Google’s artificial intelligence-powered security tool Big Sleep has achieved a cybersecurity milestone by discovering and preventing the active exploitation of a critical zero-day vulnerability in SQLite, marking what the company believes is the first time an AI agent has directly thwarted real-world cyberattacks.
This breakthrough demonstrates the transformative potential of AI in defensive cybersecurity operations.
The Big Sleep AI agent, developed jointly by Google DeepMind and Google Project Zero, identified a critical SQLite vulnerability designated CVE-2025-6965 that was previously known only to threat actors and posed imminent exploitation risks.
By combining intelligence from Google Threat Intelligence with Big Sleep’s automated vulnerability discovery capabilities, Google successfully predicted and prevented the vulnerability’s malicious use before it could impact users.
This achievement represents a significant evolution from Big Sleep’s initial milestone in November 2024, when it discovered its first real-world security vulnerability.
Since then, the AI agent has consistently exceeded expectations by uncovering multiple previously unknown vulnerabilities across various software systems.
The SQLite discovery is particularly notable because it demonstrates AI’s ability to not only find security flaws but also to proactively defend against active threats.
Big Sleep’s impact extends beyond Google’s own products, as the company deploys the tool to enhance security across widely-used open-source projects.
This approach creates broader internet security benefits while freeing human security teams to focus on more complex threats that require human expertise and judgment.
SQLite 0-Day Vulnerability
Google plans to demonstrate additional AI-powered security capabilities at major cybersecurity conferences this summer, including enhanced versions of existing tools.
Timesketch, Google’s open-source collaborative digital forensics platform, will receive agentic capabilities powered by Sec-Gemini, enabling automated initial forensic investigations that dramatically reduce incident response times.
The company will also showcase FACADE (Fast and Accurate Contextual Anomaly Detection), an AI-based insider threat detection system that has been operational at Google since 2018.
FACADE processes billions of daily security events using a unique contrastive learning approach that doesn’t require historical attack data, making it particularly effective for identifying previously unknown threat patterns.
At DEF CON 33, Google will partner with Airbus for a Capture the Flag event designed to demonstrate how AI can enhance cybersecurity professionals’ capabilities across all skill levels, providing hands-on experience with AI-assisted security operations.
Industry Collaboration
Google’s commitment to collaborative cybersecurity development is evidenced by its participation in the Coalition for Secure AI (CoSAI), an industry initiative focused on safe AI implementation.
The company announced it will donate data from its Secure AI Framework (SAIF) to accelerate CoSAI’s work on agentic AI, cyber defense, and software supply chain security.
The conclusion of DARPA’s two-year AI Cyber Challenge (AIxCC) at DEF CON 33 will showcase new AI tools developed to find and fix vulnerabilities in major open-source projects, further demonstrating the collaborative approach needed for effective cybersecurity advancement.
These developments signal a fundamental shift in cybersecurity defense capabilities, where AI agents can operate at scale and speed impossible for human analysts while maintaining the oversight and transparency necessary for responsible deployment.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
.webp?w=356&resize=356,220&ssl=1 "Microsoft Teams Blocking Users from Accessing Embedded Office Documents")
