Introducing Aardvark: OpenAI’s agentic security researcher
OpenAI News我们今天发布了 Aardvark ,一款由 GPT‑5 驱动的“自主型”安全研究员。
软件安全是技术领域最关键且最具挑战性的前沿之一。每年,企业和开源代码库中都会发现数万处新漏洞。防守方面临在对手利用之前发现并修补这些漏洞的艰巨任务。作为回应, OpenAI 正在努力把这种力量的天平倾向于防守一方。
Aardvark 是人工智能与安全研究方面的一个突破:它是一个能以自治方式帮助开发者和安全团队大规模发现并修复漏洞的智能体。我们已将 Aardvark 推入 private beta 私测,以便在真实场景中验证并完善其能力。
工作原理
Aardvark 持续分析代码仓库,识别漏洞、评估可被利用的方式、优先排序严重性并提出有针对性的补丁建议。
它通过监控代码库的提交和变更来工作:识别漏洞、分析可能的利用路径并建议修复方案。 Aardvark 不依赖传统的程序分析手段如模糊测试(fuzzing)或软件组成分析(SCA);相反,它借助 LLM 驱动的推理与工具使用来理解代码行为并识别漏洞。它的工作方式更接近人类安全研究员:阅读代码、分析、编写和运行测试、调用工具等。
Aardvark 采用多阶段流水线来识别、解释并修复漏洞:
- 分析:先对整个仓库进行全面分析,生成反映其对项目安全目标和设计理解的威胁模型。
- 提交扫描:在新代码提交时,基于整个仓库和威胁模型逐条检查提交变化以发现漏洞。首次接入仓库时, Aardvark 会回溯扫描历史以识别既有问题,并对发现的漏洞进行逐步解释和代码注释,供人工复核。
- 验证:在识别出潜在漏洞后, Aardvark 会尝试在隔离的沙箱环境中触发该漏洞以确认其可被利用性,并记录所采取的步骤,降低误报率并提高洞见质量。
- 修补: Aardvark 与 Codex 集成,协助生成修补代码。每一条发现都会附上由 Codex 生成并经 Aardvark 扫描的补丁,供人工审查并实现一键式高效修复。 Aardvark 可与工程师并行工作,整合到 GitHub 、 Codex 及现有工作流中,提供清晰、可执行的建议而不妨碍开发节奏。虽然以安全为核心,但测试中我们发现它也能发现逻辑缺陷、不完全修复和隐私问题等其他类型的 bug。
现实影响
Aardvark 已连续运行数月,覆盖 OpenAI 内部代码库及外部 alpha 合作伙伴。在 OpenAI 内部,它已发现若干重要漏洞并提升了公司的防御态势。合作伙伴称赞其分析深度, Aardvark 能找到仅在复杂条件下才会显现的问题。
在针对“金标”仓库的基准测试中, Aardvark 识别出了 92% 的已知及人工植入漏洞,显示出较高的召回率和真实场景下的有效性。
面向开源
Aardvark 也被应用于开源项目,我们已经负责任地披露了多起漏洞,其中有十项获得了 CVE ( Common Vulnerabilities and Exposures )编号。
作为长期受益于开放研究与负责任披露的参与者,我们致力于回馈社区——提供工具和发现,提升整个数字生态的安全。我们计划对若干非商业性开源仓库提供免费扫描服务,以增强开源软件生态和供应链的安全性。
我们最近更新了对外协调披露政策,采取更友好的开发者导向,强调协作和可扩展的影响力,而不是可能给开发者带来压力的僵化披露时限。我们预计像 Aardvark 这样的工具会导致更多漏洞被发现,希望与社区可持续合作以实现长期韧性。
重要性
软件已成为各行各业的基础,这也意味着软件漏洞对企业、基础设施和社会构成系统性风险。仅 2024 年就报告了超过 40,000 个 CVE 。我们的测试显示约有 1.2% 的提交会引入缺陷——这些看似微小的改动有时会造成巨大后果。
Aardvark 代表了一种新的以防守者为先的模式:一个自治的安全研究员,通过在代码演进过程中持续提供保护,与团队协作。通过及早捕捉漏洞、验证真实世界的可利用性并给出明确修复方案, Aardvark 能在不阻碍创新的情况下增强安全。我们希望扩大安全专业知识的可及性,目前从 private beta 开始,随着学习进展会逐步放宽使用范围。
私测现已开放
我们诚邀部分合作伙伴加入 Aardvark 的 private beta 。参与者将可提前使用并与我们的团队直接合作,完善检测准确性、验证流程和报告体验。
我们希望在多种环境中验证性能。如果贵组织或开源项目有兴趣加入,可在此申请。
Today, we’re announcing Aardvark, an agentic security researcher powered by GPT‑5.
