Bitcoin reached a new all-time high of $118,900 on Friday, surpassing its previous record of $113,822 set on Thursday. As Read more
Selling software to companies can be a daunting task, especially when it comes to meeting security requirements. Chas Ballew, founder Read more
Earlier this week, San Diego startup Gallant announced $18 million in funding to bring the first FDA-approved ready-to-use stem cell Read more
The world’s richest man buys out one of the most popular social media platforms and uses it as a propaganda Read more
Google’s AI-powered bug hunter, Big Sleep, recently made its debut by uncovering 20 security vulnerabilities in popular open source software. Led by Google’s vice president of security, Heather Adkins, the team behind Big Sleep, composed of DeepMind’s AI department and Project Zero’s elite hackers, revealed flaws in software like FFmpeg and ImageMagick.
The Impact of AI in Security Vulnerability Discovery
Despite the lack of details on the severity of these vulnerabilities, the mere fact that Big Sleep identified them is groundbreaking. The AI agent autonomously found and reproduced each vulnerability, showcasing a new era in automated vulnerability discovery, as stated by Google’s vice president of engineering, Royal Hansen.
As the field of AI-powered bug hunting continues to evolve, tools like XBOW and RunSybil are also making waves. XBOW made headlines by dominating a U.S. bug bounty platform, HackerOne. However, there is still a need for human verification in the process to ensure legitimate findings, as emphasized by Vlad Ionescu, co-founder of RunSybil.
The Promise and Pitfalls of AI Bug Hunting
While AI-powered bug hunters hold great promise, there are challenges to overcome. Some software maintainers have encountered false bug reports, likening them to AI-generated noise rather than valuable insights. The balance between automated discovery and human verification remains a key issue in the development of these tools.
