Check out our work on using LLMs to generate fuzz targets in OSS-Fuzz: https://t.co/plaK7jLUPv

We’re excited to see the security and OSS communities engage on vulnerability disclosure in light of new AI technologies that we believe will enable both defenders and attackers alike. Existing and emerging norms around disclosure are important debates, and we’ve noted the

Apple patched six WebKit CVEs found by Google Big Sleep in iOS 26.1. https://t.co/IrTTUj8OvB

Really great update from the DeepMind Code Mender project and their journey in writing safe code. Some great results so far. A ways to go!

Although the target might not be as impactful as some others we ran against, these bugs in QuickJS are some of my favorite Big Sleep finds, because they demonstrate the ability of LLMs to reason about and detect classic JavaScript engine vulnerabilities.

https://t.co/TeYPpUANyW now with even more bugs. Also great to see the first ones getting fixed, including in v8, ANGLE and imagemagick.

If you've been keeping track on the Big Sleep bug tracker at https://t.co/TeYPpUANyW you might have noticed it lists more bugs now compared to last week. Including a "High impact issue in V8" :)

While insider attacks are a major risk, there’s little knowledge sharing in the community on this topic. To address this gap, today at Black Hat we presented FACADE, the high-precision anomaly detection system that we’ve used at Google since 2018 to accurately detect insider

Big Sleep goes brrr

TWENTY!

Our cybersecurity AI Agent Big Sleep is proving to be an invaluable tool in protecting our digital world. It’s already uncovered 20 vulnerabilities unknown to defenders. That’s 20 gaps that bad actors won’t be able to exploit.

Initial results from a large scale run of @Google Big Sleep are here!Our AI agent found a series of vulnerabilities in widely used & reviewed software,demonstrating a new frontier in automated vulnerability discovery.Full details once the issues are fixed:

Today as part of our commitment to transparency in this space, we are proud to announce that we have reported the first 20 vulnerabilities discovered using our AI-based "Big Sleep" system powered by Gemini —

you're not allowed to write comments in your code anymore, because if you do everyone will just think it's ai generated.

honggfuzz alive and kicking. stack based buffer overflow in libxml2 -

Auto generating #fuzzing harnesses by way of program analysis and #LLMs! New blog post "Minimal LLM-based fuzz harness generator": https://t.co/hZoXyZvXz6 We show how you can generate a sophisticated fuzz harness synthesis tool with a few lines of code.

#FUZZING'25 CALL FOR PAPERS ────── ✨ New OC members: @RuijieMeng (NUS) + Rohan Padhye (@moarbugs; CMU). ✨ New paper type: Fuzzing Nuggets (short papers). 🔗 https://t.co/cOJM2fvBlp 📅 20. March (Submission) //cc @YannicNoller (RUB), László Szekeres (@lszekeres; Google)

ICLR'25 Spotlight 🤩 (5% of accepted papers) -- for a topic we've just been nerding out on. Congrats Seongmin! 🎉 📝

The original link I posted for the OSS-Fuzz PhD internship was wrong, sorry to folks who applied to the research intern position. Please re-apply to the one below. The correct one is for the SWE intern position. 🤦

https://t.co/n6PY9jT0Ws

If I was still a PhD, I would definitely take this opportunity. So much opportunity for real impact!