Skip to content
Longterm Wiki
Back

OpenAI announced Aardvark

web
OpenAI·openai.com/index/introducing-aardvark/

Credibility Rating

4/5
High(4)

High quality. Established institution or organization with editorial oversight and accountability.

Rating inherited from publication venue: OpenAI

Relevant to AI safety discussions around dual-use capabilities: agentic AI systems that autonomously find and exploit software vulnerabilities could significantly shift offensive/defensive balances in cybersecurity, raising questions about deployment safeguards and misuse potential.

Metadata

Importance: 52/100blog postprimary source

Summary

OpenAI introduced Aardvark, an autonomous AI security research agent powered by GPT-5 that continuously analyzes codebases to discover vulnerabilities, validate exploitability in sandboxed environments, and propose patches. Unlike traditional static analysis tools, it uses LLM-powered reasoning to read and understand code as a human security researcher would. It was later rebranded as Codex Security in March 2026.

Key Points

  • Aardvark is an agentic vulnerability discovery system that monitors code commits, identifies security flaws, and proposes fixes using LLM reasoning rather than fuzzing or static analysis.
  • It uses a multi-stage pipeline: threat modeling, commit scanning, sandboxed exploit validation, and Codex-powered patch generation with human review.
  • Integrates with GitHub and Codex to deliver actionable security insights without disrupting development workflows.
  • Represents an AI capability advance aimed at tipping the balance toward defenders over attackers in software security.
  • Subsequently rebranded as 'Codex Security' and made available as a research preview to ChatGPT Enterprise, Business, and Edu customers.

Cited by 1 page

PageTypeQuality
Cyberweapons RiskRisk91.0

Cached Content Preview

HTTP 200Fetched Apr 9, 202612 KB
Introducing Aardvark: OpenAI’s agentic security researcher | OpenAI

 

 
 
 
 

 Feb
 MAR
 Apr
 

 
 

 
 29
 
 

 
 

 2025
 2026
 2027
 

 
 
 

 

 

 
 
success

 
fail

 
 
 
 
 
 
 
 
 
 
 

 

 
 
 
 
 
 
 
 
 

 

 About this capture
 

 

 

 

 

 

 
COLLECTED BY

 

 

 
 
Collection: Save Page Now

 

 

 

 

 
TIMESTAMPS

 

 

 

 

 

 

The Wayback Machine - https://web.archive.org/web/20260329000702/https://openai.com/index/introducing-aardvark/

 

Skip to main content

li:hover)>li:not(:hover)>*]:text-primary-60 flex h-full min-w-0 items-baseline gap-0 overflow-x-hidden whitespace-nowrap [-ms-overflow-style:none] [scrollbar-width:none] focus-within:overflow-visible [&::-webkit-scrollbar]:hidden">
Research

Products

Business

Developers

Company

Foundation(opens in a new window)

Try ChatGPT

(opens in a new window)

Research

Products

Business

Developers

Company

Foundation

(opens in a new window)

Try ChatGPT

(opens in a new window)

OpenAI

Table of contents

How Aardvark works

Real impact, today

Aardvark for Open Source

Why it matters

Private beta now open

October 30, 2025
SecurityProductResearchRelease

Introducing Aardvark: OpenAI’s agentic security researcher

Now in private beta: an AI agent that thinks like a security researcher and scales to meet the demands of modern software.

Loading…

Share

March 6, 2026 Update: Aardvark is now Codex Security, and is available as a research preview.

Aardvark is now built directly into Codex as Codex Security, and is rolling out to ChatGPT Enterprise, Business, and Edu customers via Codex web with free usage for the next month. Please see our blog here.⁠

Today, we’re announcing Aardvark, an agentic security researcher powered by GPT‑5.

Software security is one of the most critical—and challenging—frontiers in technology. Each year, tens of thousands of new vulnerabilities are discovered across enterprise and open-source codebases. Defenders face the daunting tasks of finding and patching vulnerabilities before their adversaries do. At OpenAI, we are working to tip that balance in favor of defenders.

Aardvark represents a breakthrough in AI and security research: an autonomous agent that can help developers and security teams discover and fix security vulnerabilities at scale. Aardvark is now available in private beta to validate and refine its capabilities in the field.

How Aardvark works

Aardvark continuously analyzes source code repositories to identify vulnerabilities, assess exploitability, prioritize severity, and propose targeted patches.

Aardvark works by monitoring commits and changes to codebases, identifying vulnerabilities, how they might be exploited, and proposing fixes. Aardvark does not rely on traditional program analysis techniques like fuzzing or software composition analysis. Instead, it uses LLM-powered reasoning and tool-use to understand code behavior and identify vulnerabilities. Aardvark looks for bugs as a human security researcher mig

... (truncated, 12 KB total)
Resource ID: 695ebc69943bd9c1 | Stable ID: sid_6B8GDn8mDO