At Google I/O, Google announced it is expanding CodeMender API access to a broader group of external security experts for testing. CodeMender is an AI agent for code security - software that scans a codebase to find vulnerabilities, explains what's wrong, and can suggest or apply fixes automatically. Google first announced the tool in October 2025; this wider external rollout is the clearest signal yet that commercial deployment is the goal.
The direct competitor is Anthropic's Mythos, which operates in the same category. Both tools go beyond general coding assistants - rather than helping write or complete code, they focus specifically on finding security flaws. That distinction matters to enterprise security teams, who need tools that reason about vulnerability context, not just pattern-match against a list of known issues.
Google has genuine relevant experience here. It operates software infrastructure at a scale that few organizations approach, which means its internal security tooling has been tested against real-world threat patterns. Whether that experience is baked into CodeMender's reasoning - or whether it's a standard large language model (an AI system trained on large amounts of text, including code) applied to security queries - is the central question practitioners should be asking before adopting it.
Widening API access to security experts means comparative results against Anthropic's Mythos should start appearing from the research community in the coming weeks. That's the right way to evaluate tools in this category: run them against real codebases with known vulnerabilities and see what they catch.