Google revealed on Tuesday that its Large Language Model (LLM)-assisted Vulnerability Discovery Framework discovered security flaws in the SQLite open source database engine before being exploited in the wild.
The vulnerability tracked as CVE-2025-6965 (CVSS score: 7.2) is a memory corruption flaw that affects all versions prior to 3.50.2. It was discovered by Big Sleep, an artificial intelligence (AI) agent launched by Google last year as part of a collaboration between DeepMind and Google Project Zero.
“Attackers who can insert any SQL statement into their application will read the end of the array, as they can cause integer overflows,” the SQLite project maintainer said in their advisory.
The tech giant described CVE-2025-6965 as an important security issue “known to threaten only the actors and risk being exploited.” Google did not reveal who the threat actor was.
“The combination of threat intelligence and great sleep allowed Google to predict that the vulnerability would actually be used in close proximity and could cut it off in advance,” said the president of Global Affairs, Google and Alphabet.
“We believe this is the first time that AI agents have been used directly to block efforts to exploit wild vulnerabilities.”
In October 2024, Big Sleep was behind the discovery of another flaw in SQLite. This is a stack buffer underflow vulnerability that could have been exploited to cause crashes or arbitrary code execution.
In line with development, Google has published a whitepaper for building a well-defined, secure AI agent for human controllers. Its capabilities are carefully limited to avoid potential fraud and sensitive data disclosure, and its actions are observable and transparent.
“Traditional system security approaches (such as limiting agent actions implemented through classic software) lack the context awareness required for multi-purpose agents, allowing utilities to be overly restricted.”
“On the contrary, purely inference-based security (which relies solely on AI model judgment) is insufficient, and current LLMs are susceptible to operations such as rapid injections, and still cannot provide sufficiently robust guarantees.”
To mitigate the critical risks associated with agent security, the company said it has adopted a hybrid detailed approach that combines the strengths of both traditional deterministic control and dynamic inference-based defense.
The idea is to create robust boundaries around the agent’s operational environment to mitigate malicious behaviors implemented as a result of rapid injections so that the risk of harmful outcomes is greatly reduced.
“This detailed approach relies on the forced boundaries around the AI agent’s production environment to prevent potential worst-case scenarios, even if the agent’s internal inference process is compromised or erroneous by sophisticated attacks or unexpected inputs,” Google said.
“This multilayered approach recognizes that purely AI-based judgment is not sufficient even for purely rules-based systems.”
Source link
