OpenAI Aardvark automatically detects vulnerabilities

OpenAI introduces Aardvark, an autonomous security agent that detects and resolves code vulnerabilities. The tool is now available in a private beta and is designed to help developers prevent security issues.

Benchmarks show that Aardvark recognizes 92 percent of known and synthetically introduced vulnerabilities in test repositories. OpenAI has already discovered and reported dozens of vulnerabilities in open-source projects, ten of which have been assigned CVE numbers.

OpenAI claims that Aardvark also uncovers logic flaws, incomplete fixes, and privacy issues. “Our testing shows that around 1.2% of commits introduce bugs—small changes that can have outsized consequences,” the company says.

The tool works with platforms such as GitHub and existing workflows. This should ensure that developers remain productive while security is improved.

AI as a security researcher

Software vulnerabilities remain a serious problem. Tens of thousands of new vulnerabilities are discovered every year, and developers are constantly trying to stay ahead of attackers. Aardvark addresses this challenge by leveraging GPT-5 and reasoning technology. The tool continuously scans code repositories to identify issues before they are exploited.

Unlike traditional analysis tools, Aardvark takes a more human approach. It analyzes code as a security researcher would: by reading code, running tests, and deploying tools.

From discovery to solution

The security agent goes through several phases. First, it creates a threat model based on the entire repository. It then checks new commits against this model. With each new connected project, Aardvark scans the existing codebase. OpenAI explains in the announcement that the system explains vulnerabilities step by step with annotations.

After identifying a potential vulnerability, Aardvark attempts to exploit it in a sandbox environment. This minimizes false positives. As a final step, Aardvark generates a patch through integration with OpenAI Codex. This provides developers with a ready-to-use solution.

OpenAI has also adjusted its disclosure policy. Instead of rigid deadlines, the company has opted for a collaborative approach. “We anticipate tools like Aardvark will result in the discovery of increasing numbers of bugs, and want to sustainably collaborate to achieve long-term resilience,” the explanation reads.

The private beta is now open to selected partners. OpenAI primarily wants to validate Aardvark’s performance across different environments.

Tip: OpenAI is aiming for the largest IPO ever, but is being patient

OpenAI Aardvark automatically detects vulnerabilities

AI as a security researcher

From discovery to solution

Stay tuned, subscribe!

imec holds the key to develop quantum applications faster

Nvidia acquires significant stake in Nokia to accelerate 5G and 6G

The true cost of a cloud outage

How attackers use Microsoft agents to steal OAuth tokens

SAP's AI migration tools from ECC to S/4HANA: faster and cheaper ERP transitions

ServiceNow goes after the mid-market with its AI-based Core Business Suite

Atlassian CTO on realistic AI: Rovo, data privacy & adoption

Oracle Database @ AWS: best of both worlds?

Three Ways Secure Modern Networks Unlock the True Power of AI

How to Safeguard and Prepare Exchange Server against Natural Disasters?

Minimizing liability is not the same as security: Lessons learned from Collin’s Aerospace cyberattack

Dell Technologies Forum

BrickCon The Databricks Community Conference

Appdevcon

Webdevcon

Dutch PHP Conference

GITEX ASIA 2026

Experience Synology’s latest enterprise backup solution

How to choose the right Enterprise Linux platform?

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices