OpenAI has launched Aardvark, an AI-driven security researcher currently in private beta. Powered by GPT-5, Aardvark aims to help developers and security teams identify and fix vulnerabilities in software more efficiently. Each year, thousands of new vulnerabilities are found, making software security a pressing issue. Aardvark leverages a unique approach that differs from traditional methods by continuously analyzing code repositories. It monitors commits, assesses exploitability, and proposes targeted patches, mimicking the analytical process of a human security researcher. Aardvark's multi-stage pipeline starts with a threat model based on the project's security objectives. It scans commit-level changes against this model, identifies vulnerabilities, and validates them in a sandboxed environment to confirm exploitability. After confirming an issue, it integrates with OpenAI Codex to generate patches, which are presented for human review. In tests, Aardvark has demonstrated a high recall rate, identifying 92% of known vulnerabilities in benchmark repositories. Beyond internal use at OpenAI, Aardvark has been applied to open-source projects, leading to the discovery of several vulnerabilities, some of which received CVE identifiers. OpenAI plans to offer free scanning services to select non-commercial open-source repositories, aiming to strengthen the overall security of the open-source ecosystem. With over 40,000 CVEs reported in 2024 alone, Aardvark represents a shift toward a defender-first model, providing continuous security as code evolves and minimizing the risk posed by software vulnerabilities.