Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Google introduces CodeMender, an AI agent for code security

CodeMender uses Gemini AI to patch and rewrite unsafe code.

byEmre Çıtak
October 8, 2025
in Artificial Intelligence

Google has shared early results from its research on CodeMender, a new AI-powered agent designed to improve code security automatically. The agent can both reactively patch new vulnerabilities and proactively rewrite existing code to eliminate entire classes of security flaws.

As AI-powered tools become more effective at discovering software vulnerabilities, the volume of identified issues is expected to exceed the capacity of human developers to fix them. CodeMender is designed to address this problem by automating the creation and application of high-quality security patches. Over the past six months, the project has already submitted 72 security fixes to open-source projects, some with codebases as large as 4.5 million lines of code.

How Google CodeMender functions

CodeMender is an autonomous agent that uses Gemini Deep Think models to debug and fix complex vulnerabilities. It is equipped with a set of tools that allow it to reason about code before making changes and to automatically validate those changes to ensure they are correct and do not cause regressions.

https://deepmind.google/api/blob/website/media/Menders-Full_Film_01-v09.mp4

The validation process is a critical component, designed to prevent costly mistakes. CodeMender only surfaces high-quality patches for human review that are confirmed to fix the root cause of an issue, are functionally correct, cause no regressions, and follow project style guidelines.

The system uses several techniques to achieve this:

  • Advanced program analysis: CodeMender uses tools for static analysis, dynamic analysis, differential testing, and fuzzing to scrutinize code patterns and data flow. This allows it to better identify the root causes of security flaws.
  • Multi-agent systems: The system employs specialized agents for specific tasks. For example, a large language model-based critique tool highlights the differences between original and modified code to verify that a proposed change does not introduce new problems, allowing the main agent to self-correct as needed.

Fixing active vulnerabilities

To patch a vulnerability effectively, CodeMender uses tools like a debugger and a source code browser to pinpoint the root cause before devising a solution.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

In one example, a crash report indicated a heap buffer overflow, but the agent’s analysis determined the actual problem was an incorrect stack management of XML elements during parsing. While the final patch only changed a few lines of code, identifying the true root cause required complex reasoning. In another case, the agent created a non-trivial patch to fix a complex object lifetime issue by modifying a custom system for generating C code within the project.

Proactively securing existing code

CodeMender is also designed to proactively rewrite code to use more secure data structures and APIs. For instance, the agent was deployed to apply `-fbounds-safety` annotations to parts of the widely used libwebp image compression library. When applied, these annotations instruct the compiler to add bounds checks to the code, which can prevent buffer overflow vulnerabilities from being exploited.

https://deepmind.google/api/blob/website/media/GDM_Security_Menders_Diagram_V10_NENC3iy.mp4

A previously discovered heap buffer overflow in libwebp (CVE-2023-4863) was used as part of a zero-click iOS exploit. With the annotations added by CodeMender, that vulnerability and many others like it would have been rendered unexploitable. The agent can automatically correct new compilation errors or test failures that arise from its own annotations, and it uses an LLM-based tool to verify that its changes have not altered the code’s intended functionality.

Current status and future plans

All patches currently generated by CodeMender are reviewed by human researchers before being submitted to open-source projects. Google is gradually increasing the number of patches it submits to ensure high quality and to systematically address feedback from the open-source community.

The team plans to reach out to maintainers of critical open-source projects with CodeMender-generated patches. By iterating on feedback from this process, the goal is to eventually release CodeMender as a tool that all software developers can use to help keep their codebases secure.


Featured image credit

Tags: ai agentCodeMenderFeaturedGoogle

Related Posts

Samsung Internet beta brings Galaxy AI to Windows PCs

Samsung Internet beta brings Galaxy AI to Windows PCs

October 31, 2025
Tim Cook says Siri’s delayed AI upgrade is finally on track for 2026

Tim Cook says Siri’s delayed AI upgrade is finally on track for 2026

October 31, 2025
Adobe turns Photoshop into a chatbot that edits, renames and collaborates

Adobe turns Photoshop into a chatbot that edits, renames and collaborates

October 31, 2025
Chrome tests “Nano Banana” and “Deep Search” AI buttons

Chrome tests “Nano Banana” and “Deep Search” AI buttons

October 31, 2025
Canva unveils its Creative Operating System to rival Adobe

Canva unveils its Creative Operating System to rival Adobe

October 31, 2025
OpenAI Sora adds character cameos and video stitching

OpenAI Sora adds character cameos and video stitching

October 30, 2025

LATEST NEWS

Tech News Today: Nvidia builds the AI world while Adobe and Canva fight to rule it

Disney+ and Hulu streams now look sharper on Samsung TVs with HDR10+

Min Mode: Android 17 to have a special Always-On Display

Samsung Internet beta brings Galaxy AI to Windows PCs

Amazon cancels its Lord of the Rings MMO again

Windows 11 on Quest 3: Microsoft’s answer to Vision Pro

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.