OpenAI Group PBC has unveiled Aardvark, a new autonomous AI agent powered by GPT-5 designed to detect, verify, and assist in patching software vulnerabilities in real time.
Described by OpenAI as a “breakthrough in AI and security research,” Aardvark functions as an “AI security researcher” capable of scanning code repositories, reasoning about potential weaknesses, and even generating validated patches. The goal is to equip defenders with an intelligent ally that can keep pace with the speed and scale of modern software development.
Aardvark integrates directly with platforms like GitHub and supports both open-source and enterprise environments.
The agent operates by first analyzing entire repositories to build contextual threat models, then scrutinizing each new code commit for vulnerabilities. Upon identifying a potential issue, Aardvark automatically attempts to reproduce the flaw in a sandboxed environment to confirm its validity before proposing a fix using OpenAI’s Codex engine.
To maintain human oversight, the system delivers detailed reports and suggested patches for manual review rather than applying unverified changes autonomously.
According to OpenAI, early results are promising: during internal testing, Aardvark identified approximately 92% of known and synthetically generated vulnerabilities in benchmark repositories. In limited trials, it also uncovered real-world issues in open-source projects—some of which have since been assigned official Common Vulnerabilities and Exposures (CVE) identifiers.
While OpenAI isn’t traditionally known for cybersecurity tools, the company states that Aardvark is part of a new commitment to “give back” by contributing tools and discoveries that enhance the safety of the broader digital ecosystem. As part of this initiative, Aardvark will offer complimentary vulnerability scanning for selected non-commercial open-source repositories to strengthen the security of the open-source software supply chain.
Aardvark is currently in private beta to further validate and refine its real-world capabilities. OpenAI has not yet announced a timeline for the general availability of this new “AI security researcher.”
