OpenAI unveiled Aardvark, a GPT-5–based security agent that autonomously analyzes software code to find vulnerabilities and even proposes customized security patches. Aardvark assesses the exploitability of vulnerabilities and sets priorities using reasoning and tool use similar to human security researchers, and provides a patch suggestion feature with annotations and one-click application to make it easy for the person in charge to review and apply.
OpenAI said on the 30th (local time) that after operating Aardvark for months inside OpenAI and with some partners, it discovered numerous real-world vulnerabilities, 10 of which were assigned Common Vulnerabilities and Exposures (CVE) numbers. The company plans to distribute Aardvark first as a closed beta and gradually expand access, and will provide free detection services for some open-source software.
Aardvark is characterized by combining tools based on complex reasoning to find issues, unlike traditional static and dynamic analysis techniques. OpenAI said the agent explains vulnerable code sections with annotations and, after reviewing the generated patches, offers a workflow that lets users apply them with a single click, reducing the burden on security staff to review and modify.
Meanwhile, Aardvark refers to a mammal native to Africa that eats ants and termites, and appears to have been named to convey the idea of finding software "bugs."