OpenAI wants your next security researcher to be a bot - new Aardvark tool finds and fixes software flaws automatically

News
By published

Aardvark tool marks a major step forward, OpenAI says

A hacker wearing a hoodie sitting at a computer, his face hidden.
(Image credit: Shutterstock / Who is Danny)
  • OpenAI unveils Aardvark, an autonomous AI agent for scalable vulnerability detection and patching
  • Aardvark mimics human researchers: reads code, runs tests, and proposes targeted security fixes
  • In benchmark tests, Aardvark achieved a 92% success rate on known vulnerable repositories

OpenAI wants your next security researcher to be a bot - and has launched Aardvark, its very own agentic security researcher, powered by ChatGPT.

Now in private beta, the company describes Aardvark as a “breakthrough” in AI and security research - an autonomous agent which helps developers and security teams discover and fix security flaws “at scale”.

“Each year, tens of thousands of new vulnerabilities are discovered across enterprise and open-source codebases,” the company said. “Defenders face the daunting tasks of finding and patching vulnerabilities before their adversaries do.”

Mimicking human behavior

In benchmark testing on so-called “golden” repositories (those that contain well-documented vulnerabilities and are used for testing), Aardvark has apparently had a 92% success rate.

Detailing how it works, OpenAI said Aardvark is not unlike a human - but without the need to rest, eat, use the toilet, or an occasional emotional breakdown.

“Aardvark looks for bugs as a human security researcher might: by reading code, analyzing it, writing and running tests, using tools, and more,” it said. By continuously analyzing source code repositories, it can identify vulnerabilities, assess exploitability, prioritize severity, and then propose targeted patches.

While the company stresses the tool is still in beta, it also says it’s already showing commendable results. OpenAI has been running it internally “for several months” across its codebases and those of “external alpha partners”, and managed to surface “meaningful vulnerabilities” which contributed to OpenAI’s defensive posture.

An AI agent is an autonomous AI program that connects to other apps to perform various tasks automatically. Their popularity has been growing lately, with different agents being built for different purposes, such as the AI coding agent Zencoder, the Instagram analysis agent (built on Apify), Compuser (an AI that “uses the computer), and others.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.