GoogleS AI “Big Sleep” Thwarts Hackers, Uncovers critical sqlite Vulnerability
Mountain View, CA – In a notable advancement for cybersecurity, Google announced today that its advanced AI agent, “Big Sleep,” has successfully identified and helped neutralize a critical vulnerability in the widely-used SQLite database engine. The flaw, designated CVE-2025-6965, was reportedly on the verge of exploitation by malicious actors, marking a potential frist in AI directly preventing a real-world cyberattack.
Big Sleep,an evolution of Google’s vulnerability research efforts powered by large language models,actively scans for and discovers previously unknown security weaknesses in software. Google revealed that the AI agent pinpointed CVE-2025-6965, a flaw that “threat actors” were aware of and preparing to leverage.
“We believe this is the first time an AI agent has been used to directly foil efforts to exploit a vulnerability in the wild,” a Google spokesperson stated. The company’s threat intelligence team initially detected indicators of a staged zero-day exploit but struggled to identify the specific vulnerability. These limited clues were then passed to Google’s zero-day initiative team, who utilized Big Sleep to isolate the exploit being prepared.
The vulnerability impacts SQLite, an open-source database engine favored by developers globally. Google claims Big Sleep’s ability to predict the imminent exploitation allowed them to intervene proactively.
As its debut in November, Big Sleep has reportedly uncovered multiple real-world vulnerabilities, exceeding Google’s initial expectations. The tech giant is now deploying Big Sleep to bolster the security of open-source projects, hailing AI agents as a “game changer” capable of scaling security efforts and freeing up human teams to tackle more complex threats.
Google also published a white paper detailing its approach to building secure AI agents, emphasizing privacy safeguards, limitations on autonomous actions, and transparency. This progress comes as numerous organizations, including the U.S. Defense Department, are investing heavily in AI tools designed to automate vulnerability discovery and code security. The Defense Department is set to announce winners of a competition focused on AI-driven critical code security next month.
