Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
UtiliaCS 320x100
970x120
Will Bug Hunters Be Out of Work? OpenAI Introduces Aardvark, Its New Bug Fixer

Will Bug Hunters Be Out of Work? OpenAI Introduces Aardvark, Its New Bug Fixer

Redazione RHC : 3 November 2025 11:23

OpenAI has unveiled Aardvark, an autonomous assistant based on the GPT-5 model , designed to automatically find and fix vulnerabilities in software code. This AI tool, dubbed a “security research agent,” is already in beta testing and will enable rapid identification and resolution of potential issues in repositories.

According to the description, Aardvark monitors source code changes in real time, analyzes commits, and determines which ones might pose a threat. Based on this analysis, the system creates its own threat model, aligned with the project’s architecture and goals.

It then analyzes the change history and tests new fragments, attempting to reproduce potential vulnerabilities in an isolated environment. If a problem is confirmed, a patch is generated using the OpenAI Codex and then submitted for human review.

Aardvark is based on GPT-5, introduced in August 2025, a model with improved logic and modular routing that allows it to dynamically select the appropriate operating mode based on the task. This allows the agent to not only identify vulnerabilities, but also assess their severity, prioritize them, and recommend targeted solutions.

According to OpenAI, internal testing on its own repositories and those of several partners has already yielded results: at least ten CVEs have been identified in open source projects. This demonstrates the tool’s potential as a constant gatekeeper during development, preventing delays in the release of new features.

Aardvark ‘s development is paralleled by similar initiatives from other companies. For example, Google recently announced CodeMender , an artificial intelligence system capable of identifying, rewriting, and fixing vulnerable code to prevent further attacks. This technology will be integrated into major open source projects with the participation of their developers.

Amid the competition between solutions like Aardvark, CodeMender, and XBOW , a new class of tools is emerging for continuous code review, exploitability testing, and patch generation. The release of Aardvark also coincided with the recent launch of the gpt-oss-safeguard models, specifically trained for security-based classification tasks.

Immagine del sitoRedazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli