OpenAI Launches Aardvark To Detect and Patch Hidden Bugs In Code (infoworld.com)
(Friday October 31, 2025 @11:30PM (BeauHD)
from the search-and-destroy dept.)
- Reference: 0179925500
- News link: https://it.slashdot.org/story/25/10/31/2314223/openai-launches-aardvark-to-detect-and-patch-hidden-bugs-in-code
- Source link: https://www.infoworld.com/article/4082502/openai-launches-aardvark-to-detect-and-patch-hidden-bugs-in-code-2.html
OpenAI has [1]introduced Aardvark, a GPT-5-powered autonomous agent that [2]scans, reasons about, and patches code like a human security researcher . "By embedding itself directly into the development pipeline, Aardvark aims to turn security from a post-development concern into a continuous safeguard that evolves with the software itself," reports InfoWorld. From the report:
> What makes Aardvark unique, OpenAI noted, is its combination of reasoning, automation, and verification. Rather than simply highlighting potential vulnerabilities, the agent promises multi-stage analysis -- starting by mapping an entire repository and building a contextual threat model around it. From there, it continuously monitors new commits, checking whether each change introduces risk or violates existing security patterns.
>
> Additionally, upon identifying a potential issue, Aardvark attempts to validate the exploitability of the finding in a sandboxed environment before flagging it. This validation step could prove transformative. Traditional static analysis tools often overwhelm developers with false alarms -- issues that may look risky but aren't truly exploitable. "The biggest advantage is that it will reduce false positives significantly," noted Jain. "It's helpful in open source codes and as part of the development pipeline."
>
> Once a vulnerability is confirmed, Aardvark integrates with Codex to propose a patch, then re-analyzes the fix to ensure it doesn't introduce new problems. OpenAI claims that in benchmark tests, the system identified 92 percent of known and synthetically introduced vulnerabilities across test repositories, a promising indication that AI may soon shoulder part of the burden of modern code auditing.
[1] https://openai.com/index/introducing-aardvark/
[2] https://www.infoworld.com/article/4082502/openai-launches-aardvark-to-detect-and-patch-hidden-bugs-in-code-2.html
> What makes Aardvark unique, OpenAI noted, is its combination of reasoning, automation, and verification. Rather than simply highlighting potential vulnerabilities, the agent promises multi-stage analysis -- starting by mapping an entire repository and building a contextual threat model around it. From there, it continuously monitors new commits, checking whether each change introduces risk or violates existing security patterns.
>
> Additionally, upon identifying a potential issue, Aardvark attempts to validate the exploitability of the finding in a sandboxed environment before flagging it. This validation step could prove transformative. Traditional static analysis tools often overwhelm developers with false alarms -- issues that may look risky but aren't truly exploitable. "The biggest advantage is that it will reduce false positives significantly," noted Jain. "It's helpful in open source codes and as part of the development pipeline."
>
> Once a vulnerability is confirmed, Aardvark integrates with Codex to propose a patch, then re-analyzes the fix to ensure it doesn't introduce new problems. OpenAI claims that in benchmark tests, the system identified 92 percent of known and synthetically introduced vulnerabilities across test repositories, a promising indication that AI may soon shoulder part of the burden of modern code auditing.
[1] https://openai.com/index/introducing-aardvark/
[2] https://www.infoworld.com/article/4082502/openai-launches-aardvark-to-detect-and-patch-hidden-bugs-in-code-2.html
Is this the shark jump? (Score:2)
by TurboStar ( 712836 )
My project just got a bunch of pull requests from AI. All of them were shit and a waste of my time. I mainly use AI to inject debugging instrumentation, so I know how to use it, it's just shit at systems programming.
Re: (Score:2)
by Mr. Dollar Ton ( 5495648 )
No, the shark jump was the "vibe coding" from all code monkeys, which actually put all the bugs that chapgpt will find in the code in the first place.
Re: (Score:2)
by locater16 ( 2326718 )
the shark has been jumped, the fridge nuked, and the horse will continue to be beaten until such time as the money fountain runs out and not until!
Great, more snake-oil... (Score:2)
by gweihir ( 88907 )
But I guess the scam continues to work if they just promise enough.
And then next week... (Score:2)
by ebunga ( 95613 )
Someone poisoned the AI to inject vulnerabilities instead of fix them.
Re: (Score:2)
If you're smart, you'll just ask the agentic here chatgpt to hide them better for you.