OpenAI Launches Aardvark: GPT-5-Powered AI Agent Revolutionizes Cybersecurity Research

OpenAI unveils 'Aardvark,' a GPT-5-powered agent for autonomous cybersecurity research

Also: 96% of IT pros say AI agents are a security risk, but they're deploying them anyway Aardvark, OpenAI's new agentic security researcher powered by GPT-5 and released Thursday, can assist security teams by identifying and helping patch vulnerabilities. The agent is meant to tackle existing challenges in the software security space, as tens of thousands of new vulnerabilities are discovered across enterprise and open-source codebases every year, the company said in the blog post. OpenAI noted that Aardvark began as an internal tool to help its own developers. "Our developers found real value in how clearly it explained issues and guided them to fixes. That signal told us we were on the path to something meaningful," Matt Knight, VP at OpenAI, told me. Simply put, Aardvark is an agent that, when connected to a repository, can discover, explain, and help fix security vulnerabilities. It achieves this by leveraging LLM-powered reasoning and tool use, and taking a unique approach that can be divided into easy-to-understand stages. Also: AI is making cybercriminal workflows more efficient too, OpenAI finds As Knight explained to me, Aardvark will first examine the repository to understand what the codebase is for and its security implications, including objectives and design. Then it will look for vulnerabilities by examining past actions and new code that has been committed. As it scans, it will explain the vulnerabilities it finds by annotating the code, which humans can then review and address. Aardvark will then attempt to prove the existence of a vulnerability by placing it in a sandboxed environment, where it will attempt to trigger it. The results are then labeled with metadata that can be used to filter and dig deeper. Also: GitHub's new Agent HQ gives devs a command center for all their AI tools - why this is a huge deal Lastly, Aardvark can help the defender fix the vulnerabilities it finds by leveraging OpenAI's agentic coding assistant, Codex. Aardvark provides users with a Codex-generated and Aardvark-scanned patch for the human to review and implement. Aardvark is available in private beta to select partners who are invited by OpenAI to participate. Since the tool is still in its beginning stages, OpenAI said it will use participants' feedback to refine the entire experience, working with the team to improve detection accuracy, enhance validation workflows, and provide additional benefits.

OpenAI unveils Aardvark AI to secure software against cyberattacks

Aardvark continuously monitors source code repositories, analyzing commits, scanning for vulnerabilities, and prioritizing which ones matter most. It then tests potential flaws in a secure, sandboxed environment to confirm if they can actually be exploited. Once verified, Aardvark automatically proposes fixes through OpenAI Codex, attaching ready-to-review patches for developers. While it reasons and tests much like a human security researcher, reading code, identifying logic flaws, and suggesting targeted fixes, the final decision always rests with developers, who review and approve each patch. According to OpenAI, "Aardvark looks for bugs as a human security researcher might: by reading code, analyzing it, writing and running tests, using tools, and more." In internal use, it has already helped uncover and fix meaningful vulnerabilities across OpenAI's own systems and those of select alpha partners. During benchmark testing, the AI identified 92% of known and synthetically introduced vulnerabilities, demonstrating what OpenAI calls "high recall and real-world effectiveness." Partners have praised its ability to spot issues that emerge only under complex, real-world conditions.

