Particle.news
Download on the App Store
5 ARTICLES
·
3d ago

Google DeepMind Launches CodeMender to Auto‑Fix Software Flaws, Plus New AI Security Programs

Human oversight keeps fixes conservative during a staged deployment.

Image
Image
Screenshot for CodeMender AI is the new sheriff for open-source code
Image

Overview

  • DeepMind says CodeMender has upstreamed 72 security fixes to open-source projects over six months, including patches in codebases as large as 4.5 million lines.
  • The agent pairs Gemini Deep Think reasoning with static and dynamic analysis, fuzzing, differential testing, SMT solvers, and an LLM-based critique tool to validate patches and reduce regressions.
  • A proactive example applied -fbounds-safety annotations to parts of libwebp, which DeepMind says would have prevented exploitation of the 2023 CVE-2023-4863 buffer overflow.
  • All patches currently undergo human researcher review before submission, with a gradual ramp in outreach to maintainers and an eventual goal of a developer-facing release.
  • Google also introduced a dedicated AI Vulnerability Reward Program with unified scope and rules, and expanded its Secure AI Framework to SAIF 2.0 with an agent risk map and a data donation to the Coalition for Secure AI.