Turn the robots against the viruses and exploits, I say. Google announced on October 6, 2025, that it’d created CodeMender, an autonomous AI that goes about scanning for and automatically fixing security vulnerabilities in public, free-to-use software by rewriting code, all without a human. Until it’s time to publish, that is.
how Google Codemender works
Amid a sea of stories about AI causing chaos and leading to layoffs, it’s nice to read about an AI that can use its impressive intelligence to patch up security vulnerabilities aimed at one of the internet’s nicest remaining concepts: open-source software.
Open-source software is software that is free for the public to use, modify, and redistribute. Such software is typically the domain of scrappy companies, non-profits, individuals, and organizations that don’t have a lot of money or manpower to prowl for and fix security problems in their software.
CodeMender is an AI agent that Google says is “both reactive, instantly patching new vulnerabilities, and proactive, rewriting and securing existing code and eliminating entire classes of vulnerabilities in the process.”
DeepMind is a complex tool. The layman’s explanation is that it uses Google’s Gemini Deep Think models to produce, Google puts it, an autonomous agent capable of debugging and fixing complex vulnerabilities.
“Software vulnerabilities are notoriously difficult and time-consuming for developers to find and fix…” Google wrote in an October 6 entry on its DeepMind website. “As we achieve more breakthroughs in AI-powered vulnerability discovery, it will become increasingly difficult for humans alone to keep up.”
While a human has to sign off on any fixes that CodeMender generates before the fixes are released to fix the target open-source project, CodeMender can seek out, find, and begin working on these fixes all without a human prompting it.
“Over the past six months that we’ve been building CodeMender, we have already upstreamed 72 security fixes to open source projects, including some as large as 4.5 million lines of code,” Google said on October 6.
The post Google Unveils AI Tool That Automatically Patches Open-Source Software appeared first on VICE.
