Core Insights - OpenAI has launched Aardvark, a security research agent powered by the GPT-5 model, marking a significant advancement in AI's role in cybersecurity [1][6] - Aardvark is designed to autonomously identify and remediate software vulnerabilities, operating continuously and integrating deeply into modern software development environments [1][4] Group 1: Aardvark's Functionality - Aardvark employs a four-stage process: threat modeling, code scanning, verification in a sandbox, and automated patching, providing a comprehensive security solution [4][5] - The system utilizes advanced language model capabilities to understand code behavior, enabling it to identify potential vulnerabilities more effectively than traditional tools [2][4] Group 2: Performance Metrics - In benchmark tests, Aardvark successfully identified 92% of issues in a "golden" codebase containing known and synthetic vulnerabilities [5] - The agent has also discovered multiple critical issues in real open-source projects, including ten high-severity vulnerabilities with CVE identifiers [5] Group 3: Strategic Positioning - Aardvark is part of OpenAI's broader strategy to transition from general-purpose models to specialized agents, with a focus on the urgent need for proactive AI tools in cybersecurity [6][7] - The global cybersecurity landscape is highlighted by the exposure of over 40,000 CVE vulnerabilities in 2024, indicating a pressing demand for tools like Aardvark [6] Group 4: Human-Machine Collaboration - Aardvark enhances the capabilities of security teams by automating verification processes and providing auditable patch solutions, addressing the issue of alert fatigue [7][8] - The integration of Aardvark into CI/CD environments is expected to transform security practices, allowing teams to focus on strategic security decisions [7][8]

AI Coding火了大半年，AI Debugging也来了！ 刚刚，OpenAI发布由GPT-5驱动的"白帽"Agent——Aardvark（土豚）。 这只"AI安全研究员"能帮助开发者和安全团队，在大规模代码库中自动发现并修复安全漏洞。 据OpenAI报告，Aardvark已识别出了92%的已知与人工注入漏洞，而且能定位仅在复杂条件下出现的问题。 OpenAI副总裁Matt Knight表示： 我们的开发者发现，土豚在清晰地解释问题并引导他们找到修复方案方面确实非常有价值。这个信号告诉我们，我们正走在一条有意义的道路 上。 而且，不仅OpenAI。 整个10月Anthropic、谷歌、微软基本上是前脚跟后脚发布了类似的白帽Agent。 这是怎么一回事。 Agentic AI +自动修补漏洞 OpenAI对这款白帽Aardvark的官方描述是——代理型安全研究员（agentic security researcher） Aardvark并不依赖传统的程序分析技术（如模糊测试fuzzing或软件成分分析SCA），而是运用大语言模型驱动的推理与工具使用能力来理解代码行为，像 人类安全研究员那样阅读、分析代码、编 ...

henry 发自 凹非寺 量子位 | 公众号 QbitAI AI Coding火了大半年，AI Debugging也来了！ 刚刚，OpenAI发布由GPT-5驱动的"白帽"Agent—— Aardvark（土豚） 。 这只"AI安全研究员"能帮助开发者和安全团队， 在大规模代码库中自动发现并修复安全漏洞 。 据OpenAI报告，Aardvark已识别出了 92% 的已知与人工注入漏洞，而且能定位仅在复杂条件下出现的问题。 OpenAI副总裁 Matt Knight 表示： 我们的开发者发现，土豚在清晰地解释问题并引导他们找到修复方案方面确实非常有价值。这个信号告诉我们，我们正走在一条有意义 的道路上。 而且，不仅OpenAI。 整个10月 Anthropic 、 谷歌 、 微软 基本上是前脚跟后脚发布了类似的白帽Agent。 Agentic AI +自动修补漏洞 OpenAI对这款白帽Aardvark的官方描述是—— 代理型安全研究员 （agentic security researcher） Aardvark的核心任务是持续分析源代码仓库，以识别安全漏洞、评估可利用性、确定风险等级，并提出有针对性的修复方案 ...

A new security agent called Aardvark:OpenAI (@OpenAI):Now in private beta: Aardvark, an agent that finds and fixes security bugs using GPT-5.https://t.co/xwtJhfDM3X https://t.co/5m49RwFK3d ...