AI blew open software security, now OpenAI wants to fix it with agent Aardvark (www.theregister.com)

OpenAI announced Aardvark, an agentic security system built on GPT-5 that’s entering private beta to help developers and security teams discover and remediate software vulnerabilities at scale. Unlike traditional scanners, Aardvark behaves like an autonomous researcher: it reads code, reasons about behavior, writes and runs tests, uses tools to probe exploitability, prioritizes bugs by severity, and proposes fixes. OpenAI says the agent has been used internally and with alpha partners, flagged 92% of known and synthetic vulnerabilities on benchmark “golden” repos, and uncovered multiple real-world issues in open‑source projects that earned CVEs. The significance is twofold: Aardvark could meaningfully speed and scale vulnerability discovery and patching, addressing the expanded attack surface introduced by widespread AI tooling and human error, and it signals a shift from signature/fuzzing-based tooling toward LLM-driven program understanding and tool orchestration. Important caveats remain—OpenAI’s claims need independent evaluation, there are privacy/operational questions around continuous repo scanning and agent control (budgeting, false positives, potential for misuse), and Aardvark must be compared against emerging AI security products. If robust, it could reshape security workflows; if not carefully governed, it could introduce new risks even as it mitigates old ones.