Oct 07, 2025Ravie LakshmananArtificial Intelligence / Software program Safety
Google’s DeepMind division on Monday introduced a synthetic intelligence (AI)-powered agent known as CodeMender that routinely detects, patches, and rewrites susceptible code to stop future exploits.
The efforts add to the corporate’s ongoing efforts to enhance AI-powered vulnerability discovery, comparable to Large Sleep and OSS-Fuzz.
DeepMind mentioned the AI agent is designed to be each reactive and proactive, by fixing new vulnerabilities as quickly as they’re noticed in addition to rewriting and securing current codebases with an purpose to remove complete lessons of vulnerabilities within the course of.
“By routinely creating and making use of high-quality safety patches, CodeMender’s AI-powered agent helps builders and maintainers give attention to what they do finest — constructing good software program,” DeepMind researchers Raluca Ada Popa and 4 Flynn mentioned.
“Over the previous six months that we have been constructing CodeMender, we have now already upstreamed 72 safety fixes to open supply initiatives, together with some as giant as 4.5 million traces of code.”
CodeMender, beneath the hood, leverages Google’s Gemini Deep Assume fashions to debug, flag, and repair safety vulnerabilities by addressing the basis explanation for the issue, and validate them to make sure that they do not set off any regressions.
The AI agent, Google added, additionally makes use of a big language mannequin (LLM)-based critique software that highlights the variations between the unique and modified code with a view to confirm that the proposed modifications don’t introduce regressions, and self-correct as required.
Google mentioned it additionally supposed to slowly attain out to maintainers of crucial open-source initiatives with CodeMender-generated patches, and solicit their suggestions, in order that the software can be utilized to maintain codebases safe.
The event comes as the corporate mentioned it is instituting an AI Vulnerability Reward Program (AI VRP) to report AI-related points in its merchandise, comparable to immediate injections, jailbreaks, and misalignment, and earn rewards that go as excessive as $30,000.
In June 2025, Anthropic revealed that fashions from varied builders resorted to malicious insider behaviors when that was the one solution to keep away from substitute or obtain their objectives, and that LLM fashions “misbehaved much less when it said it was in testing and misbehaved extra when it said the state of affairs was actual.”
That mentioned, policy-violating content material era, guardrail bypasses, hallucinations, factual inaccuracies, system immediate extraction, and mental property points don’t fall beneath the ambit of the AI VRP.
Google, which beforehand arrange a devoted AI Pink Group to deal with threats to AI programs as a part of its Safe AI Framework (SAIF), has additionally launched a second iteration of the framework to give attention to agentic safety dangers like information disclosure and unintended actions, and the required controls to mitigate them.
The corporate additional famous that it is dedicated to utilizing AI to reinforce safety and security, and use the know-how to present defenders a bonus and counter the rising menace from cybercriminals, scammers, and state-backed attackers.
