![\"A](\"https:\/\/www.newsbeep.com\/uk\/wp-content\/uploads\/2025\/10\/qQXJtLUbwdtnv5JrIinBUj-JgdjB-aA65EWcYSWxiLGoYPj8jTSmTAE2mmEpk530JlkLnV21krL-KdOH6N1NghVnAKTmQLobB7PN.png\")
<\/p>\nResponsibility & Safety<\/p>\n
Published
\n 6 October 2025<\/p>\n
Authors<\/p>\n
Raluca Ada Popa and Four Flynn<\/p>\n
<\/p>\n
Using advanced AI to fix critical software vulnerabilities<\/p>\n
Today, we\u2019re sharing early results from our research on CodeMender, a new AI-powered agent that improves code security automatically.<\/p>\n
Software vulnerabilities are notoriously difficult and time-consuming for developers to find and fix, even with traditional, automated methods like fuzzing. Our AI-based efforts like Big Sleep<\/a> and OSS-Fuzz<\/a> have demonstrated AI\u2019s ability to find new zero-day vulnerabilities in well-tested software. As we achieve more breakthroughs in AI-powered vulnerability discovery, it will become increasingly difficult for humans alone to keep up.<\/p>\n CodeMender helps solve this problem by taking a comprehensive approach to code security that\u2019s both reactive, instantly patching new vulnerabilities, and proactive, rewriting and securing existing code and eliminating entire classes of vulnerabilities in the process. Over the past six months that we\u2019ve been building CodeMender, we have already upstreamed 72 security fixes to open source projects, including some as large as 4.5 million lines of code.<\/p>\n By automatically creating and applying high-quality security patches, CodeMender\u2019s AI-powered agent helps developers and maintainers focus on what they do best \u2014 building good software.<\/p>\n CodeMender in action<\/p>\n CodeMender operates by leveraging the thinking capabilities of recent Gemini Deep Think<\/a> models to produce an autonomous agent capable of debugging and fixing complex vulnerabilities.<\/p>\n To do this, the CodeMender agent is equipped with robust tools that let it reason about code before making changes, and automatically validate those changes to make sure they\u2019re correct and don\u2019t cause regressions.<\/p>\n Animation showing CodeMender\u2019s process for fixing vulnerabilities.<\/p>\n While large language models are rapidly improving, mistakes in code security could be costly. CodeMender\u2019s automatic validation process ensures that code changes are correct across many dimensions by only surfacing for human review high-quality patches that, for example, fix the root cause of the issue, are functionally correct, cause no regressions and follow style guidelines.<\/p>\n As part of our research, we also developed new techniques and tools that let CodeMender reason about code and validate changes more effectively. This includes:<\/p>\n Advanced program analysis: We developed tools based on advanced program analysis that include static analysis, dynamic analysis, differential testing, fuzzing and SMT solvers. Using these tools to systematically scrutinize code patterns, control flow and data flow, CodeMender can better identify the root causes of security flaws and architectural weaknesses.Multi-agent systems: We developed special-purpose agents that enable CodeMender to tackle specific aspects of an underlying problem. For example, CodeMender uses a large language model-based critique tool that highlights the differences between the original and modified code in order to verify that the proposed changes do not introduce regressions, and self-correct as needed.Fixing vulnerabilities<\/p>\n To effectively patch a vulnerability, and prevent it from re-emerging, Code Mender uses a debugger, source code browser, and other tools to pinpoint root causes and devise patches. We have added two examples of CodeMender patching vulnerabilities in the video carousel below.<\/p>\n Example #1: Identifying the root cause of a vulnerability<\/p>\n Here\u2019s a snippet of the agent’s reasoning about the root cause for a CodeMender-generated patch, after analyzing the results of debugger output and a code search tool.<\/p>\n Although the final patch in this example only changed a few lines of code, the root cause of the vulnerability was not immediately clear. In this case, the crash report showed a heap buffer overflow, but the actual problem was elsewhere \u2014 an incorrect stack management of Extensible Markup Language (XML) elements during parsing.<\/p>\n Example #2: Agent is able to create non-trivial patches<\/p>\n In this example, the CodeMender agent was able to come up with a non-trivial patch that deals with a complex object lifetime issue.