Google DeepMind has introduced CodeMender, a new AI-powered agent designed to automatically improve software security by identifying and fixing critical vulnerabilities. This advancement marks a significant step forward in using artificial intelligence to address the growing complexity of code security. Software vulnerabilities are notoriously hard to detect and remediate, even with existing automated tools like fuzzing. While DeepMind’s previous AI efforts such as Big Sleep and OSS-Fuzz have successfully uncovered zero-day flaws in well-established open source software, the pace of discovery now outstrips what human developers can manage alone. CodeMender responds to this challenge by acting both reactively—patching newly discovered issues—and proactively—rewriting code to eliminate entire classes of vulnerabilities before they can be exploited. Over the past six months, CodeMender has already contributed 72 security fixes to major open source projects, including one involving over 4.5 million lines of code. By automating the creation and application of high-quality patches, the system allows developers to focus on innovation rather than firefighting security issues. CodeMender operates as an autonomous agent powered by advanced Gemini Deep Think models. It uses a suite of tools—including debuggers, source code browsers, and code search utilities—to analyze software, trace the root cause of vulnerabilities, and generate accurate fixes. The agent’s reasoning process is designed to be thorough, ensuring that patches not only resolve the immediate issue but also avoid introducing new bugs or breaking existing functionality. A key feature of CodeMender is its automatic validation system. Before any change is presented to a human for review, the agent verifies that the patch is functionally correct, fixes the root cause, maintains code style, and does not cause regressions. This ensures that only high-quality, reliable fixes reach developers. The system has demonstrated its ability to handle complex issues. In one example, a heap buffer overflow reported by a crash was traced back to a subtle stack management error in XML parsing—something not immediately obvious. In another, CodeMender successfully resolved a sophisticated object lifetime problem in a custom C code generation system, requiring deep understanding of both the codebase and its internal logic. These results highlight the agent’s capacity to reason about code at a deep level and make non-trivial, context-aware changes. The development of CodeMender also involved new techniques for improving code analysis and validation, enabling more robust and trustworthy AI-driven fixes. DeepMind’s team behind the project includes Alex Rebert, Arman Hasanzadeh, Carlo Lemos, Charles Sutton, Dongge Liu, Gogul Balakrishnan, Hiep Chu, James Zern, Koushik Sen, Lihao Liang, Max Shavrick, Oliver Chang, and Petros Maniatis. CodeMender represents a major leap in the use of AI for secure software development, offering a scalable solution to one of the most pressing challenges in modern engineering.