"Over the past six months, the system has already contributed 72 verified fixes to open-source projects, some in codebases exceeding four million lines. According to the research team, CodeMender uses large reasoning models alongside static and dynamic analysis, fuzzing, and symbolic solvers to reason about a program's behavior. When it identifies a flaw, it generates candidate patches and runs automated checks to ensure they fix the root cause without breaking existing functionality or introducing regressions. Only validated fixes are then surfaced for human review and upstream submission."
"Early examples include repairing a heap-buffer overflow traced to XML stack handling errors and resolving a complex object-lifetime bug through non-trivial code modifications. The system also supports proactive hardening: in one case, CodeMender automatically added safety annotations to the widely used libwebp image library to prevent certain buffer overflow attacks from ever being exploitable again. Community reactions have been optimistic."
CodeMender is an AI-driven agent that integrates large reasoning models with static and dynamic analysis, fuzzing, and symbolic solvers to detect and repair software vulnerabilities automatically. The system generates candidate patches, runs automated checks to verify fixes address root causes and avoid regressions, and surfaces only validated repairs for human review and upstream submission. Over six months the system contributed seventy-two verified fixes to open-source projects, including large codebases exceeding four million lines. Demonstrated repairs include fixing a heap-buffer overflow in XML stack handling, resolving a complex object-lifetime bug, and adding safety annotations to libwebp to prevent future buffer overflows.
#ai-driven-security #automated-vulnerability-repair #static-and-dynamic-analysis #open-source-patches
Read at InfoQ
Unable to calculate read time
Collection
[
|
...
]