Join us as we explore Aardvark, OpenAI’s groundbreaking agentic security researcher, now available in private beta. Powered by GPT-5, Aardvark is an autonomous agent designed to help developers and security teams discover and fix security vulnerabilities at scale.
Software security is one of the most critical and challenging frontiers in technology. With over 40,000 CVEs reported in 2024 alone, and estimates showing that around 1.2% of commits introduce bugs, software vulnerabilities pose a systemic risk to infrastructure and society. Aardvark is working to tip this balance in favor of defenders, representing a new, defender-first model that delivers continuous protection as code evolves.
Unlike traditional program analysis techniques like fuzzing, Aardvark uses LLM-powered reasoning and tool-use to understand code behavior and identify vulnerabilities. It approaches security like a human researcher would: reading code, running tests, analyzing findings, and using tools.
Aardvark operates through a multi-stage pipeline to identify, explain, and fix issues:
The results are significant: in benchmark testing on "golden" repositories, Aardvark identified 92% of known and synthetically-introduced vulnerabilities. It also uncovers other issues, such as logic flaws, incomplete fixes, and privacy concerns. Aardvark integrates seamlessly with existing workflows and has already surfaced meaningful vulnerabilities within OpenAI's internal codebases and external alpha partners.
Furthermore, Aardvark has already been applied to open-source projects, contributing to the security of the ecosystem and resulting in the responsible disclosure of numerous vulnerabilities—ten of which have received CVE identifiers. By catching vulnerabilities early and offering clear fixes, Aardvark helps strengthen security without slowing innovation.
Tune in to understand how this new breakthrough in AI and security research is expanding access to security expertise.