One big promise of AI-assisted cybersecurity is that it can help security researchers find zero-day vulnerabilities before they become big problems. And it seems Google's Project Zero has done just that.
As Forbes reports, Google used its Naptime large language model (LLM) to catch a zero-day vulnerability in real-world code -- a first. Or, at least, a first that's been revealed publicly.
In an announcement last Friday, November 1, Google’s Project Zero blog confirmed that the Project Naptime LLM-assisted security vulnerability research framework has evolved into Big Sleep.
"This collaborative effort involving some of the very best ethical hackers, as part of Project Zero, and the very best AI researchers, as part of Google DeepMind, has developed a large language model-powered agent that can go out and uncover very real security vulnerabilities in widely used code," Forbes said. "In the case of this world first, the Big Sleep team says it found “an exploitable stack buffer underflow in SQLite, a widely used open source database engine.”
The zero-day vulnerability was reported to the SQLite development team in October, and the flaw was fixed the same day, Forbes reported. “We found this issue before it appeared in an official release,” the Big Sleep team from Google said in the piece, “so SQLite users were not impacted.”
As always, drop me a line at [email protected] if you have news to share or want to say hi!
Grab your coffee. Here's what you need to know today.
Today’s Tech, Channel and MSP News
1. Evergreen makes two new MSP acquisitions: Evergreen today announced its most recent acquisitions of the managed service providers (MSPs) PCG IT and Netranom. PCG IT, founded in 1996, provides managed IT and managed security solutions to customers in Maine, New Hampshire and Massachusetts. Netranom, founded in 1998 and based in Hurricane, West Virginia, provides managed IT services, consulting and support to SMB customers in its region. These acquisitions are important landmarks in Evergreen’s push to own 100 MSPs and further highlight its commitment to fostering growth and continued innovation within the MSP ecosystem, the firm said in a statement. Both MSPs were looking for a permanent home and decided on the Evergreen/Lyra umbrella. Evergreen will hold a two-day event at ConnectWise's upcoming IT Nation Connect event to announce the acquisitions.
2. TEKsystems partners with Google Cloud to accelerate AI: TEKsystems Global Services is entering a strategic partnership agreement with Google Cloud to help customers achieve greater agility and scalability through IP-driven services, the company said in a statement. The partnership will help businesses scale adoption of Google Cloud generative AI, applied AI and cloud solutions. TEKsystems Global Services will continue to work closely with Google Cloud to deliver end-to-end cloud transformation services, ensuring seamless transitions and continuous optimizations. TEKsystems Global Services is also a generative AI launch partner and was one of the first partners to achieve the Contact Center AI services specialization.
3. N-able adds immutability from Cove: N‑able last week announced it has updated its solution with Fortified Copies from Cove Data Protection. With this update, Cove has taken a fresh approach to backup immutability—adding another layer of protection for servers, workstations, and Microsoft 365 backups. Immutability is built into the Cove architecture as an automatic feature, with no additional management or cost impact.
4. Climb Channel Solutions partners with Fortra: Specialty tech distributor Climb Channel Solutions, a wholly owned subsidiary of Climb Global Solutions, Inc., announced last week a North American partnership with Fortra. Fortra provides full-attack-chain cybersecurity solutions. Through this partnership, Climb North American VARs and MSPs have access to Fortra’s entire portfolio, which includes solutions covering digital risk and email protection, managed file transfer, data protection, infrastructure protection, managed security services, security awareness training, and automation.
5. Everfox acquires Yakabod: Insider risk management and solutions provider Everfox, which serves government, defense and critical infrastructure clients (formerly Forcepoint Federal), has announced the acquisition of Yakabod to strengthen the company’s insider risk platform as well as its comprehensive suite of defense-grade, cross-domain and threat protection solutions, the company said in a statement. The addition of Yakabod’s technology to Everfox’s EverShield insider risk platform will enable a comprehensive and secure oversight of case data, bolstering the integrity and effectiveness of insider inquiries, responses, and processes. This is the company’s second acquisition this year, Garrison Technology being the first.
In-Person MSP and Channel Partner Events
- Ingram Micro One, November 6-8, Gaylord Resort, Washington DC
- IT Nation Connect, November 6-8, Orlando, Florida
- OpenText World, November 19-21, The Venetian Resort, Las Vegas, Nevada
- AWS re:Invent 2024, December 2-6, Las Vegas, Nevada
