July 15, 2025 By Jonathan Greig
Google said a large language model it developed to find vulnerabilities recently discovered a bug that hackers were preparing to use.
Late last year, Google announced an AI agent called Big Sleep — a project that evolved out of work on vulnerability research assisted by large language models done by Google Project Zero and Google DeepMind. The tool actively searches and finds unknown security vulnerabilities in software.
On Tuesday, Google said Big Sleep managed to discover CVE-2025-6965 — a critical security flaw that Google said was “only known to threat actors and was at risk of being exploited.”
The vulnerability impacts SQLite, an open-source database engine popular among developers. Google claims it was “able to actually predict that a vulnerability was imminently going to be used” and was able to cut it off beforehand.
