Google Researchers Claim First Vulnerability Found Using AI
Researchers from Google Project Zero and Google DeepMind have found their first real-world vulnerability using a large language model (LLM).
In a November 1 blog post, Google Project Zero researchers said the vulnerability is an exploitable stack buffer underflow in SQLite, a widely used open-source database engine.
A team from Project Zero and DeepMind, working under the Big Sleep project, found the flaw in early October before it appeared in an official release. They immediately reported it to the developers, who fixed it the same day. SQLite users were not impacted.
“The vulnerability is quite interesting, along with the fact that the existing testing infrastructure for SQLite (both through OSS-Fuzz and the project's own infrastructure) did not find the issue, so we did some further investigation,” the Big Sleep researchers wrote.
The hybrid team’s AI-powered vulnerability research builds on the work started in 2023 within Project Zero to develop Naptime, a framework enabling an LLM to assist vulnerability researchers.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25716666/247357_AMD_Ryzen_7_9800X3D_TWarren_0002.jpg)
