OpenAI announced Aardvark, an AI agent designed to autonomously identify security vulnerabilities in codebases, on 30 October 2025 [source]. The system combines GPT-4o with custom tooling to scan repositories, generate exploit proofs-of-concept, and file detailed vulnerability reports without human intervention.

According to the announcement, Aardvark operates by cloning target repositories, analysing code for common weakness patterns, and attempting to construct working exploits. OpenAI stated the agent successfully identified previously unknown vulnerabilities in several open-source projects during internal testing, though specific project names were not disclosed.

The release raises questions about dual-use risk. While OpenAI positioned Aardvark as a defensive tool for security teams, the same capabilities could accelerate vulnerability discovery by malicious actors. The announcement did not detail access controls, vetting procedures for users, or mechanisms to prevent misuse.

OpenAI indicated Aardvark will initially be available through an invite-only research preview, with broader availability planned for early 2026. The company stated it consulted with external security researchers during development but did not name the individuals or organisations involved.

The system represents a shift toward autonomous offensive security tooling. Previous AI-assisted security products typically required human operators to interpret findings and construct exploits manually. Aardvark's ability to generate functional proof-of-concept code without supervision marks a capability threshold not previously demonstrated in commercially available AI systems.

OpenAI did not specify whether Aardvark's training data included exploit databases, disclosed vulnerabilities, or other security-sensitive corpora. The announcement also did not address how the system handles responsible disclosure when identifying flaws in third-party software.