Google said its large-language-model researcher “Big Sleep,” developed by DeepMind and the Project Zero security team and powered by the company’s Gemini models, has autonomously uncovered 20 previously unknown security flaws in popular open-source software including the FFmpeg audio-video library and the ImageMagick image-editing suite. Project Zero engineers verified each report, but the AI agent found and reproduced every bug on its own, according to Vice President of Security Heather Adkins. Technical details of the vulnerabilities are being withheld under Google’s 90-day disclosure policy while maintainers prepare patches, yet executives called the first haul evidence of “a new frontier in automated vulnerability discovery.” The company plans to discuss the work at the Black Hat USA and DEF CON 33 conferences later this month. Less than 48 hours after announcing the discoveries, Google released Gemini CLI GitHub Actions in public beta. The no-cost service can label issues, review pull requests and carry out delegated development tasks inside GitHub repositories. It uses workload-identity federation and command allow-listing to restrict privileges, addressing security concerns raised by earlier coding-agent incidents. Competition in AI-driven software security is intensifying. Anthropic on 6 August added automated vulnerability scanning to its Claude Code platform, offering terminal commands and GitHub actions that flag risks such as SQL injection and server-side request forgery. The parallel launches highlight how leading AI developers are racing to deploy their own models both to accelerate programming and to secure the expanding volume of AI-generated code.