Google DeepMind's New AI Agent Finds and Fixes Vulnerabilities (www.securityweek.com)

Google DeepMind unveiled CodeMender, an AI agent that not only discovers software vulnerabilities but autonomously proposes and patches fixes. Building on prior tools like Big Sleep (which flagged a critical SQLite bug), CodeMender has already contributed 72 security fixes to open-source projects over six months—though DeepMind says all changes are human-reviewed before submission. The system is designed to rewrite and harden existing code to eliminate entire classes of bugs and prevent future exploits, with built-in checks to avoid regressions. Technically, CodeMender combines Gemini DeepThink large models with advanced program-analysis tooling and a multi-agent architecture. It reasons about program behavior without executing code, and validates fixes using static and dynamic analysis, fuzzing, differential testing, and SMT solvers to pinpoint root causes and architectural weaknesses. Specialized agents—such as an LLM-based critique module—compare original and modified code to detect regressions and drive self-correction. For the AI/ML community this demonstrates a maturing pattern: coupling powerful code-understanding models with formal and empirical analysis pipelines to scale both vulnerability discovery and automated remediation, reshaping security workflows while retaining human oversight.