Google Uses AI to Discover 20-Year-Old Software Bug – PCMag
Google recently used an AI program to help it discover a software bug thats persisted in an open-source software project for the past two decades.
The software bug is among 26 vulnerabilities Google recently identified with the help of a ChatGPT-like AI tool, the company said in a blog post on Wednesday.
Google discovered the vulnerabilities through an approach called "fuzz testing," which involves feeding a software program random data to see if itll crash and then diagnosing the problem. Last year, the companystartedan effort to use large language models to write the fuzz testing code, offloading the work from humans who previously had to conduct the fuzz testing manually.
Our approach was to use the coding abilities of an LLM to generate more fuzz targets, Googles Open Source Security Team wrote in Wednesdays blog post. LLMs turned out to be highly effective at emulating a typical developers entire workflow of writing, testing, and iterating on the fuzz target, as well as triaging the crashes found.
An example of how the LLM does fuzz testing. (Credit: Google)
Since then, Google has applied the AI tool for fuzz testing across 272 software projects, which led it to discover the 26 vulnerabilities, including a 20-year-old bug found in OpenSSL, which is widely used to provide encryption and server authentication for internet connections.
"We reported this vulnerability on September 16 and a fix was published on October 16. As far as we can tell, this vulnerability has likely been present for two decades and wouldnt have been discoverable with existing fuzz targets written by humans," researchers added.
The 20-year-old bug, dubbed CVE-2024-9143, involves the software triggering an "out-of-bounds memory access," which can cause the program to crash or, in rare cases, execute rogue computer code. Fortunately, the bug is low severity due to the minimal risk of the out-of-bounds memory access executing a dangerous process.
Still, Google theorizes the bug went undiscovered because the specific code was presumed to be thoroughly tested and vetted. Code coverage as a metric isnt able to measure all possible code paths and statesdifferent flags and configurations may trigger different behaviors, unearthing different bugs," researchers said. "These examples underscore the need to continue to generate new varieties of fuzz targets even for code that is already fuzzed."
Going forward, Google's Open Source Security Team is working to make the LLMs suggest a patch for any bugs found during the fuzzing process. Another goal is "to get to a point where we're confident about not requiring human review," the team said. "This will help automatically report new vulnerabilities to project maintainers."
The effort joins another Google AI project, dubbed "Big Sleep," which also involves finding security vulnerabilities by using LLMs to mimic the workflow of a human security researcher. Earlier this month, the company said Big Sleep was smart enough to discover a previously unknown and exploitable bug in SQLite, an open-source database engine.
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
I've been working as a journalist for over 15 yearsI got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017.
Read Michael's full bio
Read more:
Google Uses AI to Discover 20-Year-Old Software Bug - PCMag
- How to Make a Homemade Bed Bug Killer Spray With Vinegar - December 22nd, 2024
- Sixty Years Ago, We Nearly Wiped Out Bed Bugs. Then, They Started Changing - December 22nd, 2024
- Norovirus: Symptoms, Prevention, and When to See a Doctor | NGPG - December 22nd, 2024
- Man arrested after posting video of himself spraying bug killer on ... - December 22nd, 2024
- How to get rid of bed bugs in apartment buildings - Rentokil - December 22nd, 2024
- Video shows man spraying bug spray on produce, chicken at AZ Walmart - December 22nd, 2024
- Bug Ego - Wikipedia - December 22nd, 2024
