Google’s artificial intelligence cybersecurity agent, “Big Sleep,” has been credited by Apple with discovering five new security flaws in the WebKit component of its Safari browser. These vulnerabilities, if exploited, could lead to browser crashes or memory corruption. Apple has released patches for these issues in its latest software updates.
Discovered Vulnerabilities
The discovered vulnerabilities include CVE-2025-43429, a buffer overflow issue; CVE-2025-43430, an unspecified vulnerability; CVE-2025-43431 and CVE-2025-43433, which could result in memory corruption; and CVE-2025-43434, a use-after-free vulnerability. These flaws were addressed through various improvements in bounds checking, state management, and memory handling by Apple.
Patched Software Updates
Apple released the patches on Monday as part of updates for iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, watchOS 26.1, visionOS 26.1, and Safari 26.1. The updates cover a range of Apple devices, including iPhones, iPads, Macs, Apple TVs, Apple Vision Pro, and Apple Watches.
“Big Sleep” AI Agent
“Big Sleep,” formerly known as Project Naptime, is an AI agent developed through a collaboration between Google DeepMind and Google Project Zero. Its purpose is to automate the discovery of vulnerabilities. This is not the first significant finding for the AI; it previously identified a security flaw in SQLite (CVE-2025-6965) that was deemed at risk of exploitation.
Implications and Recommendations
While Apple’s security bulletins indicate that none of the newly discovered WebKit vulnerabilities have been exploited in the wild, the incident highlights the growing role of AI in identifying security weaknesses. Users are advised to keep their devices updated to the latest software versions to ensure protection against potential threats.