Google launches CodeMender, an AI agent that can detect app vulnerabilities using AI

Google has announced CodeMender , an AI agent that uses Gemini Deep Think to automatically fix critical software vulnerabilities.

Introducing CodeMender: an AI agent for code security - Google DeepMind

CodeMender is an agent that autonomously debugs and remediates vulnerabilities, leveraging the power of the inference-enhanced Gemini Deep Think model.

CodeMender is said to help human developers and maintainers focus on building great software by automatically generating and applying high-quality security patches.

It uses a combination of advanced tools such as static analysis, dynamic analysis, differential testing, fuzzing, and SMT solvers to identify root causes and devise fixes. It also has tools that can infer code before changes are made and automatically verify that the modified code does not break backward compatibility.

Another feature is that it is designed to proactively rewrite existing code to use safer data structures and APIs.

Google explains that it has adopted a comprehensive code security strategy that combines a 'reactive approach' to immediately fix new vulnerabilities and a 'preventive approach' to rewrite and harden existing code to eliminate vulnerabilities altogether. CodeMender has already released 72 security fixes upstream to open source projects in the six months since its development began.

Google also said that while CodeMender's early results are promising, it is taking a cautious approach with a focus on reliability, and that all patches generated by CodeMender are reviewed by human researchers.

Google said, 'Software vulnerabilities are extremely difficult and time-consuming for developers to find and fix, even with traditional automated methods like fuzzing. Our AI technologies, such as Big Sleep and OSS-Fuzz, have demonstrated the ability of AI to find new zero-day vulnerabilities even in well-tested software. As AI-based vulnerability detection techniques continue to evolve, they will become increasingly difficult for humans to tackle alone. CodeMender is just beginning to explore the incredible potential of AI to improve software security for everyone. In the coming months, we will share many of our technologies and findings, publishing them as technical papers and reports.'

Software vulnerabilities can be notoriously time-consuming for developers to find and fix.

Today, we're sharing details about CodeMender: our new AI agent that uses Gemini Deep Think to automatically patch critical software vulnerabilities. 🧵 pic.twitter.com/CJrET7ikIU

— Google DeepMind (@GoogleDeepMind) October 6, 2025