"On October 6, the company announced the AI agent CodeMender. The agent was developed by Google DeepMind and uses advanced Gemini models to detect and repair security issues in software automatically. According to Google, the agent can independently analyze vulnerabilities, identify the underlying cause, and generate a proposed fix. The proposed patches are then checked by separate AI systems that function as automatic reviewers. Only then does an assessment by human developers follow."
"Additional reporting from SiliconANGLE indicates that CodeMender has already submitted 72 patches to open-source projects, covering more than 4.5 million lines of code. The technology is used both to fix existing bugs and to restructure code so that certain categories of vulnerabilities can no longer occur. In a demonstration, the AI was applied to the libwebp library. Here, CodeMender added extra security annotations to prevent buffer overflows."
Google introduced CodeMender, an AI agent from Google DeepMind that leverages Gemini models to detect, analyze, and propose fixes for software security vulnerabilities automatically. Proposed patches undergo automated review by separate AI systems and a final assessment by human developers. CodeMender has submitted 72 patches covering over 4.5 million lines of open-source code and can both fix bugs and restructure code to prevent vulnerability classes. The system combines static and dynamic analysis, fuzzing, and symbolic reasoning, and includes an LLM judge control layer to verify functionality and enable self-correction. Google also launched an AI Vulnerability Reward Program, consolidating AI-related reporting rules and rewards, with over $430,000 previously paid in AI-related rewards.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]