Latest news with #HeatherAdkins
Time of India
05-08-2025
- Time of India
Google's AI bug hunter ‘Big Sleep' finds 20 security flaws in open source software
google Tech giant Google has announced that its AI-powered vulnerability researcher — Big Sleep has identified 20 security vulnerabilities widely used open source software. Google VP security Heather Adkins posted on social media platform X (formerly known as Twitter) about this achievement. 'Today as part of our commitment to transparency in this space, we are proud to announce that we have reported the first 20 vulnerabilities discovered using our AI-based "Big Sleep" system powered by Gemini,' wrote Adkins. Developed jointly by Google's DeepMind and elite Project Zero teams, the Big Sleep managed to flag flaws in various tools such as FFmpeg and ImageMagick which are used for audio, video and image processing. The company has not yet disclosed the nature of the vulnerabilities, but has confirmed that the issue was found and reproduced by the AI agent without any human intervention. However, a human expert later reviewed the reports before submission. How Big Sleep works The AI bug hunter designed by Google operates by stimulating the actions of malicious actor and systematically probe the code and network services for potential exploits. The AI took is also capable of learning from its environment, adapt new strategies and identify complex and multi-step vulnerabilities. The 20 vulnerabilities identified by Big Sleep span across a range of Google's own products and some open-source projects. "This is not about replacing human security researchers, but about augmenting their capabilities," a Google spokesperson said. "Our AI bug hunter can perform thousands of tests in the time it takes a human to run a few. This allows our security teams to focus on the more intricate and strategic aspects of cybersecurity, while the AI handles the repetitive and time-consuming work." AI Masterclass for Students. Upskill Young Ones Today!– Join Now
Yahoo
04-08-2025
- Yahoo
Google says its AI-based bug hunter found 20 security vulnerabilities
Google's AI-powered bug hunter has just reported its first batch of security vulnerabilities. Heather Adkins, Google's vice president of security, announced Monday that its LLM-based vulnerability researcher Big Sleep found and reported 20 flaws in various popular open source software. Adkins said that Big Sleep, which is developed by the company's AI department DeepMind as well as its elite team of hackers Project Zero, reported its first-ever vulnerabilities, mostly in open source software such as audio and video library FFmpeg and image-editing suite ImageMagick. Given that the vulnerabilities are not fixed yet, we don't have details of their impact or severity, as Google does not yet want to provide details, which is a standard policy when waiting for bugs to be fixed. But the simple fact that Big Sleep found these vulnerabilities is significant, as it shows these tools are starting to get real results, even if there was a human involved in this case. 'To ensure high quality and actionable reports, we have a human expert in the loop before reporting, but each vulnerability was found and reproduced by the AI agent without human intervention,' Google's spokesperson Kimberly Samra told TechCrunch. Royal Hansen, Google's vice president of engineering, wrote on X that the findings demonstrate 'a new frontier in automated vulnerability discovery.' LLM-powered tools that can look for and find vulnerabilities are already a reality. Other than Big Sleep, there's RunSybil and XBOW, among others. XBOW has garnered headlines after it reached the top of one of the U.S. leaderboards at bug bounty platform HackerOne. It's important to note that in most cases, these reports have a human at some point of the process to verify that the AI-powered bug hunter found a legitimate vulnerability, as is the case with Big Sleep. Vlad Ionescu, co-founder and chief technology officer at RunSybil, a startup that develops AI-powered bug hunters, told TechCrunch that Big Sleep is a 'legit' project, given that it has 'good design, people behind it know what they're doing, Project Zero has the bug finding experience and DeepMind has the firepower and tokens to throw at it.' There is obviously a lot of promise with these tools, but also significant downsides. Several people who maintain different software projects have complained of bug reports that are actually hallucinations, with some calling them the bug bounty equivalent of AI slop. 'That's the problem people are running into, is we're getting a lot of stuff that looks like gold, but it's actually just crap,' Ionescu previously told TechCrunch. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
