OpenAI unveils Aardvark, a GPT-5 powered agent for autonomous cybersecurity research
OpenAI has introduced Aardvark, a new security researcher agent designed to find and help fix software vulnerabilities. Powered by GPT-5 and currently in private beta, the tool targets the growing volume of flaws across enterprise and open source codebases, and evolves from an internal system OpenAI used with its own developers.
Aardvark connects to a code repository, then works through a staged workflow. It first profiles the codebase to understand design, objectives, and security implications. It searches for weaknesses across historical changes and recent commits, and annotates suspect code so human reviewers can assess findings quickly. Suspected issues are then validated in a sandbox, where the agent attempts to trigger the vulnerability. Results are stored with metadata to support triage and deeper analysis.
When remediation is ready to begin, Aardvark proposes patches by pairing its analysis with OpenAI’s agentic coding assistant, Codex. The suggested fixes are presented for human review before implementation, creating a human in the loop flow for security teams.
The launch arrives in a year defined by AI agents that act on users’ behalf across tasks such as research, shopping, and coding. It also meets a climate in which many IT leaders view agents as both useful and risky. OpenAI says it will use feedback from selected partners in the private beta to refine detection accuracy, strengthen validation workflows, and expand the feature set.
Aardvark is invite only at this stage. OpenAI has not announced a general availability timeline.
Photo Credit: DepositPhotos.com
