DeepMind: CodeMender: an AI agent for code security
9 hours ago
- #AI
- #Vulnerability Fixing
- #Code Security
- Introduction of CodeMender, an AI agent designed to automatically improve code security by fixing vulnerabilities.
- CodeMender operates reactively by patching new vulnerabilities and proactively by rewriting existing code to eliminate classes of vulnerabilities.
- Over six months, CodeMender has upstreamed 72 security fixes to open-source projects, including large ones with up to 4.5 million lines of code.
- Utilizes Gemini Deep Think models for autonomous debugging and fixing complex vulnerabilities, with tools for reasoning and validating code changes.
- Features advanced program analysis techniques (static/dynamic analysis, fuzzing, SMT solvers) and multi-agent systems for effective vulnerability identification and patching.
- Demonstrated ability to identify root causes of vulnerabilities and create non-trivial patches, including complex object lifetime issues.
- Proactively rewrites code to use secure data structures and APIs, such as applying -fbounds-safety annotations to prevent buffer overflows.
- Includes automatic correction of errors and test failures, with validation steps to ensure functionality remains intact.
- Currently, all patches are reviewed by human researchers before submission, with plans to gradually increase submissions and gather community feedback.
- Future plans include publishing technical papers, sharing results, and making CodeMender available to all developers for enhancing software security.