Google's AI Big Sleep finds 20 critical bugs before hackers do.

Big Sleep is Google 's latest gem in its hunt for the web's most dangerous bugs . But this time, we're not talking about a team of expert hackers spending sleepless nights in front of their computers: it's artificial intelligence.

Big Sleep , developed by DeepMind in collaboration with Google's legendary Project Zero team , just delivered its first report: 20 vulnerabilities discovered in popular open-source software like FFmpeg and ImageMagick. Each flaw was found and reproduced by the AI agent without any human intervention. Of course, Google keeps a human expert in the loop to verify the quality of the reports before submitting them, but the initial discovery is completely automated.

This demonstrates a new frontier in automated vulnerability discovery , wrote Royal Hansen, Google's vice president of engineering. And he's right. While human hackers rely on intuition, experience, and often luck, Big Sleep can analyze thousands of lines of code with surgical precision and tirelessly.

The fact that these bugs haven't been fixed yet means Google can't say how serious they are. It's standard practice: as long as the problems exist, they don't disclose details to prevent anyone from exploiting them. But the details aren't the point. The point is that an AI found real vulnerabilities in real code, not in lab exercises.

Big Sleep isn't alone in this field. Tools like RunSybil and XBOW are already making waves. Cybersecurity is starting to change. But all that glitters is not gold. Several software project maintainers are complaining about receiving bug reports that turn out to be AI hallucinations .