OpenAI has announced the launch of Aardvark, an autonomous AI agent designed to identify and fix security vulnerabilities in software codebases. Powered by GPT-5, Aardvark is intended to assist developers and security teams in uncovering flaws before they can be exploited. The company described the system as “a breakthrough in AI and security research,” now available in private beta to selected partners.
Aardvark continuously analyzes source code repositories, monitoring new commits to detect vulnerabilities, assess their severity, and suggest targeted patches. Unlike conventional program analysis techniques such as fuzzing, Aardvark uses large language model (LLM) reasoning and tool-based workflows to read, interpret, and test code. “Aardvark looks for bugs as a human security researcher might: by reading code, analyzing it, writing and running tests, using tools, and more,” OpenAI said in its announcement.
The system operates in multiple stages, beginning with a full repository analysis to generate a threat model. It then scans new code commits, validates potential exploits in a sandboxed environment, and proposes AI-generated patches via integration with OpenAI Codex. OpenAI stated that Aardvark “delivers clear, actionable insights without slowing development,” integrating directly with GitHub and other developer tools.
In early internal and partner testing, Aardvark has reportedly identified 92% of known and synthetic vulnerabilities within benchmark repositories. OpenAI said the agent has already surfaced meaningful issues within its own codebases and several partner projects. The company also noted that Aardvark has responsibly disclosed vulnerabilities in open-source projects, ten of which have been assigned Common Vulnerabilities and Exposures (CVE) identifiers.
OpenAI plans to expand Aardvark’s access beyond private beta in the coming months. “We believe in expanding access to security expertise,” the company said. “By catching vulnerabilities early, validating real-world exploitability, and offering clear fixes, Aardvark can strengthen security without slowing innovation.” The initiative is part of OpenAI’s broader goal to enhance software resilience across commercial and open-source ecosystems.
Source: OpenAI