OpenAI said Aardvark is currently available in private beta.
OpenAI is inviting select partners to join the Aardvark private beta
Photo Credit: Reuters
OpenAI, on Thursday, introduced a new artificial intelligence (AI) agent that can perform as a software security researcher. Dubbed Aardvark (an African mammal known for its digging ability), the AI agent can analyse, discover, and fix vulnerabilities across software and systems. So far, it was being used internally, but now the San Francisco-based AI giant has released Aardvark in private beta. By inviting partners to test out the agent, OpenAI wants to validate and refine its capabilities in real-world scenarios.
In a post, OpenAI introduced and detailed the AI agent security researcher. Aardvark is a new kind of AI tool for software teams: an automated security researcher that looks at code, spots vulnerabilities, tests how bad they are, and even proposes fixes. Built on GPT-5, it is currently in private beta for selected organisations. Those who participate will gain early access to the tool. Interested organisations and researchers can apply to take part in the exercise here.
OpenAI stated that the reason behind developing this agent is to enhance software security, which is one of the most critical and challenging frontiers in technology. With each iterative breakthrough in the field, bad actors also find new and inventive ways to attack systems with increasingly clever tactics. And with software codebases becoming increasingly complex, it is a challenge for human researchers to analyse and identify all vulnerabilities.
Aardvark can be understood as a specialist in cybersecurity whose job is to constantly watch every code change your team makes, and actively scales up the process of finding, validating and patching them. To do so, it uses AI-powered reasoning and tool-use to understand code behaviour, instead of traditional analysis techniques such as fuzzing or software composition analysis.
Once deployed, the AI agent reads through the entire code repository and builds a “threat model” of how the app works and what security goals it should have. Then, Aardvark begins inspecting those changes for vulnerabilities while being context aware about the entire project. It can also look backwards at older code, if needed.
When it finds something suspicious, the system tries it out in a sandboxed environment to check if the bug is real and how severe it is. This helps reduce false alarms. Finally, Aardvark uses a coding assistant (OpenAI Codex) to suggest a fix, attaches it with context, and makes it ready for a human to review and apply.
Highlighting the real impact of the tool, OpenAI claimed that Aardvark has been operational internally for several months. During this time, it has surfaced multiple vulnerabilities have surfaced and contributed to strengthening codebases against external threats.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.