DeepMind's latest AI tool wants to detect and repair software vulnerabilities before they get attacked (www.techradar.com)

DeepMind announced CodeMender, an AI-driven agent that automatically detects, repairs and validates software vulnerabilities in open-source projects. Built on the Gemini Deep Think model, CodeMender combines multiple program-analysis techniques—fuzzing, static analysis and differential testing—to pinpoint root causes, synthesize patches and check for regressions. DeepMind says the system has already upstreamed 72 security fixes over six months, including changes to very large codebases, and can operate both reactively (patching discovered flaws) and proactively (rewriting code to eliminate whole classes of vulnerabilities). One concrete example: CodeMender added -fbounds-safety annotations to parts of libwebp to force compiler buffer-bound checks and reduce overflow risks. The significance is twofold: CodeMender promises to scale defenders’ capacity to handle the growing volume of vulnerabilities (including those accelerated by malicious use of AI) while preserving human oversight—patches are validated automatically but still subject to human review before wider deployment. DeepMind plans to expand testing with open-source maintainers and only release more broadly once reliability is proven. The announcement is coupled with Google’s revisions to its Secure AI Framework and a new Vulnerability Reward Program for AI-related flaws, signaling a broader push to harden software supply chains with AI-assisted tooling while maintaining guardrails for safety and correctness.