After helping expand the modern software attack surface with the rise of AI services prone to data poisoning and prompt injection, OpenAI has thrown a bone to cyber defenders.
The maker of ChatGPT on Thursday announced that it is privately testing Aardvark, an agentic security system based on GPT‑5.
“Aardvark represents a breakthrough in AI and security research: an autonomous agent that can help developers and security teams discover and fix security vulnerabilities at scale,” the company said in its post. “Aardvark is now available in private beta to validate and refine its capabilities in the field.”
A software agent is an AI model with access to other software tools that tries t…
After helping expand the modern software attack surface with the rise of AI services prone to data poisoning and prompt injection, OpenAI has thrown a bone to cyber defenders.
The maker of ChatGPT on Thursday announced that it is privately testing Aardvark, an agentic security system based on GPT‑5.
“Aardvark represents a breakthrough in AI and security research: an autonomous agent that can help developers and security teams discover and fix security vulnerabilities at scale,” the company said in its post. “Aardvark is now available in private beta to validate and refine its capabilities in the field.”
A software agent is an AI model with access to other software tools that tries to address a particular task. That potentially toxic relationship has helped spawn dozens of AI security startups and too many research papers about the security risks posed by large language models.
Aardvark might just undo some of the harm that has arisen from vibe coding with the likes of GPT-5, not to mention the general defect rate of human-authored software. It can scan source code repositories on an ongoing basis to flag vulnerabilities, test the exploitability of code, prioritize bugs by severity, and propose fixes.
- YouTube’s AI moderator pulls Windows 11 workaround videos, calls them dangerous
- Meta to sell $30B in bonds to build AI datacenters
- Amazon juggernaut continues hauling in more cash despite recent bad news
- ‘Keep Android Open’ movement fights back against Google sideloading restrictions
“Aardvark does not rely on traditional program analysis techniques like fuzzing or software composition analysis,” according to OpenAI. “Instead, it uses LLM-powered reasoning and tool-use to understand code behavior and identify vulnerabilities. Aardvark looks for bugs as a human security researcher might: by reading code, analyzing it, writing and running tests, using tools, and more.”
But unlike a human, Aardvark just runs and runs. It can’t be bargained with; it can’t be reasoned with. It doesn’t feel pity or remorse or fear. And it absolutely will not stop unless you’ve set up an OpenAI API budget limit, your credit card expires, or the AI bubble pops and takes us all down with it.
According to OpenAI, Aardvark is quite effective. The company says its AI animal has been rooting around in its internal codebases and those of external alpha test partners for several months. For OpenAI, the agentic beast “surfaced meaningful vulnerabilities and contributed to OpenAI’s defensive posture.” And in benchmark testing on “golden” (authoritative) repos, it has flagged 92 percent of known and synthetically introduced vulnerabilities.
When unleashed on open-source projects, Aardvark has sniffed out at least ten vulnerabilities worthy of a Common Vulnerabilities and Exposures (CVE) identifier.
That’s somewhat less than 72 security fixes Google claims that its CodeMender AI system has managed, or the 26 flaws found by Google’s OSS-Fuzz project a year ago.
As to whether Aardvark really represents “a breakthrough,” we may know more once it has been made publicly available and the critter can be evaluated against the many existing AI-flavored security tools that have emerged in recent years, such as ZeroPath and Socket. ®