Overview
- The agent reads entire repositories, builds threat models, and scans new commits to surface high-risk vulnerabilities.
- Suspected issues are exercised in sandboxed tests to confirm exploitability, with results annotated for easier triage.
- For confirmed findings, Aardvark attaches Codex-generated patch suggestions for developers to review within existing workflows.
- OpenAI cites internal and partner outcomes that include meaningful discoveries, a 92% benchmark detection rate, and ten CVE disclosures.
- Access is invitation-only during the beta, and OpenAI plans some pro-bono scans for selected open-source projects.