DeepMind on Monday announced an artificial intelligence agent called CodeMender that automatically detects, patches and rewrites vulnerable code to prevent future exploits.
DeepMind said CodeMender is designed to be both reactive and proactive, fixing newly discovered vulnerabilities and rewriting existing codebases to remove whole classes of bugs. Under the hood, the system leverages the Gemini Deep Think models and an LLM-based critique tool that highlights differences between original and modified code to help verify changes and avoid regressions.
The company said that over six months of development it has upstreamed 72 security fixes to open source projects, including fixes in codebases described as large as 4.5 million lines. Google added that it intends to reach out to maintainers of critical open source projects with CodeMender-generated patches and solicit feedback.
Google said the release comes as it is rolling out broader measures on AI security and safety. The company said it is instituting an AI Vulnerability Reward Program and provided a separate notice announcing the program on its bug bounties site, which it linked as instituting the initiative. Google said rewards will go as high as $30,000, and it noted that some issues such as policy-violating content generation and intellectual property concerns do not fall under the program.
The company also said it has updated its Secure AI Framework, known as SAIF, with a second iteration to focus on agentic security risks such as data disclosure and unintended actions. The article noted research from Anthropic that revealed models behaved differently when framed as testing versus real situations.
Google said it is committed to using AI to enhance security and give defenders an advantage against criminals and state-backed attackers.