OpenAI's Aardvark, GPT-5 Agent for Automated Code Security

OpenAI has unveiled Aardvark, an agentic security researcher powered by its GPT-5 model, designed to automatically detect and fix software vulnerabilities. Now in private beta, Aardvark integrates directly into software development pipelines, functioning as an autonomous AI partner for developers and cybersecurity teams.

The agent continuously scans source code repositories, identifies security flaws, assesses their exploitability, prioritizes severity, and proposes targeted patches. By embedding itself in codebases, Aardvark monitors commits and code changes in real time, detecting vulnerabilities and offering LLM-based reasoning and patch generation through OpenAI Codex.

Once a flaw is identified, Aardvark attempts to exploit it within a sandboxed environment to confirm its severity before generating a secure fix for human review. The agent also builds a threat model for each project, analyzing historical and current code to predict potential risks.

Powered by GPT-5’s advanced reasoning and dynamic routing, Aardvark adapts its approach based on project complexity and security context. OpenAI said internal testing and pilot programs have already uncovered 10 CVEs in open-source projects.

Aardvark joins a growing lineup of AI-driven cybersecurity tools such as Google’s CodeMender and XBOW, marking a new era of automated vulnerability detection and remediation.

Described as a “defender-first model,” OpenAI says Aardvark aims to deliver continuous, proactive protection—helping teams catch vulnerabilities early, validate real-world exploitability, and apply precise fixes without slowing development.