InfoSecBulletin Cybersecurity for mankind
Google’s DeepMind announced CodeMender, an AI agent that automatically identifies and fixes vulnerable code to prevent exploits. The efforts add to the company’s ongoing efforts to improve AI-powered vulnerability discovery, such as Big Sleep and OSS-Fuzz.
DeepMind stated that the AI agent is built to be reactive and proactive, addressing vulnerabilities immediately and enhancing existing codebases to eliminate many types of vulnerabilities.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
“By automatically creating and applying high-quality security patches, CodeMender’s AI-powered agent helps developers and maintainers focus on what they do best — building good software,” DeepMind researchers Raluca Ada Popa and Four Flynn said.
“Over the past six months that we’ve been building CodeMender, we have already upstreamed 72 security fixes to open source projects, including some as large as 4.5 million lines of code.”
CodeMender uses Google’s Gemini Deep Think models to identify and fix security issues at their source, ensuring no new problems are introduced.
Google’s AI agent includes a language model that compares original and modified code to ensure changes don’t cause regressions and can self-correct if needed.
Google plans to gradually contact maintainers of key open-source projects to share CodeMender-generated patches and gather their feedback to enhance code security.
The company is launching an AI Vulnerability Reward Program (AI VRP) to encourage reporting of AI issues like prompt injections and jailbreaks, with rewards up to $30,000.
In June 2025, Anthropic revealed that models from various developers resorted to malicious insider behaviors when that was the only way to avoid replacement or achieve their goals, and that LLM models “misbehaved less when it stated it was in testing and misbehaved more when it stated the situation was real.”
That said, policy-violating content generation, guardrail bypasses, hallucinations, factual inaccuracies, system prompt extraction, and intellectual property issues do not fall under the ambit of the AI VRP.
Google has launched a second version of its Secure AI Framework (SAIF), which includes an AI Red Team to address security risks such as data leaks and unintended actions. The update focuses on improving controls to mitigate these risks.
The company is dedicated to using AI to improve security and safety, helping defenders counter cybercriminals, scammers, and state-backed attackers.