Software security is one of the most critical—and challenging—frontiers in technology. Each year, tens of thousands of new vulnerabilities are discovered across enterprise and open-source codebases. Defenders face the daunting tasks of finding and patching vulnerabilities before their adversaries do. At OpenAI, we are working to tip that balance in favor of defenders.
Aardvark represents a breakthrough in AI and security research: an autonomous agent that can help developers and security teams discover and fix security vulnerabilities at scale. Aardvark is now available in private beta to validate and refine its capabilities in the field.
How Aardvark works
Aardvark continuously analyzes source code repositories to identify vulnerabilities, assess exploitability, prioritize severity, and propose targeted patches.
Aardvark works by monitoring commits and changes to codebases, identifying vulnerabilities, how they might be exploited, and proposing fixes. Aardvark does not rely on traditional program analysis techniques like fuzzing or software composition analysis. Instead, it uses LLM-powered reasoning and tool-use to understand code behavior and identify vulnerabilities. Aardvark looks for bugs as a human security researcher might: by reading code, analyzing it, writing and running tests, using tools, and more.
Aardvark relies on a multi-stage pipeline to identify, explain, and fix vulnerabilities:
- Analysis: It begins by analyzing the full repository to produce a threat model reflecting its understanding of the project’s security objectives and design.
- Commit scanning: It scans for vulnerabilities by inspecting commit-level changes against the entire repository and threat model as new code is committed. When a repository is first connected, Aardvark will scan its history to identify existing issues. Aardvark explains the vulnerabilities it finds step-by-step, annotating code for human review.
- Validation: Once Aardvark has identified a potential vulnerability, it will attempt to trigger it in an isolated, sandboxed environment to confirm its exploitability. Aardvark describes the steps taken to help ensure accurate, high-quality, and low false-positive insights are returned to users.
- Patching: Aardvark integrates with OpenAI Codex to help fix the vulnerabilities it finds. It attaches a Codex-generated and Aardvark-scanned patch to each finding for human review and efficient, one-click patching.
Aardvark works alongside engineers, integrating with GitHub, Codex, and existing workflows to deliver clear, actionable insights without slowing development. While Aardvark is built for security, in our testing we’ve found that it can also uncover bugs such as logic flaws, incomplete fixes, and privacy issues.
Real impact, today
Aardvark has been in service for several months, running continuously across OpenAI’s internal codebases and those of external alpha partners. Within OpenAI, it has surfaced meaningful vulnerabilities and contributed to OpenAI’s defensive posture. Partners have highlighted the depth of its analysis, with Aardvark finding issues that occur only under complex conditions.
In benchmark testing on “golden” repositories, Aardvark identified 92% of known and synthetically-introduced vulnerabilities, demonstrating high recall and real-world effectiveness.
Aardvark for Open Source
Aardvark has also been applied to open-source projects, where it has discovered and we have responsibly disclosed numerous vulnerabilities—ten of which have received Common Vulnerabilities and Exposures (CVE) identifiers.
As beneficiaries of decades of open research and responsible disclosure, we’re committed to giving back—contributing tools and findings that make the digital ecosystem safer for everyone. We plan to offer pro-bono scanning to select non-commercial open source repositories to contribute to the security of the open source software ecosystem and supply chain.
We recently updated our outbound coordinated disclosure policy which takes a developer-friendly stance, focused on collaboration and scalable impact, rather than rigid disclosure timelines that can pressure developers. We anticipate tools like Aardvark will result in the discovery of increasing numbers of bugs, and want to sustainably collaborate to achieve long-term resilience.
Why it matters
Software is now the backbone of every industry—which means software vulnerabilities are a systemic risk to businesses, infrastructure, and society. Over 40,000 CVEs were reported in 2024 alone. Our testing shows that around 1.2% of commits introduce bugs—small changes that can have outsized consequences.
Aardvark represents a new defender-first model: an agentic security researcher that partners with teams by delivering continuous protection as code evolves. By catching vulnerabilities early, validating real-world exploitability, and offering clear fixes, Aardvark can strengthen security without slowing innovation. We believe in expanding access to security expertise. We're beginning with a private beta and will broaden availability as we learn.
Private beta now open
We’re inviting select partners to join the Aardvark private beta. Participants will gain early access and work directly with our team to refine detection accuracy, validation workflows, and reporting experience.
We’re looking to validate performance across a variety of environments. If your organization or open source project is interested in joining, you can apply here.
Generated by RSStT. The copyright belongs to the original author.