OpenAI首个GPT-5找Bug智能体：全自动读代码找漏洞写修复

Core Insights - OpenAI has launched Aardvark, an AI-driven "white hat" agent designed to automatically identify and fix security vulnerabilities in large codebases [1][3] - Aardvark has demonstrated a 92% identification rate for known vulnerabilities and can locate issues that arise under complex conditions [3][12] - Other tech giants like Anthropic, Google, and Microsoft have also released similar AI security tools in October, indicating a growing trend in AI-driven code security solutions [14][19] Group 1: Aardvark's Functionality - Aardvark operates as an agentic security researcher, continuously analyzing source code repositories to identify vulnerabilities, assess exploitability, determine risk levels, and propose targeted fixes [4] - It utilizes a workflow that includes threat modeling, vulnerability discovery, sandbox validation, Codex patch generation, manual review, and pull request submission [5][10] - Aardvark integrates seamlessly with GitHub and existing development processes, providing actionable security insights without hindering development efficiency [10] Group 2: Performance and Testing - Internal testing has shown that Aardvark can identify not only security vulnerabilities but also logical flaws, incomplete fixes, and privacy risks [11] - Aardvark has been tested in various internal and partner projects, achieving a 92% identification rate in benchmark tests against "golden repositories" [12] - The tool has also been applied to multiple open-source projects, successfully identifying and disclosing numerous vulnerabilities, with 10 of them receiving CVE identifiers [12] Group 3: Industry Context - The recent surge in AI-driven security tools is a response to the increasing complexity and volume of vulnerabilities in enterprise-level codebases, which traditional debugging methods struggle to address [19] - The alignment in release timing among major tech companies suggests a collective recognition of the need for AI to enhance vulnerability discovery and remediation processes [14][19] - The growing reliance on AI for security tasks is seen as essential for ensuring software safety and mitigating enterprise risks in an era of escalating cyber threats [19]