AI-Powered Cybersecurity: Google's Big Sleep Finds Vulnerabilities

Google's artificial intelligence-powered cybersecurity agent, known as Big Sleep, has identified five significant vulnerabilities within Apple's WebKit, the underlying engine for its Safari web browser.

According to The Hacker News, these vulnerabilities pose potential risks such as browser crashes and memory corruption when processing maliciously crafted web content. The first vulnerability, designated CVE-2025-43429, is classified as a buffer overflow, which could lead to unexpected process crashes.

This issue has been addressed by Apple through improved bounds checking. The second vulnerability, CVE-2025-43430, remains unspecified but also risks causing unexpected process crashes, mitigated by enhanced state management.

Two additional vulnerabilities, CVE-2025-43431 and CVE-2025-43433, could lead to memory corruption, and Apple has addressed these with improved memory handling. The last identified risk, CVE-2025-43434, is a use-after-free vulnerability that may cause Safari to crash, which has similarly been addressed through better state management.

Apple has released patches for these vulnerabilities as part of iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, watchOS 26.1, visionOS 26.1, and Safari 26.1. Users are urged to update their devices for optimal protection, even though none of the highlighted vulnerabilities have been reported as exploited in the wild.

The emergence of Big Sleep, formerly known as Project Naptime, reflects an ongoing collaboration between Google DeepMind and Google Project Zero aimed at automating the discovery of security vulnerabilities.

Earlier in the year, Big Sleep had already identified a vulnerability in SQLite, underscoring its potential in enhancing cybersecurity measures. This situation illustrates the dual-edged nature of AI in cybersecurity: while it can significantly strengthen defenses by identifying flaws, it also highlights the persistent risks associated with software vulnerabilities.