Google says that hunting errors based on artificial intelligence found 20 security vulnerabilities

Google’s fisherman from Google’s hunter has reported the first group of weaknesses in safety.

Heather Adkins, Deputy Head of Security in Google, Declare On Monday that the LLM bi -Sleep researcher, who reported 20 defects in various famous open sources.

ADKINS said that Big Sleep, which was developed by DeepMind in the company’s artificial intelligence section as well as the elite team of Zero infiltrators, I informed the first weakness everOften in open source software such as the FFMPEG audio and photo editing library.

Given that the weaknesses have not yet been fixed, we do not have details of their influence or intensity, such as Google He does not want to provide detailsIt is a standard policy when waiting for errors. But the simple fact that the big sleep found that these weaknesses are important, as it shows that these tools have begun to obtain real results, even if there is a person involved in this case.

“To ensure high -quality and implemented reports, we have a human expert in the episode before reporting, but every weakness was found and cloned by artificial intelligence agent without human intervention,” Google spokesman Kimberly Samra told Techcrunch.

Royal Hansen, Vice President of Engineering from Google, Books on x The results show “new limits to discover automatic weakness.”

LLM tools that can search for and find weaknesses It is indeed a reality. Unlike the big sleep, there RunsybilAnd xBow, among others.

XBOW got the addresses of the newspapers yet I got to the top From a leader in the United States in Bug Bounty Platform Hackerone. It is important to note that in most cases, these reports have a person at some point in the process to verify that the error hunter who works from artificial intelligence has found legitimate weakness, as is the case with a big sleep.

Vlad Usco, co -founder and chief technology employee in Runsybil, who is emerging, has been developing errors working from artificial intelligence, Techcrunch that Big Sleep is a “legitimate” project, given that “a good design, and the people behind them know what they are doing, Project Zero has the experience of finding mistakes and Deepmind has a flower flower and hatred in it. “

It is clear that there is a lot of promise to these tools, but also on the important negative aspects. Many people who keep various software projects have complained Mistake reports that are actually hallucinationsWith some, they are called an AI SLOP equivalent bug.

“This is the problem that people face, do we get a lot of things that look like gold, but in reality it is just foolish,” IEESCU said by Techcrunch.