TechCrunch
04-08-2025
- TechCrunch
Google says its AI-based bug hunter found 20 security vulnerabilities
Google's AI-powered bug hunter has just reported its first batch of security vulnerabilities. Heather Adkins, Google's vice president of security, announced Monday that its LLM-based vulnerability researcher Big Sleep found and reported 20 flaws in various popular open source software. Adkins said that Big Sleep, which is developed by the company's AI department DeepMind as well as its elite team of hackers Project Zero, reported its first-ever vulnerabilities, mostly in open source software such as audio and video library FFmpeg and image editing suite ImageMagick. Given that the vulnerabilities are not fixed yet, we don't have details of their impact or severity, as Google does not yet want to provide details, which is a standard policy when waiting for bugs to be fixed. But the simple fact that Big Sleep found these vulnerabilities is significant, as it shows these tools are starting to get real results, even if there was a human involved in this case. 'To ensure high quality and actionable reports, we have a human expert in the loop before reporting, but each vulnerability was found and reproduced by the AI agent without human intervention,' Google's spokesperson Kimberly Samra told TechCrunch. Royal Hansen, Google's vice president of engineering, wrote on X that the findings demonstrate 'a new frontier in automated vulnerability discovery.' LLM-powered tools that can look for and find vulnerabilities are already a reality. Other than Big Sleep, there's RunSybil, and XBOW, among others. Techcrunch event Tech and VC heavyweights join the Disrupt 2025 agenda Netflix, ElevenLabs, Wayve, Sequoia Capital — just a few of the heavy hitters joining the Disrupt 2025 agenda. They're here to deliver the insights that fuel startup growth and sharpen your edge. Don't miss the 20th anniversary of TechCrunch Disrupt, and a chance to learn from the top voices in tech — grab your ticket now and save up to $675 before prices rise. Tech and VC heavyweights join the Disrupt 2025 agenda Netflix, ElevenLabs, Wayve, Sequoia Capital — just a few of the heavy hitters joining the Disrupt 2025 agenda. They're here to deliver the insights that fuel startup growth and sharpen your edge. Don't miss the 20th anniversary of TechCrunch Disrupt, and a chance to learn from the top voices in tech — grab your ticket now and save up to $675 before prices rise. San Francisco | REGISTER NOW XBOW has garnered headlines after it reached the top of one of the U.S. leaderboards at bug bounty platform HackerOne. It's important to note that in most cases, these reports have a human at some point of the process to verify that the AI-powered bug hunter found a legitimate vulnerability, as is the case with Big Sleep. Vlad Ionescu, co-founder and chief technology officer at RunSybil, a startup that develops AI-powered bug hunters, told TechCrunch that Big Sleep is a 'legit' project, given that it has 'good design, people behind it know what they're doing, Project Zero has the bug finding experience and DeepMind has the firepower and tokens to throw at it.' There is obviously a lot of promise with these tools, but also significant downsides. Several people who maintain different software projects have complained of bug reports that are actually hallucinations, with some calling them the bug bounty equivalent of AI slop. 'That's the problem people are running into, is we're getting a lot of stuff that looks like gold, but it's actually just crap,' Ionescu previously told TechCrunch.
