OpenAI unveils Aardvark, an agentic AI security researcher
Powered by GPT‑5, Aardvark will continuously scan code, validate exploitability in a sandbox and propose patches; OpenAI tied the rollout to an updated disclosure policy and invited organisations to join a private beta.
OpenAI has unveiled Aardvark, a security-focused AI agent designed to detect, validate and help remediate software vulnerabilities at scale. The company opened a private beta for selected partners following the announcement on 30 October 2025.
Positioned as an “agentic security researcher,” Aardvark uses GPT‑5 to read code, reason about exploit paths and propose targeted patches.
Unlike traditional approaches such as fuzzing or software composition analysis, it works by continuously analysing repositories, monitoring commits, validating suspected issues in a sandbox and attaching Codex‑generated patches for human review via existing developer workflows, including GitHub.
Real‑world testing and early results
OpenAI said Aardvark has been running for months across its own codebases and external alpha partners.
In benchmark runs on “golden” repositories, the agent identified 92% of known and synthetically introduced issues, and its open‑source work has led to multiple responsible disclosures, including ten CVE‑assigned vulnerabilities, as per claims.
According to OpenAI, the agent surfaced these meaningful, sometimes highly conditional bugs in production‑like environments and uncovered additional categories of issues beyond security, such as logic flaws and incomplete fixes—each accompanied by a proposed patch for review.
Alongside Aardvark’s expansion, OpenAI updated its outbound coordinated disclosure policy, taking a developer‑friendly stance focused on cooperation and scalable impact rather than rigid timelines.
The policy outlines validation, peer review and exceptions for public disclosure in specific circumstances.