Google DeepMind is introducing CodeMender, an AI agent developed to autonomously detect and repair software security vulnerabilities. Over the past six months, CodeMender has already contributed 72 security fixes to open-source projects, showcasing its potential to alleviate the burden on developers amidst the rise of AI-driven vulnerability identification.
CodeMender proactively rewrites code to eliminate entire classes of security flaws, leveraging Google’s Gemini Deep Think models to debug and resolve intricate security issues with a high degree of autonomy. The system uses program analysis, and a multi-agent architecture to manage specific aspects of a problem. It also incorporates a validation process to ensure the accuracy of the modifications and prevent the introduction of new issues.
Currently, human review precedes all CodeMender patch submissions to open-source projects. Google DeepMind intends to scale up the number of submissions and eventually release CodeMender as a public tool.