Google’s Big Sleep AI Foils Zero-Day Exploit in SQLite Before Attackers Strike
Google has announced the successful discovery of a critical vulnerability in the widely used SQLite database engine—identified and neutralized before it could be exploited in real-world attacks. The flaw was uncovered by Big Sleep, an autonomous agent developed through a collaboration between DeepMind and Project Zero, as part of an initiative exploring the use of language models to identify software vulnerabilities.
The flaw has been designated CVE-2025-6965 and assigned a CVSS score of 7.2. It involves a memory corruption issue stemming from an integer overflow, affecting all SQLite versions prior to 3.50.2. According to SQLite developers, an attacker with the ability to inject arbitrary SQL queries could trigger an out-of-bounds memory read, opening the door to potential exploitation.
Google revealed that this vulnerability was previously known only to potential threat actors. Through a combination of threat intelligence and Big Sleep’s analytical prowess, the company was able to predict the exploit attempt and neutralize the threat before it could manifest. As Kent Walker, President of Global Affairs at Google and Alphabet, stated, this marks the first recorded instance in which an AI system has preemptively thwarted an exploit in an operational environment.
Further insights came from the GTIG team, which detected indirect signs of an impending attack but was initially unable to identify the specific vulnerability. These findings were relayed to other Google specialists, who—using Big Sleep—successfully isolated the flaw before any malicious actions could be executed.
Notably, this is not Big Sleep’s first intervention. In October 2024, the same agent uncovered another critical SQLite flaw—a stack buffer overflow that could have resulted in crashes or arbitrary code execution.
In light of these developments, Google has also released a technical paper on building secure AI agents. The document emphasizes the need for clearly defined boundaries and transparency within AI systems to mitigate the risks of data leakage and unpredictable behavior. The company critiques both conventional security approaches, which often prove too rigid for adaptive AI systems, and purely logic-based defenses that fail to protect against prompt injection attacks.
As a solution, Google advocates for a hybrid, multilayered defense model that combines traditional safeguards with AI-informed adaptive mechanisms. This approach aims to establish robust containment around an agent’s operational environment, preventing unintended behavior even in cases of logic distortion or external manipulation.
Google underscores that effective security cannot rely solely on rule-based algorithms or AI autonomy—it must be a synthesis of both, designed to avert potentially catastrophic scenarios, including the weaponization of AI in cyberattacks.
