Google unveils CodeMender, an AI agent that repairs code vulnerabilities

Google researchers have introduced CodeMender, an AI-powered agent that automatically detects and fixes software vulnerabilities to enhance code security.

Built on Gemini Deep Think models, CodeMender operates autonomously to identify security flaws, generate patches, and validate fixes without introducing regressions. The system combines advanced program analysis with multi-agent collaboration, using static analysis, dynamic testing, and fuzzing techniques. Over six months, it has successfully contributed 72 security fixes to open source projects, including those with millions of lines of code.

• Uses dual approach of reactive patching for new flaws and proactive code rewriting to eliminate vulnerability classes
• Employs rigorous validation processes including human developer review to ensure quality and coding standards compliance
• Demonstrates significant advancement in AI-driven cybersecurity by transforming how modern software systems are maintained and protected
• Allows developers to focus on building reliable software rather than manually hunting for security weaknesses