Core Insights - Google DeepMind has launched CodeMender, an AI-driven intelligent agent designed to automatically detect, fix, and strengthen software vulnerabilities, aiming to reduce the time developers spend on identifying and addressing security issues [1][4] - CodeMender combines automated vulnerability discovery with AI-based repair and validation, contributing 72 verified patches to open-source projects in the past six months, with some projects exceeding 4 million lines of code [1][2] Group 1 - Traditional vulnerability detection methods, such as static analysis and fuzzing, require significant manual verification and remediation, which CodeMender seeks to improve upon [1] - The system generates multiple repair candidates when a vulnerability is detected and validates these patches through automated testing to ensure they resolve the issue without introducing new errors [1][4] - Early repair cases include fixing a heap buffer overflow related to XML stack processing and addressing an object lifecycle management vulnerability [2] Group 2 - The community response to CodeMender has been largely positive, with comments highlighting the impressive nature of automated repairs and the importance of the verification layer for trust [3] - Discussions on platforms like Reddit indicate concerns about the future impact of such automation on cybersecurity, with users speculating on the potential for hackers to exploit similar models [4] - DeepMind emphasizes that all patches generated by CodeMender will undergo human review before formal integration, with reliability and transparency being core principles of the project [4]

Excited to share early results about CodeMender, our new AI agent that automatically fixes critical software vulnerabilities. AI could be a huge boost for developer productivity and security. Amazing work from the team - congrats! ...

近日， DeepMind 最新推出了一种全新的用于代码安全的 AI Agent—CodeMender ，它使用 Gemini Deep Think 自动修补关键软件漏洞。它会检查补丁是否正确、 是否能够修复根本原因，并且不会引起其他任何破坏。这确保只有高质量的解决方案才会被发送给人工审核。 具体来看，CodeMender 通过一种全面的代码安全方法来帮助解决软件漏洞问题， 实现「被动响应」与「主动防御」并重：既能立即修补新的漏洞，也能重写和保 护现有代码，并在此过程中消除所有类型的系统性漏洞。 机器之心报道 机器之心编辑部 众所周知，开发者「苦软件漏洞久已」，即使使用模糊测试等传统的自动化方法，也难以发现和将其修复，且耗时耗力。而在 AI 大行其道的当下，用 AI 来修复 关键软件漏洞技术与产品也开始涌现，那么， 如何才能使得 AI 修复安全代码是值得信任的，答案在于「通过严格的验证」。 另一位网友则认为，CodeMender 的出现将把 QA、安全审计、漏洞赏金的收入都「吃光」。 而据媒体报道，谷歌最近刚刚正式启动了一项专门针对 AI 产品漏洞的奖励计划。而自从谷歌两年前正式邀请 AI 研究人员排查产品 A ...