Meet Aardvark, OpenAI's first-party AI security agent

OpenAI has introduced Aardvark, a GPT-5-powered autonomous security researcher agent now available in private beta. Designed to emulate how human experts identify and resolve software vulnerabilities, Aardvark offers a multi-stage, LLM-driven approach for continuous, 24/7/365 code analysis, exploit validation, and patch generation! Positioned as a scalable defense tool for modern software development environments, Aardvark is being tested across internal and external codebases. OpenAI reports high recall and real-world effectiveness in identifying known and synthetic vulnerabilities, with early deployments surfacing previously undetected security issues. Aardvark comes on the heels of OpenAI's release of the gpt-oss-safeguard models yesterday, extending the company's recent emphasis on agentic and policy-aligned systems. Technical Design and Operation Aardvark operates as an agentic system that continuously analyzes source code repositories. Unlike conventional tools that rely on fuzzing or software composition analysis, Aardvark leverages LLM reasoning and tool-use capabilities to interpret code behavior and identify vulnerabilities. It simulates a security researcher's workflow by reading code, conducting semantic analysis, writing and executing test cases, and using diagnostic tools. Its process follows a structured multi-stage pipeline: Aardvark integrates with GitHub, Codex, and common development pipelines to provide continuous, non-intrusive security scanning. All insights are intended to be human-auditable, with clear annotations and reproducibility. Performance and Application According to OpenAI, Aardvark has been operational for several months on internal codebases and with select alpha partners. In benchmark testing on "golden" repositories -- where known and synthetic vulnerabilities were seeded -- Aardvark identified 92% of total issues. OpenAI emphasizes that its accuracy and low false positive rate are key differentiators. The agent has also been deployed on open-source projects. To date, it has discovered multiple critical issues, including ten vulnerabilities that were assigned CVE identifiers. OpenAI states that all findings were responsibly disclosed under its recently updated coordinated disclosure policy, which favors collaboration over rigid timelines. In practice, Aardvark has surfaced complex bugs beyond traditional security flaws, including logic errors, incomplete fixes, and privacy risks. This suggests broader utility beyond security-specific contexts. Integration and Requirements During the private beta, Aardvark is only available to organizations using GitHub Cloud (github.com). OpenAI invites beta testers to sign up here online by filling out a web form. Participation requirements include: * Integration with GitHub Cloud * Commitment to interact with Aardvark and provide qualitative feedback * Agreement to beta-specific terms and privacy policies OpenAI confirmed that code submitted to Aardvark during the beta will not be used to train its models. The company is also offering pro bono vulnerability scanning for selected non-commercial open-source repositories, citing its intent to contribute to the health of the software supply chain. Strategic Context The launch of Aardvark signals OpenAI's broader movement into agentic AI systems with domain-specific capabilities. While OpenAI is best known for its general-purpose models (e.g., GPT-4 and GPT-5), Aardvark is part of a growing trend of specialized AI agents designed to operate semi-autonomously within real-world environments. In fact, it joins two other active OpenAI agents now: * ChatGPT agent, unveiled back in July 2025, which controls a virtual computer and web browser and can create and edit common productivity files * Codex -- previously the name of OpenAI's open source coding model, which it took and re-used as the name of its new GPT-5 variant-powered AI coding agent unveiled back in May 2025 But a security-focused agent makes a lot of sense, especially as demands on security teams grow. In 2024 alone, over 40,000 Common Vulnerabilities and Exposures (CVEs) were reported, and OpenAI's internal data suggests that 1.2% of all code commits introduce bugs. Aardvark's positioning as a "defender-first" AI aligns with a market need for proactive security tools that integrate tightly with developer workflows rather than operate as post-hoc scanning layers. OpenAI's coordinated disclosure policy updates further reinforce its commitment to sustainable collaboration with developers and the open-source community, rather than emphasizing adversarial vulnerability reporting. While yesterday's release of oss-safeguard uses chain-of-thought reasoning to apply safety policies during inference, Aardvark applies similar LLM reasoning to secure evolving codebases. Together, these tools signal OpenAI's shift from static tooling toward flexible, continuously adaptive systems -- one focused on content moderation, the other on proactive vulnerability detection and automated patching within real-world software development environments. What It Means For Enterprises and the CyberSec Market Going Forward Aardvark represents OpenAI's entry into automated security research through agentic AI. By combining GPT-5's language understanding with Codex-driven patching and validation sandboxes, Aardvark offers an integrated solution for modern software teams facing increasing security complexity. While currently in limited beta, the early performance indicators suggest potential for broader adoption. If proven effective at scale, Aardvark could contribute to a shift in how organizations embed security into continuous development environments. For security leaders tasked with managing incident response, threat detection, and day-to-day protections -- particularly those operating with limited team capacity -- Aardvark may serve as a force multiplier. Its autonomous validation pipeline and human-auditable patch proposals could streamline triage and reduce alert fatigue, enabling smaller security teams to focus on strategic incidents rather than manual scanning and follow-up. AI engineers responsible for integrating models into live products may benefit from Aardvark's ability to surface bugs that arise from subtle logic flaws or incomplete fixes, particularly in fast-moving development cycles. Because Aardvark monitors commit-level changes and tracks them against threat models, it may help prevent vulnerabilities introduced during rapid iteration, without slowing delivery timelines. For teams orchestrating AI across distributed environments, Aardvark's sandbox validation and continuous feedback loops could align well with CI/CD-style pipelines for ML systems. Its ability to plug into GitHub workflows positions it as a compatible addition to modern AI operations stacks, especially those aiming to integrate robust security checks into automation pipelines without additional overhead. And for data infrastructure teams maintaining critical pipelines and tooling, Aardvark's LLM-driven inspection capabilities could offer an added layer of resilience. Vulnerabilities in data orchestration layers often go unnoticed until exploited; Aardvark's ongoing code review process may surface issues earlier in the development lifecycle, helping data engineers maintain both system integrity and uptime. In practice, Aardvark represents a shift in how security expertise might be operationalized -- not just as a defensive perimeter, but as a persistent, context-aware participant in the software lifecycle. Its design suggests a model where defenders are no longer bottlenecked by scale, but augmented by intelligent agents working alongside them.

