The variety of Chrome vulnerabilities found by Google has surged over the previous month, doubtless pushed by the corporate’s use of AI.
Chrome security advisories printed by Google in late March and early April talked about a handful of vulnerabilities “reported by Google”, however the quantity elevated to 16 for the Chrome replace launched on April 15 and 21 for the replace issued on April 28.
The variety of vulnerabilities discovered by Google surged to 100 within the advisory printed on Might 5. Greater than 70 vulnerabilities patched within the two most up-to-date Chrome releases have been discovered internally by the tech big.
Whereas Google has not particularly stated the vulnerabilities have been found utilizing AI, the timing of the surge and different features counsel that synthetic intelligence is accountable.
When it lately introduced decreasing Chrome bug bounties, Google famous that AI and automation have been serving to its groups transfer “at an unprecedented charge – remediating dangers extra successfully than ever earlier than.”
“The newest developments in AI from Google and the broader business have made it considerably simpler to take a check case and clarify the basis trigger, suggest an appropriate repair, and to search out variants of recognized issues,” Google stated.
Different main organizations have additionally reported surges in vulnerability discovery due to using third-party or inside AI instruments.
Mozilla, as an illustration, discovered over 270 Firefox vulnerabilities with assistance from Anthropic’s new Claude Mythos mannequin. Microsoft and Palo Alto Networks have additionally discovered many vulnerabilities of their merchandise utilizing superior AI vulnerability discovery instruments.
It’s unclear which AI mannequin might have been utilized by Google to find the Chrome vulnerabilities. Google is considered one of roughly 50 organizations granted entry to Claude Mythos.
Google has additionally been working by itself AI-powered vulnerability discovery instruments, comparable to Large Sleep and CodeMender.
“CodeMender is an AI code security agent, initially developed by Google DeepMind. Leveraging Agent Platform capabilities and superior Gemini fashions, CodeMender autonomously identifies vulnerabilities inside your code,” Google stated in a weblog publish this week.
“It then recommends exact fixes, securely assessments them, and may apply patches and crucial modifications throughout dependent programs, together with your approval. This complete course of automates safe deployment whereas making certain your builders retain management,” it added.
The tech big might have leveraged AI instruments which can be used solely internally.
Google has not responded to information.killnetswitch’s questions relating to the precise variety of vulnerabilities found by AI in Chrome and which mannequin or software has been used to search out the failings.
