Google DeepMind has introduced CodeMender, an AI agent that automatically improves code security through both reactive patching of new vulnerabilities and proactive rewriting of existing code. Over six months, the system has already upstreamed 72 security fixes to open source projects, including some as large as 4.5 million lines of code.

CodeMender leverages Gemini Deep Think models with advanced tools for code analysis, including static and dynamic analysis, differential testing, fuzzing, and SMT solvers. Its multi-agent system allows it to tackle specific aspects of security problems, while automatic validation ensures patches are correct without introducing regressions.

The system has been applied to critical projects like libwebp, applying -fbounds-safety annotations that would have prevented buffer overflow vulnerabilities like CVE-2023-4863. Currently all patches receive human review, with the team gradually expanding the process to maintainers of critical open-source libraries while iterating on feedback from the community.