What it is
Big Sleep is an AI-assisted vulnerability research agent developed by Google DeepMind and Google Project Zero. It evolved from Project Naptime, a research framework built to evaluate offensive security capabilities of large language models in workflows that resemble human vulnerability research.
The public record begins with the November 2024 Project Zero write-up of an exploitable SQLite stack buffer underflow found before release. The record then expands into CVE-bearing advisories in SQLite, Chrome V8, and Apple WebKit.
What is verified
The strongest entries are direct upstream credits: Chrome release notes and Apple security advisories that name Google Big Sleep, plus Google and Project Zero posts describing SQLite findings.
This profile does not count private findings, unpublished issue tracker entries, or rumors. Google says Big Sleep has discovered multiple real-world vulnerabilities; this index counts only the ones visible in public advisories or research posts.
Why it matters
Big Sleep is the best-documented case that AI-assisted vulnerability discovery has moved from benchmark performance into accepted product-security workflows. It is also a useful counterweight to hype: the strongest results pair model reasoning with source access, tooling, variant-analysis framing, threat intelligence, and human disclosure discipline.