DeepMind: CodeMender: an AI agent for code security

https://deepmind.google/discover/blog/introducing-codemender-an-ai-agent-for-code-security/

64•ravenical•1h ago

Comments

blibble•20m ago

what an annoying page

pointless videos, without enough time to read the code

sobiolite•18m ago

I wonder if we're going to end up in an arms race between AIs masquerading as contributors (and security researchers) trying to introduce vulnerabilities into popular libraries, and AIs trying to detect and fix them.

sublinear•8m ago

Why would it be like that instead of the way we already handle low-trust environments?

Projects that get a lot of attention already put up barriers to new contributions, and the ones that get less attention will continue to get less attention.

The review process cannot be left to AI because it will introduce uncertainty nobody wants to be held responsible for.

If anything, the people who have always seen code as a mere means to an end will finally come to a forced decision: either stop fucking around or get out of the way.

An adversarial web is ultimately good for software quality, but less open than it used to be. I'm not even sure if that's a bad thing.

zb3•15m ago

DeepMind = not available for use

esafak•13m ago

It's lost its charm.

mmaunder•13m ago

Can we just flag this since it’s not actually a thing available to anyone?

sigmar•13m ago

4.5 million lines of code for one fix is impressive for an LLM agent, but there's so little detail in this post otherwise. Perhaps this is a tease to what will be released on Thursday...

narmiouh•12m ago

Not a fan of future products being announced as if they are here but are basically is still in "Internal Research" stages. I'm not sure who this is really helping? except creating unnecessary anticipation which we kinda all know are in this loop lately of "yes it works great, but".

bgwalter•8m ago

So it is a secret tool, they will "gradually reach out to interested maintainers of critical open source projects with CodeMender-generated patches", then they "hope to release CodeMender as a tool that can be used by all software developers".

Why is everything in "AI" shrouded in mystery, hidden behind $200 monthly payments and has glossy announcements. Just release the damn thing and let us test it. You know, like the software we write and that you steal from us.

nickpinkston•3m ago

I'm optimistic that it's easier to find/solve vulnerabilities via auto pen-testing / patching, and other security measures, than it will be to find/exploit vulnerabilities after - ie defense is easier in an auto-security world.

Does anyone disagree?

This is purely my intuition, but I'm interested in how others are thinking about it.

All this with the mega caveat of this assuming very widespread adoption of these defenses, which we know won't be true and auto-hacking may be rampant for a while.

Sora 2 Local Playground

Soft drink consumption and increased risk of nonalcoholic fatty liver disease

2x Performance, $300k Savings: A Case Study Rewriting Critical Service in Rust

OpenAI DevDay live: Altman comments on 'strange' stock moves of demo companies

From engines to nanochips: Physicists redefine how heat moves

Microsoft is plugging more holes that let you use Windows 11 without MS account

Servo GTK

T-Mobile Will Soon Begin LTE Phase-Out

Show HN: Neural background noise removal in multimedia with a single command

PDF: Crippling Relational AI Guarantees Systemic Risk

Built a free fullscreen event countdown tool for event managers

Cross-Agent Privilege Escalation: When Agents Free Each Other

How to Orchid, by Jemaine Clement

Can You Build a TikTok Alternative?

The Mechanism of Mineral Nucleation and Growth in a Mini-Ferritin

Sneaky asteroid zooms past Antarctica closer than a satellite

The Free Republic of Verdis

TrueAnon Podcast: The Left Has Its Rabbit Holes

Roadmap for AI in Visual Studio (October)

Tarot.js – A customizable JavaScript library for managing Tarot card decks

OpenAI wants to make ChatGPT into a universal app front end

Q&A: New DNA techniques reveal unseen soil bacteria and antibiotic candidates

Scientists Just Connected the Dots Between Viruses and Everything

Reqwire.io

Ask HN: What solution does Stripe use for their API/webhooks Workbench?

Altman says no current plans for ads in ChatGPT Pulse – but not ruling it out

The developer role is evolving. Here’s how to stay ahead.

What Happens to European Workers When Immigrants "Take Their Jobs?" [pdf]

Case-Insensitive OverlayFS Support Merged for Linux 6.18

RediShell: Critical Remote Code Execution