Google is opening up CodeMender, its AI agent for code security, to a wider pool of external testers, and it’s pitching the tool directly at the same enterprise and government buyers Anthropic just shocked with Mythos Preview. According to The Verge AI, the company announced at I/O that select expert groups are now getting API access to the agent it first debuted last October, with Google DeepMind CTO Koray Kavukcuoglu framing it as a way to “help secure the world’s code bases” by flagging and fixing vulnerabilities at scale.
This is Google’s direct answer to Anthropic. The Verge AI reports that Anthropic’s surprise Claude Mythos Preview rattled the industry, top banks, and even the Federal Reserve chair, and it triggered a scramble across the major labs to ship their own high-stakes security models. OpenAI moved first. Google is the next domino.
Why the rush
Mythos Preview did two things for Anthropic. It rebuilt the company’s standing with the US government after the supply chain risk designation and lawsuit, and it opened a fat new revenue line through early-access enterprise and government deals. Every other lab noticed.
Kavukcuoglu told The Verge that Google has already been talking with governments and enterprises about using CodeMender to audit their systems. Sundar Pichai was even more direct in a Monday press briefing: “What Mythos has done, and credit to them, is to show that there is a value for the largest-sized model in these kinds of security use cases. But I think it’s something we are capable of doing as well.”
That’s a CEO publicly conceding the category to a rival, then promising to take it back.
What CodeMender actually does
The pitch is straightforward:
- Find vulnerabilities in large codebases that human review teams routinely miss.
- Patch them rather than just flag them, closing the loop most static analysis tools leave open.
- Target high-stakes systems where buyers, governments, banks, critical infrastructure, will pay premium prices for assurance.
Google isn’t disclosing pricing or the full testing cohort yet, but the framing matches Anthropic’s playbook: limited early access, enterprise and government first, broader rollout later.
Why this matters
Cybersecurity is rapidly becoming the wedge category for frontier model revenue. The labs need profit ahead of IPO chatter (OpenAI) or to defend a lead (Google), and selling code-auditing agents to regulated industries is a much cleaner business than chasing consumer subscriptions.
For practitioners, a few things to watch:
- Tooling consolidation. If CodeMender, Mythos, and OpenAI’s equivalent all mature, traditional SAST and DAST vendors are going to feel it fast.
- Procurement shifts. Expect security teams to start fielding pitches from model labs directly, not just from established security vendors.
- Disclosure questions. When an AI agent finds a zero-day in your code, who owns the disclosure timeline? None of the labs have published a clean answer yet.
What stands out here is the speed. Mythos Preview is barely out the door and Google has already moved CodeMender from October’s reveal to a marketed product with active government conversations. The AI security race just compressed from years to weeks.
Full details at the original source.