OpenAI Unveils “Aardvark”—A GPT-5 Powered Agentic Security Researcher in Private Beta

OpenAI announced the launch of Aardvark, an autonomous AI agent designed to operate like a human security researcher—capable of discovering, validating, and patching software vulnerabilities at scale. The agent, powered by GPT-5, is currently in private beta.

Software security remains one of the most critical challenges in technology today. Tens of thousands of new vulnerabilities are discovered each year, and organisations often struggle to stay ahead of malicious actors. OpenAI says Aardvark aims to tilt that balance in favor of defenders.

Rather than rely on traditional tools such as fuzzing or software composition analysis, Aardvark uses LLM-powered reasoning and tool-use to scan repositories, build threat models, monitor commits, validate exploitability in sandboxed environments, and generate patches with the help of the company’s Codex models.

In testing on benchmark repositories, the agent achieved a 92 % detection rate of known and synthetically introduced vulnerabilities.

OpenAI says Aardvark has already been used internally and by external alpha partners, and it has also found real flaws in open-source projects—ten of which received CVE identifiers.

The company plans to offer pro-bono scanning for select non-commercial open-source repos to help strengthen the broader software ecosystem.

“Aardvark represents a breakthrough in AI and security research: an agentic security researcher that partners with teams by delivering continuous protection as code evolves,” OpenAI said.

The beta rollout invites select partners to join and help refine its detection, validation, and reporting workflows.