Google’s AI ‘Big Sleep’ Stops Active SQLite Exploit, Marks First AI-Driven Cyber Defense Win

Google's artificial intelligence agent, Big Sleep, has identified and helped mitigate a previously unknown security vulnerability in the widely used SQLite database software, marking what the company says is the first instance of an AI tool preventing exploitation of a flaw in active use by malicious actors.

The flaw, designated CVE-2025-6965, was detected based on intelligence indicating it was known to threat actors, according to Google announcements and security disclosures. The development underscores the expanding role of AI in cybersecurity defenses.

Vulnerability Details

CVE-2025-6965 affects SQLite versions prior to 3.50.2, with a severity score of 7.2 on the Common Vulnerability Scoring System. It involves a logic error where the number of aggregate terms in a query can exceed available columns, potentially triggering an integer overflow and leading to memory corruption or unauthorized code execution if an attacker injects arbitrary SQL statements.

SQLite, an open-source database engine integrated into billions of devices such as smartphones, browsers and operating systems, received a patch in version 3.50.2, released on June 28, 2025. The vulnerability was publicly disclosed on July 15, 2025, following Google's report after Big Sleep analyzed threat signals.

Google stated the issue was previously unknown except to threat actors, allowing for preemptive action to avert attacks.

Background and Development

Big Sleep, developed jointly by Google's DeepMind AI lab and Project Zero security team, extends the 2024 "Naptime" framework for automated vulnerability detection. The agent employs large language models to mimic human reasoning in code analysis and threat response.

Initially revealed in 2024, Big Sleep identified its first vulnerability that year—a stack buffer underflow in SQLite. Subsequent discoveries followed, with the latest involving integration of real-time threat intelligence to predict and identify risks.

The detection aligns with escalating cyber threats, including zero-day exploits by state-affiliated groups and criminals, amid challenges in scaling manual security reviews for vast open-source ecosystems like SQLite.

Impact and Analysis

The timely identification likely prevented breaches or disruptions across devices and services dependent on SQLite, safeguarding user data and system integrity globally.

Benefits include faster vulnerability spotting, enabling security teams to address complex issues while AI handles routine scans, and bolstering protections for resource-limited open-source initiatives. Drawbacks encompass potential misses of nuanced flaws outside training data, risks from AI compromise, privacy implications in threat monitoring, and concerns over concentrated control by large firms.

Future Trends

Analysts see this as advancing toward autonomous AI systems for security operations, with anticipated growth in cross-industry applications. Google plans continued sharing of findings via public trackers and collaborations, including with groups like the Coalition for Secure AI, to foster ethical guidelines and collective defenses in a dynamic threat environment.

License This Article

Source: Google Blog, The Hacker News, Perplexity, Tech News Hub, Cyber Press