Google DeepMind Introduces CodeMender: A New AI Agent that Uses Gemini Deep Think to Automatically Patch Critical Software Vulnerabilities

What if the artificial intelligence agent can localize a fundamental reason, prove the candidate’s reform through analysis and automated test, and rewrite the relevant software instructions in a proactive way to get rid of the entire weakness category – then open the source correction for the review? Google DeepMind Codener offersArtificial intelligence agent that is born, achieved from health, and the source reforms of the real world gaps using the logic of “deep thinking” and the functioning of the tools. In six months of internal publication, Codemender 72 contributed a security spot through open source projects, including the code bases of about 4.5 meters, and are designed to work interactively (correctly known problems) (rewriting a symbol to remove weaknesses).

Understanding architecture

The agent provides the code widely using software analysis tools: fixed and dynamic analysis, differential testing, pressure, and SMT theory. A multi -agent design adds specialized “criticism” auditors who inspect semantic differences and lead to self -correction when discovering slopes. These components allow the system to localize the root causes, synthesize the candidate corrections, and change the slope test automatically before filming it for human review.

Health verification pipeline and the human portal

DeepMind emphasizes automatic verification before any humanitarian correction touches: system tests for radical cause reforms, functional health, absence of slopes, and compliance with elegance; High confidence spots are suggested only to review the supervisor. This workflow is explicitly associated with the logic centered on Gemini Deep planning on the effects of correcting errors, the results of the code search, and test results.

Premium hardening: guards at the translator level

Beyond patching, Codemender applies widespread security transfers. Example: Clang’s automatic listing -fbounds-safety Classical comments in libwebp To impose the operations of examining the limits of the code-which is an approach that would deviate 2023 libwebp Overflow (CVE-2023-4863) was exploited in the iOS series with a zero click and is behind the similar interim store/retreat where the explanatory comments are applied.

Status studies

Deepmind Details are not trivial: (1) A mark was initially placed that the pile flow was tracked to the incorrect XML Mixed management; And (2) Age insect requires adjustments to a dedicated C-CODE generator. In both cases, the corrections created by the Automated Agent and the verification of the LLM district of the functional parity before the suggestion.

The context of publishing and relevant initiatives

The broader Google Declaration tires as part of a defensive stack that includes a new AI gap reward program (unifying prosecutor’s rewards) and AI Secure 2.0 for the agent’s security. Repeats the motivation: as the scales of the discovery of the Acting Security vulnerability (for example, via Bigsleep and OSS-Fuzz), automated treatment should expand side by side.

Codemender runs Gemini Deep Think Plus software analysis tools (fixed/dynamic analysis, beating, SMT) to localize the root causes and suggest automatic audit corrections before human review. Early data reported: 72 safety repairs on the source via open source projects for six months, including the code rules in order of 4.5 million lines ~. The system also applies a pre -emptive harden -fbounds-safety) To reduce the categories of memory safety errors instead of just a correction. No criteria for loyalty or productivity time are published yet, so it is better to measure the effect by the repairs that have been validated and the scope of the hardening code.

verify Technical details. Do not hesitate to check our GitHub page for lessons, symbols and notebooks. Also, do not hesitate to follow us twitter And do not forget to join 100K+ ML Subreddit And subscribe to Our newsletter. I am waiting! Are you on a telegram? Now you can join us on Telegram as well.