In a major breakthrough for the field of AI-assisted vulnerability research, the Google Project Zero team, in collaboration with Google DeepMind, has announced the discovery of a previously unknown exploitable vulnerability in the SQLite database engine.
The vulnerability, a stack buffer underflow, was discovered by the team’s “Big Sleep” agent, a large language model-based system for identifying vulnerabilities in real-world software. This marks the first public example of an AI agent finding a previously unknown exploitable memory-safety issue in widely used open-source software.
“We believe this work has tremendous defensive potential,” the Project Zero team stated in their blog post. “Finding vulnerabilities in software before it’s even released means that there’s no scope for attackers to compete: the vulnerabilities are fixed before attackers even have a chance to use them.”
The vulnerability, which was reported to the SQLite developers and promptly fixed, was found in the “seriesBestIndex” function, where a special sentinel value of -1 used to represent the ROWID column was not properly handled, leading to a write into a stack buffer with a negative index.
Interestingly, the team found that the existing testing infrastructure for SQLite, including both the project’s own testing and the OSS-Fuzz fuzzing efforts, did not uncover this issue. This highlights the potential for AI-based approaches to complement traditional vulnerability discovery methods, especially in finding complex edge cases that may be difficult to detect through manual analysis or fuzzing alone.
“Fuzzing has helped significantly, but we need an approach that can help defenders to find the bugs that are difficult (or impossible) to find by fuzzing, and we’re hopeful that AI can narrow this gap,” the Project Zero team explained.
The successful discovery of this vulnerability marks a significant milestone in the team’s ongoing “Big Sleep” project, which aims to leverage large language models to assist in the vulnerability research process. The team plans to continue sharing their research in this space, with the goal of turning the tables and achieving an asymmetric advantage for defenders against potential attackers.