DeepMind: CodeMender: an AI agent for code security

Summary

Responsibility & Safety Introducing CodeMender: an AI agent for code security Published 6 October 2025 Authors Raluca Ada Popa and Four Flynn Using advanced AI to fix critical software vulnerabilitiesToday, we’re sharing early results from our research on CodeMender, a new AI-powered agent that improves code security automatically.Software vulnerabilities are notoriously difficult and time-consuming for developers to find and fix, even with traditional, automated methods like fuzzing. Our AI-based efforts like Big Sleep and OSS-Fuzz have demonstrated AI’s ability to find new zero-day vulnerabilities in well-tested software. As we achieve more breakthroughs in AI-powered vulnerability discovery, it will become increasingly difficult for humans alone to keep up.CodeMender helps solve this problem by taking a comprehensive approach to code security that’s both reactive, instantly patching new vulnerabilities, and proactive, rewriting and securing existing code and eliminating entire classes of vulnerabilities in the process. Over the past six months that we’ve been building CodeMender, we have already upstreamed 72 security fixes to open source projects, including some as large as 4.5 million lines of code.By automatically creating and applying high-quality security patches, CodeMender’s AI-powered agent helps developers and maintainers focus on what they do best — building good software.CodeMender in actionCodeMender operates by leveraging the thinking capabilities of recent Gemini Deep Think models to produce an autonomous agent capable of debugging and fixing complex vulnerabilities.To do this, the CodeMender agent is equipped with robust tools that let it reason about code before making changes, and automatically validate those changes to make sure they’re correct and don’t cause regressions. Animation showing CodeMender’s process for fixing vulnerabilities. While large language models are rapidly improving, mistakes in code security could be costly. CodeMender’s a...