OpenAI's Aardvark agent for automated code vulnerability detection and patching
Summary
Hide ▲
Show ▼
OpenAI has introduced Aardvark, an agentic security researcher powered by GPT-5, designed to automatically detect, assess, and patch security vulnerabilities in code repositories. The agent integrates into the software development pipeline to continuously monitor code changes and propose fixes. Aardvark has already identified at least 10 CVEs in open-source projects during its beta testing phase. The agent uses GPT-5's advanced reasoning capabilities and a sandboxed environment to validate and patch vulnerabilities. OpenAI envisions Aardvark as a tool to enhance security without hindering innovation. OpenAI has rolled out Codex Security, an evolution of Aardvark, which is available in a research preview to ChatGPT Pro, Enterprise, Business, and Edu customers. Codex Security has scanned over 1.2 million commits, identifying 792 critical and 10,561 high-severity findings. The tool leverages advanced models and automated validation to minimize false positives and propose actionable fixes.
Timeline
-
07.03.2026 18:28 1 articles · 23h ago
Codex Security rolls out in research preview with expanded capabilities
OpenAI has rolled out Codex Security, an evolution of Aardvark, in a research preview to ChatGPT Pro, Enterprise, Business, and Edu customers. Codex Security has scanned over 1.2 million commits, identifying 792 critical and 10,561 high-severity findings. The tool leverages advanced models and automated validation to minimize false positives and propose actionable fixes.
Show sources
- OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues — thehackernews.com — 07.03.2026 18:28
-
31.10.2025 19:19 2 articles · 4mo ago
OpenAI launches Aardvark for automated code vulnerability detection and patching
OpenAI has introduced Aardvark, an agentic security researcher powered by GPT-5. Aardvark is designed to automatically detect, assess, and patch security vulnerabilities in code repositories. The agent integrates into the software development pipeline to continuously monitor code changes and propose fixes. Aardvark has already identified at least 10 CVEs in open-source projects during its beta testing phase. The agent uses GPT-5's advanced reasoning capabilities and a sandboxed environment to validate and patch vulnerabilities. OpenAI envisions Aardvark as a tool to enhance security without hindering innovation.
Show sources
- OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically — thehackernews.com — 31.10.2025 19:19
- OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues — thehackernews.com — 07.03.2026 18:28
Information Snippets
-
Aardvark is an AI agent powered by GPT-5, designed to detect and patch code vulnerabilities.
First reported: 31.10.2025 19:191 source, 2 articlesShow sources
- OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically — thehackernews.com — 31.10.2025 19:19
- OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues — thehackernews.com — 07.03.2026 18:28
-
Aardvark integrates into the software development pipeline to monitor code changes.
First reported: 31.10.2025 19:191 source, 2 articlesShow sources
- OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically — thehackernews.com — 31.10.2025 19:19
- OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues — thehackernews.com — 07.03.2026 18:28
-
The agent uses GPT-5's reasoning capabilities and a sandboxed environment to validate vulnerabilities.
First reported: 31.10.2025 19:191 source, 2 articlesShow sources
- OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically — thehackernews.com — 31.10.2025 19:19
- OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues — thehackernews.com — 07.03.2026 18:28
-
Aardvark has identified at least 10 CVEs in open-source projects during beta testing.
First reported: 31.10.2025 19:191 source, 2 articlesShow sources
- OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically — thehackernews.com — 31.10.2025 19:19
- OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues — thehackernews.com — 07.03.2026 18:28
-
Aardvark is currently available in private beta.
First reported: 31.10.2025 19:191 source, 1 articleShow sources
- OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically — thehackernews.com — 31.10.2025 19:19
-
Codex Security is available in a research preview to ChatGPT Pro, Enterprise, Business, and Edu customers.
First reported: 07.03.2026 18:281 source, 1 articleShow sources
- OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues — thehackernews.com — 07.03.2026 18:28
-
Codex Security has scanned more than 1.2 million commits across external repositories during beta, identifying 792 critical findings and 10,561 high-severity findings.
First reported: 07.03.2026 18:281 source, 1 articleShow sources
- OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues — thehackernews.com — 07.03.2026 18:28
-
Codex Security leverages the reasoning capabilities of frontier models and combines them with automated validation to minimize false positives.
First reported: 07.03.2026 18:281 source, 1 articleShow sources
- OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues — thehackernews.com — 07.03.2026 18:28
-
Codex Security analyzes a repository to generate an editable threat model and classifies findings based on real-world impact.
First reported: 07.03.2026 18:281 source, 1 articleShow sources
- OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues — thehackernews.com — 07.03.2026 18:28
-
Codex Security proposes fixes that align with system behavior to reduce regressions and make them easier to review and deploy.
