Zoonop

OpenAI Unveils Aardvark, a GPT-5 Powered AI Agent, Identifying 92% of Known Vulnerabilities in Tests

Image for OpenAI Unveils Aardvark, a GPT-5 Powered AI Agent, Identifying 92% of Known Vulnerabilities in Tests

OpenAI has introduced Aardvark, an agentic security researcher powered by its advanced GPT-5 model, designed to autonomously identify, validate, and propose fixes for software vulnerabilities. The new AI agent, currently in private beta, has demonstrated significant efficacy, identifying 92 percent of known vulnerabilities in benchmark tests and discovering multiple new Common Vulnerabilities and Exposures (CVEs) in open-source projects. This initiative marks a strategic move towards an AI-driven, "defender-first" approach to cybersecurity.

Aardvark operates by continuously monitoring code commits and changes within repositories, leveraging LLM-powered reasoning to understand code behavior rather than traditional methods like fuzzing. "Aardvark looks for bugs as a human security researcher might: by reading code, analyzing it, writing and running tests, using tools, and more," stated Matt Knight, VP at OpenAI. Once a potential vulnerability is identified, Aardvark validates its exploitability in an isolated sandbox environment and then utilizes OpenAI Codex to suggest and attach secure patches for human review.

The system integrates directly with GitHub and existing development workflows, aiming to provide continuous protection without hindering innovation. OpenAI emphasizes Aardvark's ability to scale security expertise, addressing the challenge of tens of thousands of new vulnerabilities discovered annually. "Aardvark represents a new defender-first model: an agentic security researcher that partners with teams by delivering continuous protection as code evolves," OpenAI announced.

Beyond its internal application and alpha partner deployments, Aardvark has been used to scan open-source projects, leading to the responsible disclosure of numerous vulnerabilities, including ten that have received CVE identifiers. OpenAI plans to offer pro-bono scanning for select non-commercial open-source repositories, reinforcing its commitment to enhancing the security of the broader digital ecosystem. The company is inviting select partners to join the private beta to further refine Aardvark's capabilities.