Google DeepMind CodeMender AI agent debuts to detect and patch vulnerable code
Security Tool/Service
Summary
Hide ▲
Show ▼
Google DeepMind launched CodeMender, an AI-powered agent that detects, patches, and rewrites vulnerable code to reduce future exploit risk. The system uses Gemini Deep Think models and an LLM-based critique tool to validate fixes and avoid regressions. DeepMind says it has already upstreamed 72 security fixes to open source projects, including codebases as large as 4.5 million lines of code. Google also plans to share CodeMender-generated patches with maintainers of critical open-source projects to keep codebases secure.
Related Happenings
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/Service
First: 13.05.2026 16:46
Last: 13.05.2026 16:46
Sources 1
About this happening:
Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/ServiceAbout this happening: Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical Analysis
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
**Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical AnalysisAbout this happening: **Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
Campaign
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
CampaignAbout this happening: An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Shifty Corsair evolves open-source supply-chain tradecraft with fake firms, layered packages, and AI-assisted deception
Threat Actor Meta
First: 29.04.2026 17:43
Last: 29.04.2026 17:43
Sources 1
About this happening:
**Shifty Corsair** has expanded its operating model into a more convincing developer-lure ecosystem, increasing the risk of open-source supply-chain compromise against **Web3** ta...
Shifty Corsair evolves open-source supply-chain tradecraft with fake firms, layered packages, and AI-assisted deception
Threat Actor MetaAbout this happening: **Shifty Corsair** has expanded its operating model into a more convincing developer-lure ecosystem, increasing the risk of open-source supply-chain compromise against **Web3** ta...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/Service
First: 08.04.2026 12:16
Last: 08.04.2026 12:16
Sources 1
About this happening:
**Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/ServiceAbout this happening: **Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Latest development: 23.05.2026 14:55
Anthropic said Project Glasswing has uncovered more than 10,000 high- or critical-severity vulnerabilities across widely used software since the program launched last month, including 6,202 high/critical flaws affecting more than 1,000 open-source projects, 1,726 validated true positives, 1,094 high/critical flaws, a critical WolfSSL flaw tracked as CVE-2026-5194 with CVSS score 9.1, 97 upstream patches, and 88 advisories.
Timeline
-
07.10.2025 18:18 2 articles · 7mo ago
Google DeepMind launches CodeMender and AI VRP
Initial DisclosureGoogle DeepMind announced CodeMender, an AI-powered agent that automatically detects, patches, and rewrites vulnerable code, using Gemini Deep Think models and a large language model (LLM)-based critique tool to validate fixes and avoid regressions. DeepMind said the system is both reactive and proactive, has already upstreamed 72 security fixes to open source projects over the past six months, and has been used on codebases as large as 4.5 million lines of code. Google also said it plans to share CodeMender-generated patches with maintainers of critical open-source projects and instituted an AI Vulnerability Reward Program (AI VRP) for AI-related issues such as prompt injections, jailbreaks, and misalignment, with rewards up to $30,000.
Show sources
- Google's New AI Doesn't Just Find Vulnerabilities — It Rewrites Code to Patch Them — thehackernews.com — 07.10.2025 18:18
- Google's New AI Doesn't Just Find Vulnerabilities — It Rewrites Code to Patch Them — thehackernews.com — 07.10.2025 18:18