Google searches for bugs using artificial intelligence
Google has introduced a new AI bug detection system called Big Sleep that uses LLMs (large language models) to analyse code. Google's Vice President of Security Heather Adkins stated that the system has already helped to identify 20 new vulnerabilities, some of which are classified as critical. The system was applied to open-source software, including cURL, FFmpeg, ImageMagick, Envoy, libjpeg, gRPC, etc. AI detected errors that humans could not find, including array bounds, use-after-free, etc.
The system was developed by DeepMind and Project Zero hackers, who are engaged in their own security checks of Google services (Blue Team). Google promises to open up some of the tools to the community to support the security of open-source projects.
At the same time, the company encourages other corporations to invest in similar AI solutions for bug detection.
AI bug detection systems are not new. Despite the fact that they are currently capable of "hallucinating", detecting bugs that cannot be reproduced in reality, or missing critical vulnerabilities, these systems will undoubtedly become popular in the near future.
Source: techcrunch.com
