Google announced on Tuesday that its artificial intelligence (AI) agent Big Sleep recently made a major cybersecurity breakthrough. Big Sleep, a cybersecurity-focused AI agent developed by Google DeepMind and Google Project Zero, was able to discover an SQLite vulnerability in the company’s product. The Mountain View-based tech giant highlighted that the security flaw was known to bad actors and was at risk of being exploited. But before the bug could be used to hack into the tech giant’s systems, the AI agent flagged the issue, and it was immediately fixed.
Big Sleep AI Agent Discovers SQLite Vulnerability
In a blog post, the tech giant detailed the achievements of Big Sleep. Notably, the AI agent was first unveiled in 2024, and it was able to discover its first real-world vulnerability in the same year. Google claims that since then, the security-focused agent has made several such discoveries. However, it did not find any zero-day vulnerabilities (security flaws that exist, but are yet to be abused or exploited) till very recently.
Without specifying the timeline or the name of the product, Google highlighted that a critical SQLite vulnerability (CVE-2025-6965) was discovered by Big Sleep in one of its products. The AI agent took action to look for the flaw based on an intelligence report from Google Threat Intelligence.
The tech giant claimed that due to timely identification, the company was able to fix it before bad actors could exploit it. Notably, the company claimed that this is the first time an AI agent was able to find such a vulnerability in real-world conditions. Big Sleep is now being deployed to also protect the security of popular open-source projects, the company said, without naming any of these projects.
“These cybersecurity agents are a game changer, freeing up security teams to focus on high-complexity threats, dramatically scaling their impact and reach,” Google said. Additionally, the tech giant also published its approach towards building AI agents in a white paper.
Notably, the search giant also announced that it will donate data from its Secure AI Framework (SAIF) to help scale the Coalition for Secure AI (CoSAI) initiative’s agentic AI, cyber defence, and software supply chain security workstreams. CoSAI was launched by Google in collaboration with industry partners to ensure the safe implementation of AI systems.
