What you should know
- Large Sleep, Google’s AI safety agent, simply sniffed out a hidden SQLite flaw (CVE-2025-6965) that hackers have been already exploiting.
- Google’s open-source forensics device now runs on Sec-Gemini, making log evaluation quicker and risk detection sharper.
- Google can also be sharing SAIF information with CoSAI to spice up analysis on AI safety, provide chain dangers, and cyber protection.
In a sequence of contemporary bulletins forward of Black Hat USA and DEF CON 33, Google has laid out how its homegrown AI brokers are already discovering important bugs, serving to safety groups lower down response occasions, and teaming up with people in dwell hacker competitions.
Google’s AI agent Large Sleep, first revealed final 12 months, has not too long ago uncovered a safety flaw (CVE-2025-6965) in SQLite that had been floating round within the wild, recognized solely to attackers. This discovery, powered by insights from the Google Risk Intelligence Group, reveals how AI can now catch bugs earlier than they blow up.
Large Sleep was constructed to assume like a human safety skilled, digging by way of code and recognizing shady behaviors identical to an actual researcher would. Google additionally designed it to catch sneaky twists on recognized bugs, that are a goldmine for hackers seeking to mess with trendy software program.
Moreover, Google’s open-source digital forensics device, Timesketch, is getting a robust AI increase. Backed by a brand new mannequin known as Sec-Gemini, the upgraded platform can now do a few of the heavy lifting in forensic investigations, like sifting by way of logs and flagging potential threats. This implies much less work for analysts and far quicker incident response. A dwell demo is ready for Black Hat USA.
FACADE: Google’s secret insider risk catcher
One other inside device is entering into the highlight. Google will share a behind-the-scenes have a look at FACADE, its insider risk detection system that’s been quietly monitoring billions of every day occasions since 2018. It doesn’t want coaching information from previous assaults to identify anomalies, due to a machine studying strategy known as contrastive studying.
At DEF CON 33, Google can also be co-hosting a Seize the Flag (CTF) occasion with Airbus. Groups will get assist from AI assistants to deal with a variety of safety puzzles. It’s a contemporary spin that places AI within the trenches with safety execs and hobbyists alike.
Google can also be placing its weight behind safer AI growth. It’s donating information from its Safe AI Framework (SAIF) to the Coalition for Safe AI (CoSAI), serving to gas work round agentic AI, software program provide chain safety, and cyber protection. This transfer follows the initiative’s launch ultimately 12 months’s Aspen Safety Discussion board.
And at last, subsequent month marks the top of the AI Cyber Problem (AIxCC), a DARPA-led competitors supported by Google. The winners will exhibit new AI instruments constructed to search out and repair vulnerabilities in main open-source software program, a significant step ahead for proactive digital protection.