Google expands CodeMender access, pushes AI cybersecurity tools wider
Google opened CodeMender to outside testers as it turns AI agents into cybersecurity weapons, raising the stakes in a race to patch software before attackers find the next flaw.
Google widened access to CodeMender, its AI agent for code security, by inviting select groups of experts to test the API as part of Google I/O 2026 in Mountain View and online. The move pushed the tool further out of the lab and into the fast-moving contest to use AI to defend software before vulnerabilities spread.
Google said CodeMender uses Gemini reasoning capabilities to automatically fix critical code vulnerabilities and accelerate patching across the open-source landscape. The company first unveiled the system on October 6, 2025, alongside a new AI Vulnerability Reward Program and Secure AI Framework 2.0, arguing that AI-powered vulnerability discovery is making it harder for human teams alone to keep up.

That framing places CodeMender at the center of a broader shift in cybersecurity: not just more scanning, but automated code-defense agents meant to act faster than traditional security teams. Google Cloud has described agentic AI as already transforming security operations, and Google has increasingly cast its security work around AI systems that can identify, triage and repair flaws at speed.
The competitive pressure is rising quickly. Anthropic has moved aggressively in the same space with Project Glasswing, a cross-industry cybersecurity initiative built around Claude Mythos Preview. Anthropic says the model is being used for defensive security work, is available via Vertex AI for participants in the project, and has been extended to more than 40 additional organizations that build or maintain critical software infrastructure.
Anthropic has paired that rollout with major financial commitments, saying it is providing up to $100 million in usage credits for Mythos Preview and $4 million in direct donations to open-source security organizations. The company also said engineers using the model have found working exploit chains and remote code execution vulnerabilities overnight in testing, a sign of how quickly these systems can surface serious flaws.

For Google, the expansion of CodeMender at Shoreline Amphitheatre underscored how the AI arms race is no longer confined to chatbots or consumer tools. The next front is software supply-chain defense, where frontier companies are trying to prove that autonomous agents can reduce risk at scale, while the same capabilities also sharpen the tools available to malicious actors.
This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.
Did this article answer your question?


