Out of a Record.media story where Google “Big Sleep” AI tool found a vulnerability that was not yet uncovered.
The white paper referenced by Google discusses how to use AI agents in a hybrid defense in depth approach:
Building on well-established principles of secure software and systems design, and in alignment with Google’s
Secure AI Framework (SAIF),2 Google is advocating for and implementing a hybrid approach, combining the
strengths of both traditional, deterministic controls and dynamic, reasoning-based defenses. This creates
a layered security posture—a “defense-in-depth approach”3—that aims to constrain potential harm while
preserving maximum utility. This strategy is built upon three core security principles detailed later in this
document.
This paper first explains the typical workflow of an AI agent and its inherent security touchpoints. It then
addresses key risks agents pose, introduces core security principles, and details Google’s hybrid defense-
in-depth strategy. Throughout, guiding questions are suggested to help frame your thinking. A forthcoming,
comprehensive whitepaper will delve deeper into these topics, offering more extensive technical details and
mitigations
Key risks associated with AI agents
We think the inherent design of agents, combined with their powerful capabilities, can expose users to two
major risks, what we call rogue actions and sensitive data disclosure. The following section examines these
two risks and methods attackers use to realize them.
The white paper continues to catalog several of the risks:
1. Rogue actions
2. Sensitive data disclosure
Then the Core Principles for agent security including 1. well defined human controllers and 2. Agent must have limitations and 3. Agent actions must be observable.
Controls: Effective Agent Observability controls are crucial, necessitating infrastructure investments in
secure, centralized logging systems and standardized APIs that clearly characterize action properties and
potential side effects.
This effort for the first time produced a new find , a vulnerability in SQLite(from Record Media story):
On Tuesday, Google said Big Sleep managed to discover CVE-2025-6965 — a critical security flaw that Google said was “only known to threat actors and was at risk of being exploited.”
The vulnerability impacts SQLite, an open-source database engine popular among developers. Google claims it was “able to actually predict that a vulnerability was imminently going to be used” and was able to cut it off beforehand.
A Google spokesperson told Recorded Future News that the company’s threat intelligence group was “able to identify artifacts indicating the threat actors were staging a zero day but could not immediately identify the vulnerability.”
The Hybrid Defense in depth strategy is a strategy to enforce boundaries on AI agent’s operational environment.
As in my post previously: AI Errors or Hallucinations if you like the “hallucinations” or errors are built-in to AI.
Errors are therefore expected and must be resolved/corrected before damage occurs. So Google has designed this Hybrid strategy.
For Google finding vulnerabilities in the “wild” so to say i.e. in use in the world is a big deal. The sooner a vulnerability is found the sooner it can be found that the quicker it is fixed.
Because the patch cycle takes a while and creates large gaps in security. And we all know that the attackers have a major advantage in finding and exploiting vulnerabilities. As you can see I have discussed this in the past (10 years ago).
So we may have finally found a way… if you can properly box in the AI agent using this novel hybrid approach by Google.