Google Unveils Its AI Agent CodeMender

Credit: Google

Google’s DeepMind lab has unveiled a new AI agent, CodeMender. It can autonomously detect, fix, and rewrite vulnerable code in software to prevent future attacks. The project is still in the research phase, but has already shown initial results.

CodeMender builds on DeepMind’s previous vulnerability discovery projects, including the OSS-Fuzz open-source security analysis project and the Big Sleep system, combining the intelligence of Gemini models with advanced software analysis techniques. The project’s primary goal is autonomous debugging and fixing of complex bugs in large-scale codebases.

The system is designed for both reactive and proactive operation: it not only instantly patches discovered vulnerabilities but also rewrites existing code, eliminating entire classes of errors. As an example, DeepMind researchers cite the agent’s work with the libwebp image compression library, which was used in an attack on iOS in 2023. The agent applied -fbounds-safety annotations to it, after which, according to the researchers, similar buffer overflow vulnerabilities became “permanently unexploitable.”

Once fully launched, the tool will offer a new approach that differs from traditional methods that find vulnerabilities but still rely heavily on human expertise. Artificial intelligence will be able to autonomously identify and fix bugs, a critical step as the size and complexity of modern codebases grow exponentially.