Researchers from the Google Project Zero and Google Deepmind published Report On the development of the Big Sleep AI system, built on the basis of a large language model gemini 1.5 pro and designed to determine vulnerabilities in the source code. The achievement of the project was the identification using Big Sleep first suitable for operation and previously unknown vulnerability in the existing project. Vulnerability is detected as a result of checking the AI system of the code base of the SQLite DBMS and leads to overflow the lower boundary of the buffer in the stack (Buffer Underflow). The problem was found in the recently accepted code and eliminated before it gets into the final release sqlite 3.47.0 .
The model can be used as an auxiliary tool in areas that require labor -cost manual reviewing, as well as to organize automatically checking a new code to identify vulnerabilities in the early stages of development (before the problem code enters the final releases). It is assumed that the developed AI model will identify the security of the problem in code, which is problematic to determine by fuzzing testing.