety of extensively used open-source initiatives — a significant win for making certain sooner, simpler safety throughout the web extra broadly. These cybersecurity brokers are a recreation changer, liberating up safety groups to give attention to high-complexity threats, dramatically scaling their impression and attain.
However in fact this work must be completed safely and responsibly. In our newest white paper, we define our method to constructing AI brokers in ways in which safeguard privateness, mitigate the dangers of rogue actions, and make sure the brokers function with the good thing about human oversight and transparency. When deployed in accordance with secure-by-design rules, brokers can provide defenders an edge like no different software that got here earlier than them.
We’ll proceed to share our agentic AI insights and report findings by way of our industry-standard disclosure course of. You may maintain tabs on all publicly disclosed vulnerabilities from Huge Sleep on our situation tracker web page.
