What you could know
- Large Sleep, Google’s AI safety agent, simply sniffed out a hidden SQLite flaw (CVE-2025-6965) that hackers had been already exploiting.
- Google’s open-source forensics instrument now runs on Sec-Gemini, making log evaluation quicker and risk detection sharper.
- Google can also be sharing SAIF knowledge with CoSAI to spice up analysis on AI safety, provide chain dangers, and cyber protection.
In a sequence of contemporary bulletins forward of Black Hat USA and DEF CON 33, Google has laid out how its homegrown AI brokers are already discovering important bugs, serving to safety groups reduce down response occasions, and teaming up with people in reside hacker competitions.
Google’s AI agent Large Sleep, first revealed final 12 months, has not too long ago uncovered a safety flaw (CVE-2025-6965) in SQLite that had been floating round within the wild, recognized solely to attackers. This discovery, powered by insights from the Google Risk Intelligence Group, reveals how AI can now catch bugs earlier than they blow up.
Large Sleep was constructed to assume like a human safety knowledgeable, digging via code and recognizing shady behaviors similar to an actual researcher would. Google additionally designed it to catch sneaky twists on recognized bugs, that are a goldmine for hackers seeking to mess with fashionable software program.
Moreover, Google’s open-source digital forensics instrument, Timesketch, is getting a strong AI enhance. Backed by a brand new mannequin known as Sec-Gemini, the upgraded platform can now do a few of the heavy lifting in forensic investigations, like sifting via logs and flagging potential threats. This implies much less work for analysts and far quicker incident response. A reside demo is about for Black Hat USA.
FACADE: Google’s secret insider risk catcher
One other inside instrument is entering into the highlight. Google will share a behind-the-scenes take a look at FACADE, its insider risk detection system that’s been quietly monitoring billions of every day occasions since 2018. It doesn’t want coaching knowledge from previous assaults to identify anomalies, because of a machine studying strategy known as contrastive studying.
At DEF CON 33, Google can also be co-hosting a Seize the Flag (CTF) occasion with Airbus. Groups will get assist from AI assistants to sort out a variety of safety puzzles. It’s a contemporary spin that places AI within the trenches with safety execs and hobbyists alike.
Google can also be placing its weight behind safer AI improvement. It’s donating knowledge from its Safe AI Framework (SAIF) to the Coalition for Safe AI (CoSAI), serving to gasoline work round agentic AI, software program provide chain safety, and cyber protection. This transfer follows the initiative’s launch eventually 12 months’s Aspen Safety Discussion board.
And at last, subsequent month marks the tip of the AI Cyber Problem (AIxCC), a DARPA-led competitors supported by Google. The winners will showcase new AI instruments constructed to seek out and repair vulnerabilities in main open-source software program, a serious step ahead for proactive digital protection.
