Google's DeepMind division has unveiled a new AI agent designed to enhance the security of software coding.

Named CodeMender, this tool reportedly has the ability to automatically detect and fix software vulnerabilities before they can be exploited by hackers.

The AI research team explains that the agent functions both passively, offering immediate patches, and proactively, as it rewrites and safeguards existing code with the goal of eliminating entire categories of vulnerabilities in the process.

According to DeepMind researchers Raluca Ada Popa and John “Four” Flynn, CodeMender has already demonstrated its effectiveness. In a blog post, they stated, “Over the past six months, we have been developing CodeMender, during which we have contributed 72 security fixes upstream to open-source projects, some involving codebases as large as 4.5 million lines.”

CodeMender leverages Google’s Gemini Deep Think model to debug, identify, and resolve vulnerabilities. This powerful tool enables the agent to reason through code changes before submission, automatically validating them to ensure no regressions occur.

Patches generated by CodeMender are only sent for human review after passing a rigorous validation process that confirms the fix addresses the issue, functions correctly, and adheres to coding style guidelines.

The researchers elaborated on new techniques developed during the project that give them confidence in CodeMender’s reasoning and validation capabilities.

These include advanced program analysis tools such as static analysis, dynamic analysis, differential testing, fuzzing, and SMT solvers, which examine code patterns, control flow, and data flow to better identify the root causes of security flaws.

Additionally, specialized agents were developed, including large language model-based tools capable of highlighting differences between original and modified code to ensure proposed changes do not introduce regressions.

While optimistic about CodeMender’s potential, the team emphasized a commitment to “proceed carefully with a focus on reliability.”

When outlining future plans, they noted, “We have already begun submitting patches to various critical open-source libraries, many of which have been accepted upstream. We are gradually expanding this process to maintain quality and systematically incorporate feedback from the open-source community.”

“We also plan to reach out to maintainers of key open-source projects who may be interested in patches generated by CodeMender. By iterating on feedback from this process, we aim to eventually make CodeMender a publicly available tool for developers to secure their codebases.”