Aardvark, an AI-powered security researcher based on GPT-5 technology that automatically finds and addresses software flaws, has been introduced by OpenAI.
The new agentic technology, which is now in private beta, advances automated cybersecurity defense and provides development teams with ongoing defense against new threats.
As an independent security agent, Aardvark continuously scans source code repositories for vulnerabilities, evaluates their exploitability, and creates customized patches.
Aardvark uses large language model reasoning to examine code behavior in a manner like that of human security researchers, in contrast to conventional vulnerability discovery techniques that depend on fuzzing or software composition analysis.
The system uses a multi-stage pipeline to read code, run tests, and assess possible security flaws.
Analysis, commit scanning, validation, and patching are the four main phases of the tool’s operation. To find potential vulnerabilities, Aardvark first builds a thorough threat model of the entire repository and then compares commit-level changes to this model.
In order to verify exploitability, the agent tries to activate the vulnerability in an isolated sandbox environment after detecting suspicious code.
Lastly, Aardvark creates fixes that can be vetted and distributed with a single click by integrating with OpenAI Codex.
Aardvark demonstrated strong efficacy in real-world circumstances, with a 92% detection rate for known and artificially created vulnerabilities in benchmark testing on specially prepared repositories.
For several months, the system has been operating nonstop throughout OpenAI’s internal codebases and external partner environments, successfully detecting significant security flaws that arise in challenging circumstances.
Aardvark has also been used by OpenAI in open-source projects, where it has identified several vulnerabilities using responsible disclosure procedures.