- DHHS Workers, Administration Disagree on Whether Bed Bugs Are Rampant - Midcoast Villager - December 22nd, 2024
- How to use cinnamon to get rid of household pests - Ideal Home - December 22nd, 2024
- Sixty Years Ago, We Nearly Wiped Out Bed Bugs. Then, They Started Changing - ZME Science - December 20th, 2024
- Bedbugs Are Stronger Than Ever and Scientists Just Found Out Why - VICE - December 20th, 2024
- Bed Bugs & Dirty Clothes - PCT Online - December 20th, 2024
- Biologists Discover What Makes Bed Bugs Uniquely Hard to Kill With Insecticides - Gizmodo - December 20th, 2024
- Bug Tech selects single mother as its free bed bug treatment recipient - KLBK | KAMC | EverythingLubbock.com - December 18th, 2024
- Bed Bugs | Backyard Farmer | Nebraska - byf.unl.edu - December 17th, 2024
- Hotel Worker Reveals the Telltale Sign of Bed Bugs in Your Hotel Room Mattress - Green Matters - December 17th, 2024
- She Tells Her Sister To Be Careful About Visiting Their Parents Bed Bug Infested House, But Her Sister Thinks Shes Just Being Paranoid - Twisted... - December 13th, 2024
- She Tells Her Sister To Be Careful About Visiting Their Parents Bed Bug Infested House, But Her Sister Thinks Shes Just Being Paranoid - Twisted... - December 13th, 2024
- Sacrifice and Survival - PCT Online - December 13th, 2024
- Sacrifice and Survival - PCT Online - December 13th, 2024
- Do bed bugs have a favorite colour? - The Indian Express - December 13th, 2024
- Do bed bugs have a favorite colour? - The Indian Express - December 13th, 2024
- John Mulaney accidentally texted Miguel about having bed bugs instead of his director: 'I have red bites' - Entertainment Weekly News - December 11th, 2024
- John Mulaney accidentally texted Miguel about having bed bugs instead of his director: 'I have red bites' - Entertainment Weekly News - December 11th, 2024
- Myrtle Beach area resort infested with bed bugs, new SC lawsuit alleges. Here are the details - Myrtle Beach Sun News - December 11th, 2024
- Myrtle Beach area resort infested with bed bugs, new SC lawsuit alleges. Here are the details - Myrtle Beach Sun News - December 11th, 2024
- Myrtle Beach area resort infested with bed bugs, new SC lawsuit alleges. Here are the details - SCNow - December 11th, 2024
- Myrtle Beach area resort infested with bed bugs, new SC lawsuit alleges. Here are the details - SCNow - December 11th, 2024
- Residents in housing block say they are 'living in hell' over 'bed bug epidemic' - MSN - December 11th, 2024
- Myrtle Beach area resort infested with bed bugs, new SC lawsuit alleges. Here are the details - Yahoo! Voices - December 9th, 2024
- Residents in housing block say they are 'living in hell' over 'bed bug epidemic' - Metro.co.uk - December 9th, 2024
- Are bed bugs attracted to certain colours? - The Indian Express - December 6th, 2024
- Alexandria Eberhardt on Ireland, bed bugs, and that hilarious time a soft serve swirl cone was simply not possible - The Boston Globe - December 6th, 2024
- ITCHY? New Jersey is Literally Surrounded by Bed Bugs - Here's Where - 943thepoint.com - December 6th, 2024
- Bedbugs Could Be More Horrifying Than You Think - The Atlantic - December 4th, 2024
- Huge bed bugs infestation in Tenerife as Brits warned of 'horrendous' conditions - The Mirror - December 4th, 2024
- Tower block tenants trapped in 'living nightmare' by bed bug infestations: 'I'm riddled with them' - The Big Issue - December 4th, 2024
- Gestion Supreme is Bringing Advanced Pest Control Solutions to the Greater Montreal Area - EIN News - December 4th, 2024
- Bed bugs blighted London's hospitals more than 500 times over a 7-year period - Metro.co.uk - December 4th, 2024
- Affordable Bed Bug Exterminators Wins the 2024 Quality Business - openPR - December 3rd, 2024
- Jet2 holidaymakers forced to bin luggage and fumigate house after claiming bed bugs 'followed' them back to UK - NationalWorld - December 3rd, 2024
- Stalker 2: How to Fix Hot on the Trail Bug - Prima Games - December 1st, 2024
