Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine

Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep (formerly Project Naptime).

The tech giant described the development as the "first real-world vulnerability" uncovered using the artificial intelligence (AI) agent, while the researchers were not able to find the same vulnerability using traditional fuzzing. 

"We believe this is the first public example of an AI agent finding a previously unknown exploitable memory-safety issue in widely used real-world software," the Big Sleep team said in a blog post shared with The Hacker News.

The vulnerability in question is a stack buffer underflow in SQLite, which occurs when a piece of software references a memory location prior to the beginning of the memory buffer, thereby resulting in a crash or arbitrary code execution.

The flaw was discovered in a development branch of the library, meaning it was flagged before it made it into an official release.

See more:
The Hackers News https://thehackernews.com/2024/11/googles-ai-tool-big-sleep-finds-zero.html

SecurityWeek:
https://www.securityweek.com/google-says-its-ai-found-sqlite-vulnerability-that-fuzzing-missed/

#cybersecurity #sqlite #ai