Particle.news
Download on the App Store
6 ARTICLES
·
2d ago

DeepMind Introduces CodeMender, an Autonomous Agent to Fix Software Vulnerabilities

Every AI‑generated patch is being reviewed by human researchers during a cautious pilot with open‑source maintainers.

what is google codemender ai agent
Image
Image
Screenshot for CodeMender AI is the new sheriff for open-source code

Overview

  • DeepMind reports CodeMender has upstreamed 72 security fixes to open‑source projects over six months, including large codebases of 4.5 million lines.
  • Powered by Gemini Deep Think models, the agent performs root‑cause analysis and generates patches that are automatically checked for correctness and regressions.
  • The system combines static and dynamic analysis, differential testing, fuzzing and SMT solvers, and uses an LLM‑based critique agent to validate changes.
  • Beyond bug fixes, CodeMender proactively hardens code, including applying -fbounds-safety annotations to parts of libwebp, which DeepMind says would have blocked the CVE‑2023‑4863 exploit.
  • Google also launched an AI Vulnerability Reward Program and updated its Secure AI Framework to SAIF 2.0, with reports differing on the VRP’s maximum payout.