Oct 31, 2025 10:51:00

OpenAI announces GPT-5-based vulnerability detection tool 'Aardvark,' already in use internally by OpenAI

OpenAI has announced Aardvark , an AI agent that continuously analyzes source code repositories to identify vulnerabilities. It is said to be a tool that can 'read' code like a human and implement security measures.

Aardvark Private Beta | OpenAI

https://openai.com/index/introducing-aardvark/

Aardvark is an autonomous security research agent powered by OpenAI's GPT-5 AI model. It uses inference and tools based on large-scale language models to analyze source code, identify vulnerabilities, assess their exploitability, prioritize their severity, and then attempt to fix them, run tests, and propose fixes.

Aardvark uses a multi-step process to identify, describe, and fix vulnerabilities:

Analysis: Analyze the entire repository and generate a threat model that reflects the project's security goals and design.
Commit Scanning: When new code is committed, the commit-level changes are inspected against the entire repository and threat model to scan for vulnerabilities.
・Verification: After identifying potential vulnerabilities, we reproduce them in an isolated sandbox environment to confirm their exploitability.
Patch application: Collaboration with OpenAI's AI coding tool '

Codex ' helps fix discovered vulnerabilities

Aardvark has been running for several months and is being used by OpenAI internally and with external partners, who have praised Aardvark for its ability to uncover critical vulnerabilities and strengthen their defenses, while external partners have praised Aardvark for its ability to uncover issues that only arise under complex conditions.

Aardvark has also been applied to open source projects, and OpenAI has discovered and disclosed numerous vulnerabilities, 10 of which have been designated as Common Vulnerabilities and Exposures (CVE). In addition, OpenAI plans to offer free scanning of non-commercial open source repositories to contribute to improving the security of open source software.

Aardvark is currently available in private beta, and you can apply for use using the dedicated form .

'Software security is one of the most important and challenging challenges in technology. Every year, tens of thousands of new vulnerabilities are discovered in enterprise and open source codebases. Defenders face the daunting task of finding and fixing vulnerabilities before attackers. At OpenAI, we are working to tip the balance in favor of defenders,' said OpenAI.