Overview
- Aardvark continuously analyzes code repositories, builds threat models, and prioritizes severity as it searches for vulnerabilities.
- When it flags a potential flaw, it attempts to trigger the issue in an isolated environment to verify real-world exploitability.
- Verified findings include Codex-generated patches that teams review and implement, maintaining a human-in-the-loop workflow.
- OpenAI reports 92% detection on benchmark tests and says its use has led to multiple responsible disclosures, including 10 CVE-assigned vulnerabilities in open source projects.
- Access is limited to selected partners while OpenAI refines detection, validation, and reporting, with pro-bono scanning offered for some noncommercial repositories under an updated disclosure approach.