"Heather Adkins, Google's vice president of security, [1]announced Monday that its LLM-based vulnerability researcher Big Sleep found and reported 20 flaws in various popular open source software," [2]reports TechCrunch :

> Adkins said that Big Sleep, which is developed by the company's AI department DeepMind as well as its elite team of hackers Project Zero, [3]reported its first-ever vulnerabilities , mostly in open source software such as audio and video library FFmpeg and image-editing suite ImageMagick. [There's also a "medium impact" [4]issue in Redis

>

> Given that the vulnerabilities are not fixed yet, we don't have details of their impact or severity, as Google [5]does not yet want to provide details , which is a standard policy when waiting for bugs to be fixed. But the simple fact that Big Sleep found these vulnerabilities is significant, as it shows these tools are starting to get real results, even if there was a human involved in this case.

>

> "To ensure high quality and actionable reports, we have a human expert in the loop before reporting, but each vulnerability was found and reproduced by the AI agent without human intervention," Google's spokesperson Kimberly Samra told TechCrunch.

Google's vice president of engineering [6]posted on social media that this demonstrates "a new frontier in automated vulnerability discovery."



[1] https://x.com/argvee/status/1952390039700431184

[2] https://techcrunch.com/2025/08/04/google-says-its-ai-based-bug-hunter-found-20-security-vulnerabilities/

[3] https://issuetracker.google.com/issues?q=componentid:1836411&s=type:desc&s=issue_id:desc&pli=1

[4] https://issuetracker.google.com/issues/433679595

[5] https://googleprojectzero.blogspot.com/2025/07/reporting-transparency.html

[6] https://x.com/royalhansen/status/1952424018663162235