"DeepMind said the AI agent is designed to be both reactive and proactive, by fixing new vulnerabilities as soon as they are spotted as well as rewriting and securing existing codebases with an aim to eliminate whole classes of vulnerabilities in the process. "By automatically creating and applying high-quality security patches, CodeMender's AI-powered agent helps developers and maintainers focus on what they do best - building good software," DeepMind researchers Raluca Ada Popa and Four Flynn said."
"CodeMender, under the hood, leverages Google's Gemini Deep Think models to debug, flag, and fix security vulnerabilities by addressing the root cause of the problem, and validate them to ensure that they don't trigger any regressions. The AI agent, Google added, also makes use of a large language model (LLM)-based critique tool that highlights the differences between the original and modified code in order to verify that the proposed changes do not introduce regressions, and self-correct as required."
CodeMender automatically detects, patches, and rewrites vulnerable code to prevent future exploits and eliminate entire classes of vulnerabilities. The agent operates both reactively—fixing newly discovered vulnerabilities—and proactively—refactoring existing codebases to harden them. Under the hood, CodeMender uses Google's Gemini Deep Think models to debug, flag, and fix vulnerabilities while addressing root causes and validating changes to avoid regressions. An LLM-based critique tool highlights differences between original and modified code to verify proposed changes and enable self-correction. Over six months, 72 security fixes were upstreamed to open-source projects, and maintainers of critical projects will be contacted for feedback.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]