OpenAI's new agent hunts software bugs like a human

Why it matters: Tools like this could shift the cybersecurity balance toward defenders in their quest to stop malicious hackers. The big picture: Software flaws are an unavoidable part of coding, and they provide prime entry points for cyberattacks. * Source code is an especially high-value target for hackers. They can leverage flaws to gain unauthorized access to corporate networks and deploy malware or steal sensitive customer information and corporate secrets. Zoom in: OpenAI said today the new agent, called Aardvark, is entering beta as an invite-only web app that connects to a user's GitHub environment. * Aardvark uses GPT-5's reasoning to continuously scan codebases, skipping traditional methods like fuzzing, and seek out any weak points. * The agent then flags possible bugs, tests them in a sandbox, and ranks their severity before proposing fixes. * "In some way, it looks for bugs very much in the same way that a human security researcher might," Matt Knight, vice president at OpenAI, said. Yes, but: The agent doesn't patch anything itself. Humans must verify and deploy any fix Aardvark suggests. * For each issue, Aardvark also annotates the code and explains its reasoning -- helping users understand each finding before acting. Between the lines: Bug hunting has long relied on human researchers and penetration-testing firms. But that the process is slow, leaving software exposed if hackers get there first. * "This is an area and a capability that has been out of reach until very recently," Knight said. "But new innovations have unlocked it." The intrigue: In early tests, Aardvark discovered 10 previously unknown security vulnerabilities in open-source projects that later received official CVE identifiers, the system used to catalog software vulnerabilities, Knight said. What's next: Interested companies can apply for early access. OpenAI plans to expand access based on feedback and performance during beta. Go deeper: AI is about to supercharge cyberattacks

