CodeMender is Google DeepMind’s new AI agent designed to find and fix security bugs in software code automatically.
Google DeepMind’s CodeMender can analyse source code, identify root cause, propose patches, and test them
Photo Credit: Unsplash/Christopher Gower
Google DeepMind, on Monday, introduced CodeMender, an artificial intelligence (AI) agent designed to automatically detect and fix security vulnerabilities in software code. The AI system can not only identify bugs but also suggest and verify patches, eliminating the need for manual intervention. This means developers can hand over the reins to CodeMender, and it will not require further input. DeepMind highlights that the AI agent is capable of working both reactively by repairing existing security flaws and proactively by rewriting parts of code to prevent future vulnerabilities.
The company says that fixing vulnerabilities in software is one of the most time-consuming and difficult tasks using traditional means. AI systems have also not been a great help in this area, since it requires understanding the logic and context of thousands of lines of code and detecting a wide range of flaws. Since these are not software-crashing bugs, deployment-based tests are also not useful here.
CodeMender, the company claims, is capable of understanding the logic and structure of complex software. It analyses source code, identifies weak points that could lead to potential exploits, and generates secure fixes.
After a patch is proposed, the AI agent tests it to ensure that the vulnerability is resolved and no new issues are added. DeepMind's system also self-corrects if a patch fails verification, iterating until the change meets security and functionality standards.
It can work both reactively and proactively, and the latter is useful to create defences against potential risks. DeepMind claims that CodeMender can rewrite code to follow safer programming practices, allowing developers to address entire classes of vulnerabilities before they can cause harm.
Highlighting its real-world efficiency, the company claimed that the AI agent was able to find 72 verified security patches across major open-source software in a six-month trial period. It was able to suggest fixes for memory mismanagement, buffer overflows, and unsafe data handling. DeepMind claims some of these projects were as large as 4.5 million lines of code.
CodeMender is currently a research project, and isn't available to the general public. Currently, every patch generated by the AI agent is reviewed by human researchers before they are submitted upstream. The techniques used for this system and the results from the trials will be published in technical papers and reports in the coming months.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.