- CODEMENDER Automatically generates AI-reviewed security fixes for open source projects
- Google Deepmind says codmender reduces vulnerability work load through code validation
- Deepmind is planning a wider developer release when the Codemender’s reliability is confirmed
Google Deepmind has revealed codemender, an artificial intelligence agent, it says, can automatically detect and solve software venues before being exploited by hackers.
Google’s AI research arm says the new tool can secure open source projects by generating patches that can be used once they have been reviewed by human researchers.
Codemender is based on Deepminds Gemini Deep Think model and uses several analysis tools, including fuzzing, static analysis and differential tests, to identify root causes for bugs and prevent regressions.
Helps not to replace people
Raluca Ada Popa, senior employee researcher at Deepmind, and John “Four” Flynn, its Vice President of Security, said the system had already delivered dozens of corrections.
“Over the past six months, where we have built codemender, we already have upstream of 72 security fixes for open source projects, including some as large as 4.5 million code lines,” Popa and Flynn wrote in a Deepmind blog post.
The company says codemender can act both reactively and proactively by repairing discovered defects and rewriting code to remove vulnerabilities completely.
The system must ultimately be able to reduce the workload of safety maintenance by validating its own programs before sending them to human review.
The review step is something that Google is eager to stress, and notes codemender is not there to replace people, but rather to act as a useful remedy and expand the rising volume of vulnerabilities that automated systems can detect.
In one case, the team Codemender automatically applies -fbounds -s -security -commadments to parts of the LIBWEBP -image compression library, a step Deepmind claims would have prevented previous exploitation.
The compiler forces the compiler to check buffer limits and lower the risk of overflow -based attacks.
The developers also recognize the growing use of AI of malicious actors and claim that defenders need equivalent tools.
Deepmind plans to extend testing with open source vessels holders and when its reliability is properly proven, you hope to release codmender to wider developer use.
Google has also revised its secure AI framework and launched a new reward program for vulnerability for AI-related deficiencies.
You also like
Follow Techradar on Google News and Add us as a preferred source To get our expert news, reviews and meaning in your feeds. Be sure to click the Follow button!
And of course you can too Follow Techradar at Tiktok For news, reviews, unboxings in video form and get regular updates from us at WhatsApp also.
