"It works by embedding itself into the software development pipeline, monitoring commits and changes to codebases, detecting security issues and how they might be exploited, and proposing fixes to address them using LLM-based reasoning and tool-use. Powering the agent is GPT‑5, which OpenAI introduced in August 2025. The company describes it as a "smart, efficient model" that features deeper reasoning capabilities, courtesy of GPT‑5 thinking, and a "real‑time router" to decide the right model to use based on conversation type, complexity, and user intent."
"Aardvark, OpenAI added, analyses a project's codebase to produce a threat model that it thinks best represents its security objectives and design. With this contextual foundation, the agent then scans its history to identify existing issues, as well as detect new ones by scrutinizing incoming changes to the repository. Once a potential security defect is found, it attempts to trigger it in an isolated, sandboxed environment to confirm its exploitability and leverages OpenAI Codex, its coding agent, to produce a patch that can be reviewed by a human analyst."
Aardvark is an autonomous, agentic security researcher powered by GPT‑5 that embeds into software development pipelines to monitor commits and code changes. The agent generates threat models for projects, scans historical and incoming code for vulnerabilities, assesses exploitability in sandboxed environments, and proposes targeted patches using Codex. Aardvark ranks severity and prioritizes fixes to support developer and security team workflows. The agent has been run across internal codebases and external alpha partners and has helped identify at least ten CVEs in open-source projects while remaining in private beta.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]