Google said a large language model it developed to find vulnerabilities recently discovered a bug that hackers were preparing to use. Late last year, Google announced an AI agent called Big Sleep — a project that evolved out of work on vulnerability research assisted by large language models done by Google Project Zero and Google DeepMind. The tool actively searches and finds unknown security vulnerabilities in software. On Tuesday, Google said Big Sleep managed to discover CVE-2025-6965 — a critical security flaw that Google said was “only known to threat actors and was at risk of being exploited.” The vulnerability impacts SQLite, an open-source database engine popular among developers. Google claims it was “able to actually predict that a vulnerability was imminently going to be used” and was able to cut it off beforehand. “We believe this is the first time an AI agent has been used to directly foil efforts to exploit a vulnerability in the wild,” the company said. A Google spokesperson told Recorded Future News that the company’s threat intelligence group was “able to identify artifacts indicating the threat actors were staging a zero day but could not immediately identify the vulnerability.” “The limited indicators were passed along to other Google team members at the zero day initiative who leveraged Big Sleep to isolate the vulnerability the adversary was preparing to exploit in their operations,” they said.

Full report : Google says its Big Sleep AI agent for finding unknown software vulnerabilities recently discovered a critical SQLite flaw that “was at risk of being exploited.”