Embedded Files
Published Date : 8/10/2025
Google's DeepMind division has announced the launch of CodeMender, an AI-powered agent that automatically detects, patches, and rewrites vulnerable code to prevent future exploits.
Google's DeepMind division has announced the launch of CodeMender, an AI-powered agent that automatically detects, patches, and rewrites vulnerable code to prevent future exploits.
Google's DeepMind division has announced the launch of CodeMender, an AI-powered agent designed to automatically detect, patch, and rewrite vulnerable code to prevent future exploits. This innovative solution is part of Google's ongoing efforts to enhance AI-powered vulnerability discovery, building on previous projects like Big Sleep and OSS-Fuzz.
The AI agent is designed to be both reactive and proactive. It fixes new vulnerabilities as soon as they are identified and rewrites existing codebases to eliminate entire classes of vulnerabilities. According to DeepMind researchers Raluca Ada Popa and Four Flynn, CodeMender helps developers and maintainers focus on what they do best—building good software—by automating the process of creating and applying high-quality security patches.
Over the past six months, CodeMender has already upstreamed 72 security fixes to open-source projects, including some as large as 4.5 million lines of code. Under the hood, CodeMender leverages Google's Gemini Deep Think models to debug, flag, and fix security vulnerabilities by addressing the root cause of the problem and ensuring that the proposed changes do not introduce regressions.
The AI agent also uses a large language model (LLM)-based critique tool to highlight differences between the original and modified code, verifying that the changes are valid and self-correcting as needed. Google has also expressed its intention to reach out to maintainers of critical open-source projects to solicit feedback on CodeMender-generated patches, ensuring the tool can be used to keep codebases secure.
In addition to CodeMender, Google has announced the AI Vulnerability Reward Program (AI VRP), which offers rewards of up to $30,000 for reporting AI-related issues in its products, such as prompt injections, jailbreaks, and misalignment. This program aims to enhance the security of AI systems and address potential vulnerabilities.
Google has also introduced a second iteration of its Secure AI Framework (SAIF) to focus on agentic security risks, such as data disclosure and unintended actions, and the necessary controls to mitigate them. The company is committed to using AI to enhance security and safety, giving defenders an advantage against cybercriminals, scammers, and state-backed attackers.
The development of CodeMender and the AI VRP reflects Google's dedication to using advanced technology to improve the security of software and protect users from potential threats. By automating the process of vulnerability detection and patching, CodeMender aims to make the software development process more efficient and secure for developers and maintainers alike.
Frequently Asked Questions (FAQS):
Frequently Asked Questions (FAQS):
Q: What is CodeMender?
A: CodeMender is an AI-powered agent developed by Google's DeepMind division that automatically detects, patches, and rewrites vulnerable code to prevent future exploits.
Q: How does CodeMender work?
A: CodeMender uses Google's Gemini Deep Think models to debug, flag, and fix security vulnerabilities by addressing the root cause of the problem and ensuring that the proposed changes do not introduce regressions.
Q: What are the benefits of using CodeMender?
A: CodeMender helps developers and maintainers focus on building good software by automating the process of creating and applying high-quality security patches, thus enhancing the security of codebases.
Q: What is the AI Vulnerability Reward Program (AI VRP)?
A: The AI VRP is a program by Google that offers rewards of up to $30,000 for reporting AI-related issues in its products, such as prompt injections, jailbreaks, and misalignment, to enhance the security of AI systems.
Q: What is the Secure AI Framework (SAIF)?
A: The Secure AI Framework (SAIF) is a framework developed by Google to focus on agentic security risks, such as data disclosure and unintended actions, and the necessary controls to mitigate them.
More Related Topics :
More Related Topics :
Page updated
Report abuse