Google DeepMind has introduced CodeMender, an AI tool designed to automatically detect and fix security vulnerabilities in open source projects. By leveraging the Gemini Deep Think model, CodeMender generates AI-reviewed security patches, significantly reducing the workload of vulnerability management through advanced code validation techniques like fuzzing and static analysis. In just six months, it has delivered 72 security fixes, demonstrating its effectiveness even in large codebases. DeepMind emphasizes that CodeMender complements human efforts, enhancing rather than replacing the human review process, which remains crucial. It proactively prevents vulnerabilities by implementing changes like -fbounds-safety annotations in libraries to mitigate overflow risks. With plans for wider release pending reliability testing, DeepMind aims to provide developers with essential tools to counteract the rising threat of AI-driven attacks. As part of its overarching cybersecurity strategy, Google has also updated its Secure AI Framework and launched a Vulnerability Reward Program related to AI flaws.
Source link
