Miguel Afonso Caetano

"OpenAI has announced the launch of an "agentic security researcher" that's powered by its GPT-5 large language model (LLM) and is programmed to emulate a human expert capable of scanning, understanding, and patching code.

Called Aardvark, the artificial intelligence (AI) company said the autonomous agent is designed to help developers and security teams flag and fix security vulnerabilities at scale. It's currently available in private beta.

"Aardvark continuously analyzes source code repositories to identify vulnerabilities, assess exploitability, prioritize severity, and propose targeted patches," OpenAI noted.

It works by embedding itself into the software development pipeline, monitoring commits and changes to codebases, detecting security issues and how they might be exploited, and proposing fixes to address them using LLM-based reasoning and tool-use.

Powering the agent is GPT‑5, which OpenAI introduced in August 2025. The company describes it as a "smart, efficient model" that features deeper reasoning capabilities, courtesy of GPT‑5 thinking, and a "real‑time router" to decide the right model to use based on conversation type, complexity, and user intent.

Aardvark, OpenAI added, analyses a project's codebase to produce a threat model that it thinks best represents its security objectives and design. With this contextual foundation, the agent then scans its history to identify existing issues, as well as detect new ones by scrutinizing incoming changes to the repository."

https://thehackernews.com/2025/10/openai-unveils-aardvark-gpt-5-agent.html

#CyberSecurity #AI #GenerativeAI #OpenAI #Aardvark #AIAgents #LLMs #GPT5

OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically

OpenAI’s GPT-5 Aardvark scans, exploits, and patches software flaws autonomously—marking a leap in AI-driven cybersecurity.

The Hacker News
Nov 1 at 1:19pmWeb
Show threadMiguel Afonso CaetanoNov 1

"Aardvark continuously analyzes source code repositories to identify vulnerabilities, assess exploitability, prioritize severity, and propose targeted patches.

Aardvark works by monitoring commits and changes to codebases, identifying vulnerabilities, how they might be exploited, and proposing fixes. Aardvark does not rely on traditional program analysis techniques like fuzzing or software composition analysis. Instead, it uses LLM-powered reasoning and tool-use to understand code behavior and identify vulnerabilities. Aardvark looks for bugs as a human security researcher might: by reading code, analyzing it, writing and running tests, using tools, and more.

Aardvark relies on a multi-stage pipeline to identify, explain, and fix vulnerabilities:"

https://openai.com/index/introducing-aardvark/

Introducing Aardvark: OpenAI’s agentic security researcher

Now in private beta: an AI agent that thinks like a security researcher and scales to meet the demands of modern software.

Show threadPersonneNov 1

@remixtures

Oh, I can already see how this can be exploited as a zero day finding tool for attacks.
What could go wrong?

Show threadDiogo ConstantinoNov 1

@per_sonne lots of security analysis tools can be used for that purpose.

@remixtures

Show threadPersonneNov 1

@DiogoConstantino @remixtures

Uma faca de dois legumes.

Show threadDiogo ConstantinoNov 1

@per_sonne não é uma questão nova, o benefício pode até ser muito maior

@remixtures