Aardvark is an agentic security researcher built by OpenAI and powered by GPT‑5, now offered in a private beta. OpenAI positions Aardvark as a breakthrough in Artificial Intelligence and security research designed to scale defensive work across enterprise and open-source codebases. The agent continuously analyzes repositories to produce a threat model, detect vulnerabilities, assess exploitability, prioritize severity, and propose targeted fixes while integrating with existing developer workflows.
Rather than relying on traditional program analysis techniques such as fuzzing or software composition analysis, Aardvark uses Large Language Model reasoning and tool use to understand code behavior in ways a human researcher might: reading code, writing and running tests, using tools, and annotating findings. Its multi-stage pipeline includes full-repository analysis to build a threat model, commit scanning that inspects commit-level changes against the repository and threat model (including initial historical scans when a repo is first connected), sandboxed validation to attempt triggering identified vulnerabilities, and patching support. For fixes, Aardvark integrates with OpenAI Codex to generate candidate patches, attaches a scanned patch to each finding, and provides step-by-step explanations and annotated code to support human review and one-click patching workflows. It also integrates with GitHub and other existing developer tools to surface clear, actionable insights without slowing development.
OpenAI reports that Aardvark has run across internal codebases and with external alpha partners for several months, surfacing meaningful issues that sometimes require complex conditions to trigger. In benchmark testing on “golden” repositories, Aardvark identified 92% of known and synthetically introduced vulnerabilities. Applied to open-source projects, it has discovered vulnerabilities that led to responsible disclosure, including ten findings that received Common Vulnerabilities and Exposures identifiers. OpenAI plans pro-bono scanning for select non-commercial open-source repositories and has updated its outbound coordinated disclosure policy. Select partners can apply to join the private beta to help refine detection accuracy, validation workflows, and reporting experience.
