As cyberattacks become more refined, tools are also used to stop them. Google has recently identified Big Sleep, an AI agent, and revealed that it blocked major security threats before launching.
Developed by Google's DeepMind and the Project Zero team, Big Sleep is an AI-powered agent designed to actively scan unknown vulnerabilities. The job is to go ahead with the hackers by finding warning signs and acting before using the exploit, rather than responding to the attack after the damage has occurred.
According to Google CEO Sundar Pichai, Big Sleep helped detect and neutralize what the company described as “immediate exploitation.” One of its biggest breakthroughs came when it revealed a vulnerability in SQLite, a widely used database engine. The flaws could have been exploited on a large scale, but big sleep was flagged early and allowed Google to intervene before it became a threat.
This represents a major change in cybersecurity strategies. Traditionally, defense teams had to act reactively and patched the system after a violation occurred. With tools like Big Sleep, the process becomes aggressive and predicts an attack before it occurs.
Google first introduced Big Sleep in 2023, and by November 2024 it had already documented its first real-world security discoveries. The company has since published a white paper outlining how privacy and responsible AI principles are embedded in the agent's design. The Issue Tracker page also shares updates on vulnerabilities discovered and fixed by AI.
In addition to Big Sleep, Google is developing other AI-powered defense tools, such as facades (fast and accurate context anomaly detection) and Timesketch, a collaborative digital forensics platform. Together, these tools aim to give defenders a real-time advantage in combating increasingly complex cyber threats.
As AI agents evolve, Google believes this could become a turning point. The machine not only supports human teams, but also leads to preventing attacks completely.