First reported: 07.03.2026 18:281 source, 1 articleShow sources
- OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues — thehackernews.com — 07.03.2026 18:28
Similar Happenings
Cogent Security Secures $42M for AI-Driven Vulnerability Management
Cogent Security has raised $42 million in Series A funding to develop autonomous AI agents for vulnerability remediation. The funding will accelerate product development for their agentic AI platform, which automates investigation, prioritization, and remediation tasks in vulnerability management. The platform integrates vulnerability data across environments, reduces scanner noise, and incorporates business context to prioritize risks beyond standard severity scores. The company aims to streamline security operations by automating coordination tasks, allowing security teams to focus on critical threats.
Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution
Three vulnerabilities in the mcp-server-git, maintained by Anthropic, allow file access, deletion, and code execution via prompt injection. The flaws have been addressed in versions 2025.9.25 and 2025.12.18. The vulnerabilities include path traversal and argument injection issues that can be exploited to manipulate Git repositories and execute arbitrary code. The issues were disclosed by Cyata researcher Yarden Porat, highlighting the risks of prompt injection attacks without direct system access. The vulnerabilities affect all versions of mcp-server-git released before December 8, 2025, and apply to default installations. An attacker only needs to influence what an AI assistant reads to trigger the vulnerabilities. The flaws allow attackers to execute code, delete arbitrary files, and load arbitrary files into a large language model's context. While the vulnerabilities do not directly exfiltrate data, sensitive files may still be exposed to the AI, creating downstream security and privacy risks. The vulnerabilities have been assigned CVE-2025-68143, CVE-2025-68144, and CVE-2025-68145.
Google's CodeMender AI Automatically Patches Vulnerabilities in Code
Google's DeepMind division has released CodeMender, an AI-powered agent that automatically detects, patches, and rewrites vulnerable code to prevent future exploits. CodeMender is designed to be both reactive and proactive, fixing new vulnerabilities as soon as they are spotted and rewriting existing codebases to eliminate classes of vulnerabilities. The AI agent leverages Google's Gemini Deep Think models and a large language model (LLM)-based critique tool to debug, flag, and fix security vulnerabilities. Over the past six months, CodeMender has upstreamed 72 security fixes to open-source projects, including some with up to 4.5 million lines of code. Google also introduced an AI Vulnerability Reward Program (AI VRP) to incentivize reporting AI-related issues in its products, with rewards up to $30,000.
Claude Code Security Reviews Introduced for AI-Assisted Development
Anthropic has introduced security review features in its Claude Code platform, designed to integrate security checks into AI-assisted development workflows. The new capabilities, now available in a limited research preview, automate the detection and remediation of common vulnerabilities in codebases, leveraging AI to enhance application security. These features are part of a broader trend toward embedding security directly into development tools and pipelines, addressing the challenges posed by AI-assisted coding and 'vibe coding.' The security review function allows developers to run ad hoc checks for vulnerabilities and implement fixes, with the option to integrate these checks into continuous integration/continuous deployment (CI/CD) pipelines. While the initial focus is on classic security issues like SQL injection and cross-site scripting, the tool is expected to evolve, though it is not intended to replace existing security measures. Security experts emphasize the need for a comprehensive approach to application security, combining AI-assisted tools with traditional methods and human oversight to ensure robust protection against emerging threats. The debut of Claude Code Security has impacted share prices of several security companies, highlighting the potential disruptive nature of AI-assisted security tools. However, the initial iteration of Claude Code Security has faced criticism for being slow and prone to false positives. Tests have shown that the tool takes significantly longer to review code compared to other tools like OpenGrep. Additionally, the tool's reliance on the same foundational AI for both writing and reviewing code has been questioned, with experts arguing that this practice is not ideal for security. The rapid adoption of AI-assisted development platforms has also led to an increase in security debt and high-severity vulnerabilities, with 82% of companies accruing more debt compared to 74% last year.
DARPA's AI Cyber Challenge (AIxCC) Demonstrates AI's Effectiveness in Securing Open Source Software
The Defense Advanced Research Projects Agency (DARPA) has concluded its AI Cyber Challenge (AIxCC), a two-year program designed to leverage AI for securing open source software critical to infrastructure. Teams developed cyber reasoning systems (CRSes) to identify and patch vulnerabilities in open source code. The competition demonstrated the potential of AI in significantly reducing the cost and time required to find and fix bugs in open source software. The final competition involved identifying and patching vulnerabilities in 54 million lines of code. The winning teams were awarded significant prizes, and their CRSes will be made available for open source use. DARPA aims to make the technology widely accessible to enhance the security of open source software across various sectors.