What if an AI agent can localize a basic cause, prove a candidate fine through automated analysis and testing, and rewrite the related code to eliminate the entire vulnerability class – then open an upstream patch for review? Google introduces deepminded codemedAn AI agent that generates a fix, validation, and upstreams for real-world weaknesses using the gemini “deep think” argument and a tool-firm workflow. In a six-month internal deployment, the Code Mender contributed 72 security patch to open-source projects, including codebase up to 4.5 m lines, and is designed to reactively (patching known issues) and continuously (codes to remove vulnerable sections).
Understand architecture
Agent couple logic with large-scale code program-analysis tooling: stable and dynamic analysis, difference testing, fasting, and satisfactory-modulo-theory (SMT) solver. A multi-agent design connects special “criticism” critics that observe the cementic deface and trigger self-improvement when regression is detected. These components allow the system to automatically make regression-testing changes local before making the system local causes local causes, synthesizing the candidate patch and surfaceing them for human reviews.
Verification pipeline and human door
Deepmind emphasizes any human on automatic verification before touching a patch: system testing, functional purity, absence and style compliance for root-cause corrections; Only high-confidence patch has been proposed to review a subtitle. This workflow is clearly associated with the plan-centered logic on the codes search results and test results of Gemini Deep think.
Active strict: compiler-tier guard
Beyond the patching, the codeomeder implements the security-strict conversion on the scale. Examples: Automatic Insiaration of Clang -fbounds-safety Anote in libwebp To implement compiler-level boundaries-one approach that will neutralize 2023 libwebp Heap overflow (CVE-2023-4863) is exploited in similar buffer in a zero-click iOS series and similar buffer/underflow where anotation is applied.
Study the matter
Deepmind describes two non-trivial reforms: (1) An accident was initially flagged as a pile that was detected for the wrong XML stack management; And (2) A lifetime bug requires editing to a custom C-code generator. In both cases, the agent-borne patch passed an automated analysis and conducted an LLM-judge for functional equivalent before the proposal.
Periodic references and related initiatives
The broad declaration of Google frames the codender as part of a defensive stack which includes a new AI vibration prize program (consolidating the AI-related bounty) and the AI Framework 2.0 safe for agent security. The Post repeats inspiration: AI-in-operated vulgarity search scales (eg, through BigSlep and OSS-Fuzz), automated remediation should meet together on a scale.
The Codendras conducts Gemini Deep Think Plus Program-Analysis tools (Static/Dynamic Analysis, Fazing, SMT) to make the root cause local and proposes patch passing patch before human review. Preliminary data reported: 72 upstream security improvements in open-source projects in six months, including codebase on the order of ~ 4.5 m lines. The system proactive hardening (eg, also applies compiler-lagu borders through clang) -fbounds-safety) Instead of patching examples only to reduce memory-security bug classs. No delay or throwput benchmark has been published yet, so the effect is best measured by the scope of valid fix and rigid code.
Check it technical detailsFeel free to check us Github page for tutorials, codes and notebooksAlso, feel free to follow us Twitter And don’t forget to join us 100k+ mL subredit More membership Our newspaperwait! Are you on Telegram? Now you can also include us in Telegram.
Asif razzaq is CEO of Marktechpost Media Inc .. As a visionary entrepreneur and engineer, ASIF is committed to using the ability of artificial intelligence for social good. His most recent effort is the launch of an Artificial Intelligence Media Platform, Marktekpost, which stands for his intensive coverage of machine learning and deep learning news, technically sound and easily understand by a comprehensive audience. The stage claims more than 2 million monthly ideas, reflecting its popularity among the audience.
🙌 Follow Marktechpost: Add us as a favorite source on Google.