Time of India
23-06-2025
- Time of India
Gen AI in cybersecurity: Will help defenders with better counter measures; India ahead of other nations
Generative artificial intelligence, while being increasingly exploited by cyber criminals to fuel their attacks, is also empowering defenders with faster and smarter responses to online threats, according to Heather Adkins, global VP of engineering at Google Security. Adkins, who has spent more than 20 years at Google, said, generative AI will give "defenders" a "leg up" over the threat actors.' 'We will be able to leverage Gen AI to protect infrastructure in new ways that we've never thought of before and also at a speed that we've never been able to achieve before,' she said, quoted by TNN. She said that the same technology being used to plan sophisticated cyberattacks can also help strengthen defence systems. Talking about cyberattacks in India, the Google security VP pointed out that the government is "very engaged" and has been ahead of many other nations in tackling these threats. 'It's a hot topic. They've done a very good job in getting involved quickly and partnering with companies. The workforce here and education levels in India are pretty high. There are parts of the world I go where they're just now starting to think about cyber security and they're much further behind India.' Google Security now plans to set up an engineering centre in India. She further warned of the growing threat posed by state-sponsored cyberattacks, particularly as geopolitical tensions continue to rise, putting the world at risk. 'It's a question of who has more time. And, if you think about a well-funded nation state, may be they'll create a project, put 100 people on it, and they just work on that project throughout the day... So, they often know more because they have more time, not because they're smarter. I would say they're more likely to be successful.' Adkins highlighted the need to educate users alongside building tools, stating that digital instincts must be developed to spot malicious content online. 'Unlike the physical world where you have instincts and senses to identify something dangerous, the online world does not have a parallel. We have to build that,' she said. Despite the rising tempo and complexity of attacks, Adkins believed that the cybersecurity landscape is in a better place today. 'There's no doubt that we're seeing an increase in the tempo and sophistication of attacks. But today, more than ever before, enterprises have better tools.' Cybersecurity looked 'primitive' 23 years ago, while now, most solutions have security built into them, she added. Stay informed with the latest business news, updates on bank holidays and public holidays . AI Masterclass for Students. Upskill Young Ones Today!– Join Now
Time of India
19-06-2025
- Business
- Time of India
Google opens Asia Pacific (APAC's) first safety centre in Hyderabad; to tackle AI fraud, cybercrime; CM Revanth Reddy hails Telangana's tech rise
HYDERABAD: Tech giant Google unveiled its first safety engineering centre (GSEC) in the Asia Pacific (APAC) region and its fourth globally after Munich, Dublin, and Malaga (Spain), in Hyderabad on Wednesday. GSEC India is housed within what is Google's largest base outside the US and was also its first port of call in India in 2004. An official statement said GSEC India will not only address the rapidly evolving threat landscape of India, which faces projected cybercrime losses of up to Rs 20,000 crore by 2025, but will also serve as a global hub of safety innovation driven by a combination of AI-powered threat detection, ecosystem collaboration, and policy measures. Heather Adkins, vice president of engineering, Google Security, said GSEC India will serve as a global lighthouse for their digital safety and security efforts. She said Google has been investing in security and safety teams in Hyderabad over the years and will be looking at investing in hiring the best talent for the centre, which is learnt to have started with around 200-250 engineers. Pivotal moment in T's journey as cybersecurity hub: Revanth The centre will primarily focus on keeping end users safe from online fraud and scams, strengthening cybersecurity for govt and enterprise infrastructure, and building artificial intelligence (AI) responsibly. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like 2025년 가장 여유 넘치는 농장 게임. 설치 없음 Taonga: 아일랜드 팜 플레이하기 Undo It will deploy advanced AI and large language models (LLMs) to power real-time scam alerts on Android, strengthen Google Play Protect, and enhance fraud detection. GSEC India will also tackle AI-driven deception through adversarial testing, AI-assisted red teaming, and tools like SynthID to watermark AI-generated content while focusing on ecosystem collaboration and intelligence sharing through platforms like the Global Signals Exchange (GSE). It will also advance research in areas like Post-Quantum Cryptography through partnerships with academia. Flagging off the facility, chief minister A Revanth Reddy said the first-of-its-kind centre in the Asia-Pacific marks a pivotal moment in Telangana's journey as a global cybersecurity innovation hub. "Google and Hyderabad are old friends... Google today has nearly 7,000 Googlers who call Hyderabad their home," he said, pointing out that the new centre affirms Hyderabad's crucial role in developing privacy, safety, and cyber-defence solutions and will attract top-tier safety engineering talent to the state. He said the Telangana govt was focused on growing to a $1 trillion economy by 2035 and a $3 trillion economy by 2047. "Our population is 2.5% of India's population but contributes 5% to its GDP. By 2047 we want to contribute 10% to India's GDP." IT and industries minister D Sridhar Babu said GSEC India demonstrates the power of public-private partnerships in building a secure digital infrastructure and will serve as a catalyst for innovation in areas critical to India's vision of becoming a global tech leader.
