Google's large language model-assisted framework detected a critical vulnerability in SQLite, tracked as CVE-2025-6965, which affects versions prior to 3.50.2. The flaw is a memory corruption issue that could allow attackers to inject SQL statements, leading to potential exploitation. The discovery was made by Big Sleep, an AI agent from a collaboration between DeepMind and Google Project Zero. Google emphasized the role of this AI in preventing the imminent exploitation of this vulnerability, marking a significant advancement in using AI for security measures.
An attacker who can inject arbitrary SQL statements into an application might be able to cause an integer overflow resulting in read off the end of an array.
CVE-2025-6965 is a critical security issue that was known only to threat actors and was at risk of being exploited.
We believe this is the first time an AI agent has been used to directly foil efforts to exploit a vulnerability in the wild.
Google has also published a white paper to build secure AI agents such that they have well-defined human controllers, their capabilities are carefully limited.
Collection
[
|
...
]