Google CEO Sundar Pichai on Tuesday revealed that the company’s autonomous security agent, Big Sleep, has for the first time detected and disrupted a live cyber exploit before it could be carried out.
Announced in a post on X, Pichai described the milestone as “a first for an AI agent, definitely not the last.”
“Big Sleep helped us detect and foil an imminent exploit. We believe this is a first for an AI agent, definitely not the last, giving cybersecurity defenders new tools to stop threats before they’re widespread,” Pichai wrote.
Google’s AI Agent: Big Sleep
Big Sleep, a collaboration between Google DeepMind and Project Zero, was introduced last year. It is designed to autonomously scan and uncover previously unknown software vulnerabilities. In November 2024, Big Sleep was able to find its first real-world security vulnerability, showing the potential of AI to plug security holes before they impact users.
Most recently, based on intel from Google Threat Intelligence, the Big Sleep agent discovered an SQLite vulnerability (CVE-2025-6965), a critical security flaw known only to threat actors and at risk of being exploited. Through the combination of threat intelligence and Big Sleep, Google was able to predict that a vulnerability was imminently going to be used and cut it off beforehand.
This instance could possibly be the first time an AI agent has been used to directly foil efforts to exploit a vulnerability in the wild.
In a company blog post, Google emphasised that Big Sleep’s achievements extend far beyond its own products. The agent is now being deployed to audit and harden widely used open-source projects, accelerating security fixes across the broader software ecosystem.
“These cybersecurity agents are a game changer,” the post stated. “By automating routine vulnerability research, they free up human teams to focus on high-complexity threats, dramatically scaling their impact and reach,” Google said.
Potential Risks
Recognising the power and potential risks of autonomous AI tools, Google also published a white paper detailing its “secure-by-design” approach to AI agents. The document outlines safeguards to ensure Big Sleep operates under strict human oversight, with transparent decision-logging and privacy protections designed to prevent unintended or rogue actions.
As cyber threats grow in sophistication and speed, Big Sleep’s success represents a pivotal shift from reactive patching to proactive threat prevention. By identifying and neutralising vulnerabilities before they can be exploited, AI agents like Big Sleep promise to redefine the front line of cybersecurity, setting a new standard for how organisations defend against tomorrow’s attacks.