OpenAI Launches Aardvark, an AI Agent for Automated Security Research | AIM

The agent continuously monitors code repositories to find and validate vulnerabilities, assess their exploitability, and propose targeted patches. OpenAI has introduced Aardvark, an autonomous AI agent designed to identify and fix security vulnerabilities in software codebases. The system, powered by GPT-5, is now available in private beta to select partners, who will collaborate with OpenAI to refine its detection accuracy, validation workflows, and reporting experience. "Aardvark represents a breakthrough in AI and security research -- an autonomous agent that can help developers and security teams discover and fix security vulnerabilities at scale," OpenAI said in a statement announcing the launch. The agent continuously monitors code repositories to find and validate vulnerabilities, assess their exploitability, and propose targeted patches. Unlike traditional approaches such as fuzzing or software composition analysis, Aardvark uses large language model (LLM)-based reasoning to interpret code, detect bugs, and generate fixes. According to OpenAI, Aardvark operates through a multi-stage process: analysing full repositories to build a threat model, scanning commits for potential vulnerabilities, validating exploitability in a sandboxed environment, and generating patches using Codex for human review and integration. In internal testing, Aardvark identified 92% of known and synthetically introduced vulnerabilities across benchmark repositories. It has also been deployed across OpenAI's internal systems and those of early external partners, where it has reportedly identified "meaningful vulnerabilities" and contributed to strengthening defensive systems. Beyond enterprise use, OpenAI said Aardvark has been applied to open-source projects, resulting in the discovery and responsible disclosure of multiple security issues, ten of which have received Common Vulnerabilities and Exposures (CVE) identifiers. "As beneficiaries of decades of open research and responsible disclosure, we're committed to giving back -- contributing tools and findings that make the digital ecosystem safer for everyone," the company said. OpenAI also announced plans to offer pro-bono scanning for select non-commercial open-source repositories. The company has updated its coordinated disclosure policy to prioritise collaboration and sustainable remediation timelines. "We anticipate tools like Aardvark will result in the discovery of increasing numbers of bugs, and want to sustainably collaborate to achieve long-term resilience," OpenAI said. OpenAI's move comes amid rising concerns about software security. More than 40,000 CVEs were reported in 2024, and the company noted that about 1.2% of all code commits introduce bugs. By deploying AI-driven systems like Aardvark, OpenAI seeks to shift the balance toward defenders through a "defender-first model" that provides continuous protection as code evolves.

OpenAI unveils Aardvark, an autonomous GPT-5 agent built to hunt software vulnerabilities - SiliconANGLE

OpenAI unveils Aardvark, an autonomous GPT-5 agent built to hunt software vulnerabilities OpenAI Group PBC today unveiled Aardvark, a new GPT-5-powered autonomous artificial intelligence agent designed to identify, verify and help fix software vulnerabilities in real time. Pitched by OpenAI as representing a "breakthrough in AI and security research," Aardvark is described as an "AI security researcher" capable of scanning code repositories, reasoning about potential exploits and even generating validated patches. The idea is to give defenders an intelligent ally that can keep pace with the speed and scale of modern software development. Aardvark integrates directly with platforms such as GitHub and supports both open-source and enterprise environments. The agent works by analyzing an entire repository to build a contextual threat model before scanning every new code commit for vulnerabilities. Once an issue is detected, Aardvark automatically attempts to reproduce the exploit in a sandbox to confirm it's real, then proposes a fix using OpenAI's Codex engine. To make sure humans are still in play, the system provides reports and suggested patches for human review rather than making unverified changes autonomously. According to OpenAI, early results have been promising, with Aardvark identifying roughly 92% of known and synthetic vulnerabilities in benchmark repositories during internal testing. In limited trials, the agent has also uncovered real issues in open-source projects, several of which have been assigned official Common Vulnerabilities and Exposure numbers. OpenAI hasn't really been known for the development of cybersecurity tools. The company says Aardvark is part of a new commitment to "giving back," by contributing tools and findings that make the digital ecosystem safer for everyone. As part of that commitment, Aardvark will be offered pro bono scanning to select noncommercial open-source repositories to contribute to the security of the open-source software ecosystem and supply chain. Aardvark is currently available in private beta testing to validate and refine its capabilities in the field. OpenAI has not provided a timeline for when the new "AI security researcher" might be generally available.

