Google DeepMind CodeMender AI agent debuts to detect and patch vulnerable code
Security Tool/Service
Summary
Hide ▲
Show ▼
Google DeepMind launched CodeMender, an AI-powered agent that detects, patches, and rewrites vulnerable code to reduce future exploit risk. The system uses Gemini Deep Think models and an LLM-based critique tool to validate fixes and avoid regressions. DeepMind says it has already upstreamed 72 security fixes to open source projects, including codebases as large as 4.5 million lines of code. Google also plans to share CodeMender-generated patches with maintainers of critical open-source projects to keep codebases secure.
Related Happenings
ExploitBench benchmark shows frontier AI models can stage Chrome exploit chains against vulnerable V8 builds
Technical Analysis
H score16
First: 04.06.2026 16:00
Last: 04.06.2026 16:00
Sources 1
About this happening:
Bugcrowd’s **ExploitBench** now shows frontier AI models can progress through staged **Google Chrome** exploit chains, raising the risk of faster **AI-assisted exploit development...
ExploitBench benchmark shows frontier AI models can stage Chrome exploit chains against vulnerable V8 builds
Technical AnalysisAbout this happening: Bugcrowd’s **ExploitBench** now shows frontier AI models can progress through staged **Google Chrome** exploit chains, raising the risk of faster **AI-assisted exploit development...
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/Service
H score26
First: 13.05.2026 16:46
Last: 13.05.2026 16:46
Sources 1
About this happening:
Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/ServiceAbout this happening: Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical Analysis
H score33
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
**Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical AnalysisAbout this happening: **Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
Campaign
H score30
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
CampaignAbout this happening: An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Shifty Corsair evolves open-source supply-chain tradecraft with fake firms, layered packages, and AI-assisted deception
Threat Actor Meta
H score42
First: 29.04.2026 17:43
Last: 29.04.2026 17:43
Sources 1
About this happening:
**Shifty Corsair** has expanded its operating model into a more convincing developer-lure ecosystem, increasing the risk of open-source supply-chain compromise against **Web3** ta...
Shifty Corsair evolves open-source supply-chain tradecraft with fake firms, layered packages, and AI-assisted deception
Threat Actor MetaAbout this happening: **Shifty Corsair** has expanded its operating model into a more convincing developer-lure ecosystem, increasing the risk of open-source supply-chain compromise against **Web3** ta...
Timeline
-
07.10.2025 18:18 2 articles · 9mo ago
Google DeepMind launches CodeMender and AI VRP
Initial DisclosureGoogle DeepMind announced CodeMender, an AI-powered agent that automatically detects, patches, and rewrites vulnerable code, using Gemini Deep Think models and a large language model (LLM)-based critique tool to validate fixes and avoid regressions. DeepMind said the system is both reactive and proactive, has already upstreamed 72 security fixes to open source projects over the past six months, and has been used on codebases as large as 4.5 million lines of code. Google also said it plans to share CodeMender-generated patches with maintainers of critical open-source projects and instituted an AI Vulnerability Reward Program (AI VRP) for AI-related issues such as prompt injections, jailbreaks, and misalignment, with rewards up to $30,000.
Show sources
- Google's New AI Doesn't Just Find Vulnerabilities — It Rewrites Code to Patch Them — thehackernews.com — 07.10.2025 18:18
- Google's New AI Doesn't Just Find Vulnerabilities — It Rewrites Code to Patch Them — thehackernews.com — 07.10.2025 18:18