OpenAI launches Aardvark to detect and patch bugs in code

OpenAI has unveiled Aardvark, an advanced autonomous AI agent designed to function as an artificial cybersecurity researcher.

Powered by the company’s GPT-5 model, the agent is currently in private beta and promises to transform how software vulnerabilities are identified and fixed.

Aardvark’s core function is to assist security teams in tackling the relentless flow of vulnerabilities found across global codebases. The agent is capable of discovering, explaining and even helping to patch security flaws, a critical capability when tens of thousands of new issues emerge every year.

Unlike traditional, rigid code scanners, Aardvark mimics a human security professional by using Large Language Model (LLM)-powered reasoning to understand code semantics and behaviour. It began as an internal tool, where its ability to explain security issues and guide developers to a fix proved its value.

The agent works in several distinct stages. First, it connects to a repository and analyzes the codebase to understand its overall design, objectives, and security implications. It then continuously monitors for vulnerabilities, checking new code commits against existing security patterns.

Crucially, Aardvark aims to significantly reduce false positives, which often overwhelm developers. Upon identifying a potential issue, the agent first attempts to validate the finding by exploiting it in a secure, sandboxed environment.

Once a vulnerability is confirmed, Aardvark integrates with Codex to propose a direct patch. It then re-analyzes the suggested fix to ensure the repair itself does not introduce new problems.

This multi-stage analysis and validation process is viewed as a major leap toward embedding security directly into the development workflow – a concept known as “shifting security left.”

By making security continuous and automatic, the agent can help both large enterprises and non-commercial open-source projects, where Aardvark has already discovered multiple real-world vulnerabilities. OpenAI plans to offer pro-bono scanning to selected non-commercial projects.

The launch of Aardvark signals a growing industry trend toward using autonomous AI agents to handle the increasing volume and sophistication of modern cyber threats.