Signals

From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code

November 3, 2024 - LLM, Security
1 mins

An interesting post from the Google Project Zero team on how they used an LLM to find real-world vulnerabilities in SQLite. I expect the cost implications of this approach will be significant, but it’s an interesting outcome.

Today, we’re excited to share the first real-world vulnerability discovered by the Big Sleep agent: an exploitable stack buffer underflow in SQLite, a widely used open source database engine. We discovered the vulnerability and reported it to the developers in early October, who fixed it on the same day. Fortunately, we found this issue before it appeared in an official release, so SQLite users were not impacted.

The approach uses an agent model, which I expect will be a growing trend across businesses in the coming years.