What is Aardvark? OpenAI's AI cybersecurity agent explained

New AI agent detects threats in software before hackers strike In a digital era where software vulnerabilities can topple companies and compromise entire infrastructures overnight, OpenAI's latest experiment takes aim at one of technology's oldest weaknesses: human fallibility. The company's new project, Aardvark, is an AI cybersecurity agent designed to autonomously discover, test, and even propose fixes for software vulnerabilities long before hackers can exploit them. Announced in late October 2025, Aardvark represents a new class of what OpenAI calls "agentic systems." Unlike traditional AI models that simply respond to prompts, these agents are built to act autonomously, navigating complex environments, running tests, and reasoning across multiple tools to complete open-ended tasks. In this case, that means playing the role of a tireless security researcher embedded directly into the development process. Also read: ChatGPT Go vs Perplexity Pro vs Gemini Pro: Features compared, which AI is best? Aardvark is powered by GPT-5, OpenAI's most advanced model, and integrates directly with developer ecosystems, scanning Git repositories, commit histories, and live code changes in real time. The idea is to continuously analyze software as it's written, rather than after release, catching potential exploits in the earliest stages of development. But this isn't just another code scanner. Traditional vulnerability-detection tools rely on fixed databases of known weaknesses or static analysis techniques. Aardvark, by contrast, reasons about the logic of code. It builds a "threat model" of the project - an understanding of what the software is supposed to do, where data flows, and how an attacker might break it. Then, using simulated sandbox environments, it attempts to trigger these vulnerabilities itself, validating each finding before flagging it to human engineers. Also read: NVIDIA building a mini-sun for unlimited power: Fusion energy project explained When a genuine flaw is found, Aardvark can propose a patch, complete with an explanation of why the change mitigates the risk. Developers can review and merge this fix through their normal workflow, meaning Aardvark integrates seamlessly with existing pipelines rather than replacing them. The timing couldn't be more critical. The number of reported Common Vulnerabilities and Exposures (CVEs) has grown to over 40,000 in 2024, according to OpenAI's data, more than double the figure from just five years ago. Each represents a potential entry point for ransomware, data theft, or infrastructure compromise. For most companies, especially those with large codebases or limited security staff, manually auditing for such vulnerabilities is impractical. That's the gap Aardvark aims to fill: a scalable, always-on security layer that learns and adapts without constant human oversight. Beyond private corporations, OpenAI has also announced that Aardvark will offer pro-bono scanning for non-commercial open-source repositories - a move that could significantly strengthen the software supply chain that underpins much of the internet. If widely adopted, it could democratize access to high-end security auditing, historically a luxury only large enterprises could afford. Despite its autonomous capabilities, Aardvark isn't replacing human researchers. Each vulnerability it discovers and patch it proposes still passes through human review. That's not a limitation - it's a design principle. OpenAI stresses that human oversight is essential to ensure context, avoid false positives, and prevent the AI from unintentionally introducing new bugs. Still, early reports from OpenAI's internal tests are promising. The company claims a 92% recall rate when benchmarked against known vulnerabilities in "golden" repositories - suggesting that the model can reliably identify and reproduce real-world exploits at scale. Autonomous agents raise new questions of trust, accountability, and security. If an AI is powerful enough to find exploits, could it also be manipulated to misuse them? OpenAI says Aardvark operates in isolated sandboxes and cannot exfiltrate data or execute code outside approved environments, but the idea of an AI with "offensive" cybersecurity potential will inevitably attract scrutiny. Then there's the question of adoption. Integrating an AI agent into enterprise code pipelines requires not just technical onboarding but also cultural change, developers and security teams must trust an automated system to meaningfully contribute to something as sensitive as vulnerability management. Yet, if successful, Aardvark could signal a paradigm shift. Instead of human analysts chasing after an endless stream of new exploits, we may soon see autonomous agents patrolling the world's software ecosystems, quietly patching holes before anyone else even notices them. Aardvark isn't just another AI assistant, it's an experiment in giving artificial intelligence agency, responsibility, and a mission: to safeguard the world's code. It embodies a future where cybersecurity shifts from reactive defense to proactive prevention, powered by machines that can reason, learn, and fix faster than threats emerge. In the arms race between attackers and defenders, OpenAI's Aardvark could be the first sign that the balance of power is beginning to tilt, ever so slightly, back toward the good guys.