What you have to know
- Large Sleep, Google’s AI safety agent, simply sniffed out a hidden SQLite flaw (CVE-2025-6965) that hackers have been already exploiting.
- Google’s open-source forensics instrument now runs on Sec-Gemini, making log evaluation quicker and menace detection sharper.
- Google can also be sharing SAIF knowledge with CoSAI to spice up analysis on AI safety, provide chain dangers, and cyber protection.
In a sequence of recent bulletins forward of Black Hat USA and DEF CON 33, Google has laid out how its homegrown AI brokers are already discovering important bugs, serving to safety groups reduce down response instances, and teaming up with people in stay hacker competitions.
Google’s AI agent Large Sleep, first revealed final 12 months, has not too long ago uncovered a safety flaw (CVE-2025-6965) in SQLite that had been floating round within the wild, identified solely to attackers. This discovery, powered by insights from the Google Menace Intelligence Group, exhibits how AI can now catch bugs earlier than they blow up.
Large Sleep was constructed to assume like a human safety knowledgeable, digging via code and recognizing shady behaviors similar to an actual researcher would. Google additionally designed it to catch sneaky twists on identified bugs, that are a goldmine for hackers seeking to mess with trendy software program.
Moreover, Google’s open-source digital forensics instrument, Timesketch, is getting a robust AI enhance. Backed by a brand new mannequin known as Sec-Gemini, the upgraded platform can now do a number of the heavy lifting in forensic investigations, like sifting via logs and flagging potential threats. This implies much less work for analysts and far quicker incident response. A stay demo is about for Black Hat USA.
FACADE: Google’s secret insider menace catcher
One other inner instrument is entering into the highlight. Google will share a behind-the-scenes take a look at FACADE, its insider menace detection system that’s been quietly monitoring billions of day by day occasions since 2018. It doesn’t want coaching knowledge from previous assaults to identify anomalies, because of a machine studying method known as contrastive studying.
At DEF CON 33, Google can also be co-hosting a Seize the Flag (CTF) occasion with Airbus. Groups will get assist from AI assistants to deal with a variety of safety puzzles. It’s a recent spin that places AI within the trenches with safety professionals and hobbyists alike.
Google can also be placing its weight behind safer AI improvement. It’s donating knowledge from its Safe AI Framework (SAIF) to the Coalition for Safe AI (CoSAI), serving to gas work round agentic AI, software program provide chain safety, and cyber protection. This transfer follows the initiative’s launch eventually 12 months’s Aspen Safety Discussion board.
And at last, subsequent month marks the top of the AI Cyber Problem (AIxCC), a DARPA-led competitors supported by Google. The winners will showcase new AI instruments constructed to search out and repair vulnerabilities in main open-source software program, a serious step ahead for proactive digital protection.
