"Google DeepMind has introduced an AI agent that automatically found and fixed software vulnerabilities in open source projects, submitting 72 security patches over the past six months to codebases including some as large as 4.5 million lines of code."
"The tool, called CodeMender, uses Gemini Deep Think models to create an autonomous agent capable of debugging and fixing complex security flaws, Raluca Ada Popa, senior staff research scientist at Google's DeepMind, and Fionn Flynn, VP of Security and Privacy at Google DeepMind, wrote in a blog post."
""Software vulnerabilities are notoriously difficult and time-consuming for developers to find and fix, even with traditional, automated methods like fuzzing," Popa and Flynn wrote in the post. "As we achieve more breakthroughs in AI-powered vulnerability discovery, it will become increasingly difficult for humans alone to keep up.""
CodeMender automatically found and fixed software vulnerabilities in open source projects, submitting 72 security patches over six months. The agent operated on codebases including repositories as large as 4.5 million lines of code. CodeMender leverages Gemini Deep Think models to run an autonomous debugging and remediation agent for complex security flaws. The system can scale to large repositories and complement or exceed traditional automated techniques such as fuzzing. CodeMender reduces developer time spent identifying and patching vulnerabilities by autonomously producing fixes that can be submitted to upstream projects. AI-driven vulnerability discovery will increasingly challenge human-only processes.
Read at CSO Online
Unable to calculate read time
Collection
[
|
...
]