<\/p>\n The agent was not only able to figure out the root cause of the vulnerability, but was also able to modify a completely custom system for generating C code within the project.<\/p>\n Proactively rewriting existing code for better security<\/p>\n We also designed CodeMender to proactively rewrite existing code to use more secure data structures and APIs.<\/p>\n For example, we deployed CodeMender to apply -fbounds-safety<\/a> annotations to parts of a widely used image compression library called libwebp<\/a>. When -fbounds-safety annotations are applied, the compiler adds bounds checks to the code to prevent an attacker from exploiting a buffer overflow or underflow to execute arbitrary code.<\/p>\n A few years ago, a heap buffer overflow vulnerability in libwebp (CVE-2023-4863<\/a>) was used by a threat actor as part of a zero-click iOS exploit<\/a>. With -fbounds-safety annotations, this vulnerability, along with most other buffer overflows in the project where we’ve applied annotations, would\u2019ve been rendered unexploitable forever.<\/p>\n In the video carousel below we show examples of the agent\u2019s decision-making process, including the validation steps.<\/p>\n Example #1: Agent\u2019s reasoning steps<\/p>\n In this example, the CodeMender agent is asked to address the following -fbounds-safety error on bit_depths pointer:<\/p>\n Example #2: Agent automatically corrects errors and test failures<\/p>\n Another of CodeMender\u2019s key features is its ability to automatically correct new errors and any test failures that arise from its own annotations. Here is an example of the agent recovering from a compilation error.<\/p>\n Example #3: Agent validates the changes<\/p>\n In this example, the CodeMender agent modifies a function and then uses the LLM judge tool configured for functional equivalence to verify that the functionality remains intact. When the tool detects a failure, the agent self-corrects based on the LLM judge’s feedback.<\/p>\n Making software secure for everyone<\/p>\n While our early results with CodeMender are promising, we\u2019re taking a cautious approach, focusing on reliability. Currently, all patches generated by CodeMender are reviewed by human researchers before they\u2019re submitted upstream.<\/p>\n Using CodeMender, we’ve already begun submitting patches to various critical open-source libraries, many of which have already been accepted and upstreamed. We\u2019re gradually ramping up this process to ensure quality and systematically address feedback from the open-source community.<\/p>\n We\u2019ll also be gradually reaching out to interested maintainers of critical open source projects with CodeMender-generated patches. By iterating on feedback from this process, we hope to release CodeMender as a tool that can be used by all software developers to keep their codebases secure.<\/p>\n We will have a number of techniques and results to share, which we intend to publish as technical papers and reports in the coming months. With CodeMender, we’ve only just begun to explore AI\u2019s incredible potential to enhance software security for everyone.<\/p>\n Acknowledgements<\/p>\n Credits (listed in alphabetical order):<\/p>\n Alex Rebert, Arman Hasanzadeh, Carlo Lemos, Charles Sutton, Dongge Liu, Gogul Balakrishnan, Hiep Chu, James Zern, Koushik Sen, Lihao Liang, Max Shavrick, Oliver Chang and Petros Maniatis.<\/p>\n","protected":false},"excerpt":{"rendered":"Responsibility & Safety Published 6 October 2025 Authors Raluca Ada Popa and Four Flynn Using advanced AI to…\n","protected":false},"author":2,"featured_media":181818,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[554,733,4308,86,56,54,55],"class_list":{"0":"post-181817","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-artificial-intelligence","8":"tag-ai","9":"tag-artificial-intelligence","10":"tag-artificialintelligence","11":"tag-technology","12":"tag-uk","13":"tag-united-kingdom","14":"tag-unitedkingdom"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts\/181817","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/comments?post=181817"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts\/181817\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/media\/181818"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/media?parent=181817"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/categories?post=181817"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/tags?post=181817"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}