- Question of the Week Spined Soldier Bug - December 1st, 2024
- Roblox Rivals update 7 patch notes: New weapons, bug ... - Destructoid - December 1st, 2024
- Bug (Breaking Bad) - Wikipedia - November 29th, 2024
- How to fix the STALKER 2 save bug SiegeGG - November 29th, 2024
- New York Enacts Law Mandating Landlord Notifications for Bed Bug Infestations within 72 Hours - Hoodline - November 29th, 2024
- Bugs in her body: Disturbing details revealed as 3 charged in death of Brockton woman face judge - Yahoo! Voices - November 29th, 2024
- Ongoing bed bug issue at a Timmins apartment building is 'like living in hell' - CTV News Northern Ontario - November 29th, 2024
- Bed bug battle continues in Timmins - CTV News Northern Ontario - November 29th, 2024
- Nasty bed bugs ruined couples vacation and followed them home (Video) - New York Post - November 26th, 2024
- There's a new law for New York landlords about bed bug infestations: What to know - NBC New York - November 26th, 2024
- Womans body had to be surgically removed from cockroach and feces-infested mattress after her skin got ... - The US Sun - November 26th, 2024
- Elderly woman dies after being surgically removed from mattress infested with cockroaches and bedbugs - The Mirror - November 26th, 2024
- 3 of Idahos Favorite Holiday Destinations Are Crawling With Bed Bugs - 107.9 LITE FM - November 26th, 2024
- New law requires NY landlords to notify tenants of bed bugs within 72 hours - Brick Underground - November 26th, 2024
- New York passes law requiring landlords to notify tenants of bed bug infestations - FOX 5 New York - November 26th, 2024
- Effective ways to manage bed bug bites this summer - IOL - November 26th, 2024
- New law forces landlords to notify tenants of bed bug infestations in NY - MSN - November 26th, 2024
- The One Piece of Bedding That Can Make Your Mattress Last for Years - Yahoo Life - November 26th, 2024
- Elderly woman surgically removed from mattress infested with cockroaches, bedbugs and feces - The Mirror US - November 26th, 2024
- Beating the bugs - FMJ - November 26th, 2024
- Your NY landlord is now required to tell you there are bedbugs in the building within 72 hours of discovery - Time Out - November 26th, 2024
- Ambush Bug - Wikipedia - November 25th, 2024
- New law forces landlords to notify tenants of bed bug infestations in NY - PIX11 New York News - November 25th, 2024
- Bed Bug Bites: Pictures, Symptoms, Treatment & Prevention - Life Pathdoc - November 25th, 2024
- New law forces landlords to notify tenants of bed bug infestations in NY - AOL - November 25th, 2024
- NY to require landlords to notify tenants of bedbugs within 72 hours - Gothamist - November 25th, 2024
- 3 charged in death of elderly woman found stuck to mattress infested with cockroaches, bedbugs and feces: Prosecutors - Law & Crime - November 25th, 2024
- 3 Mass. women charged after woman covered in feces and bugs dies - MassLive.com - November 25th, 2024
- University dining hall inspected after bug found in food - November 23rd, 2024
- Sui Network Back Up After Scheduling Bug Leads to Two-Hour ... - CoinDesk - November 23rd, 2024
- Bed bug infestation in Essex assisted living rooms as residents handed 342 bill - Daily Gazette - November 23rd, 2024
- Bug Bounty Basics - Pluralsight - November 23rd, 2024
- How-to Guide: Getting Rid of Bed Bugs Beyond the Beehive - The Independent - November 23rd, 2024
- From Iceland Cockroach And Bed Bug Population Escalating In Iceland - Reykjavk Grapevine - November 21st, 2024
- AAD Reading Room | Fresh Guidance on Scabies, Bedbugs, and Body Lice - Medpage Today - November 21st, 2024
- This is the latest holiday hotspot 'plagued' by bed bugs - what's caused the surge? - NationalWorld - November 21st, 2024
- Rise of the Resistance - PCT Online - November 19th, 2024
- 'Plague of bed bugs' hit holiday hotspot and British tourists but hotel owners say other guests brought the pe - Daily Mail - November 17th, 2024