Particle.news
Download on the App Store
3 ARTICLES
·
4h ago

Google DeepMind Introduces CodeMender to Auto‑Patch Open‑Source Flaws

Early results include 72 upstream fixes under human review with a cautious ramp‑up planned.

Image
Screenshot for CodeMender AI is the new sheriff for open-source code

Overview

  • CodeMender acts both reactively by patching newly found vulnerabilities and proactively by rewriting code to eliminate classes of bugs.
  • It leverages Gemini Deep Think models alongside static and dynamic analysis, fuzzing, differential testing, SMT solvers, a debugger and a source browser.
  • A multi‑agent validation flow uses an LLM‑based critique tool to spot regressions and guide self‑corrections before any human sign‑off.
  • DeepMind reports 72 security fixes upstreamed to open‑source projects over six months, including codebases up to 4.5 million lines.
  • In proactive testing, CodeMender applied -fbounds-safety annotations to libwebp, which the team says would have made the CVE‑2023‑4863 exploit unexploitable.