Google says its AI-based bug hunter found 20 security vulnerabilities

Google’s AI-driven Bug Hunter has just reported the first batch of security weakness.

Heather Adkins, Vice President of Google Protection, Declaration On Monday, the LLM-based weakness researcher, Big Slip, found and reported 20 defects in the popular open source software.

Adkins said that the Big Slip, which was developed by the Zero of the Hacker Project, as well as its elite team of the company’s AI department, Its first time reportMost open source software such as audio and video library FFMPEG and image-editing suite imagemagic.

Weaknesses have not yet been fixed, as Google as we do not have the details of their influence or intensity Still do not want to supply the detailsThe bugs are a standard policy that is waiting for the bugs to be fixed. However, the simple fact that big sleep has found these weaknesses is significant, because it shows that these tools have begun to get true results, even if a person is involved in this case.

Google spokesperson Kimberley Samra told TechCrunch, “To ensure high quality and operational reports, there is a human expert in the loop before our report, but every weakness was found and reproduced by AI agent without human intervention.”

Royal Hansen, Vice President of Google Engineering, Wrote x That search shows “a new border of automatic weakness invention.”

LLM-powered tools that vulnerability can look and look for Already a realityThe There is, other than the big sleep Rasabil And Xbo, in others.

Has collected the title after Xbo It has reached the top The bug bounty platform is one of the US Leaderboards in Hacerone. It is important to note that in most cases, there is a person at any stage of the process of this report that to verify that the AI-powered bug Hunter has found a valid weakness, such as in the case of big sleep.

Vlad Aynesku, co-founder and chief technology officer of the AI-driven bug hunters, told TechCrunch that the Big Slip is a “valid” project, it has a good design, what people know what they are doing, have the experience of the project zero and the firepower and tokens of Dipmind.

There are obviously a lot of promises with these tools, but there are also significant downsides. Several people who maintained various software projects complained Bug reports that are actually hallucinationsSome call their AI OP equivalent bug bounty equivalent.

Ionecu earlier told TechCrunch, “The problem that people are going is is that we are getting a lot of stuff that looks like gold, but it’s just crap.”