Introducing Aardvark: OpenAI's Agentic Security Researcher
OpenAI has announced Aardvark, an AI-powered autonomous security researcher designed to find, validate, and help remediate software vulnerabilities at scale. The system operates agentically, handling the full vulnerability research pipeline without continuous human direction. Aardvark is currently in private beta with early access sign-ups open. This represents OpenAI's entry into the automated vulnerability research and cybersecurity tooling space.
Related guides (4)
Related events (8)
Codex Security: now in research preview
OpenAI has launched Codex Security in research preview, an AI-powered application security agent. It analyzes project context to detect, validate, and patch complex vulnerabilities with the goal of higher confidence and reduced false-positive noise compared to traditional tools. The product extends OpenAI's Codex brand into the security domain.
Introducing the OpenAI Safety Bug Bounty Program
OpenAI has launched a Safety Bug Bounty program targeting AI-specific abuse and safety risks. The program focuses on agentic vulnerabilities, prompt injection, and data exfiltration scenarios. This extends traditional security bug bounty models into AI safety territory, incentivizing external researchers to surface novel attack vectors.
Anthropic Launches Claude Code Security: AI-Powered Vulnerability Detection for Defenders
Anthropic has released Claude Code Security in limited research preview for Enterprise and Team customers, a capability built into Claude Code that scans codebases for security vulnerabilities and suggests patches for human review. Unlike rule-based static analysis tools, it uses Claude's reasoning to understand code context, trace data flows, and detect complex vulnerabilities including novel ones. Built on Claude Opus 4.6, the system found over 500 previously undetected vulnerabilities in production open-source codebases during internal research. The release is framed as a defensive measure to put AI-enabled vulnerability discovery in the hands of defenders before attackers can exploit the same capabilities.
Security on the path to AGI
OpenAI published a post outlining its approach to security as the organization advances toward AGI. The piece describes how security measures are being built directly into infrastructure and models proactively. The content is high-level and framing-oriented, with limited technical specifics visible in the excerpt.
OpenAI Launches Bug Bounty Program
OpenAI announced a formal bug bounty program to crowdsource security vulnerability discovery across its products and services. The initiative is framed as part of OpenAI's broader commitment to building secure and trustworthy AI systems. Researchers who find and responsibly disclose vulnerabilities will be eligible for rewards.
Strengthening cyber resilience as AI capabilities advance
OpenAI published a post outlining its approach to cybersecurity risk as its models grow more capable, covering risk assessment frameworks, misuse mitigation, and collaboration with the security community. The piece addresses both offensive risk (AI-enabled attacks) and defensive applications. It represents OpenAI's public positioning on responsible deployment in a high-stakes domain.
OpenAI Cybersecurity Grant Program: Empowering Defenders
OpenAI is highlighting research and AI integration in cybersecurity through its Cybersecurity Grant Program. The program funds innovative work aimed at using AI to strengthen defensive security capabilities. This represents OpenAI's continued effort to direct AI capabilities toward protective rather than offensive cybersecurity applications.
PentestAgent: AI Agent Framework for Black-Box Security Testing
PentestAgent is an open-source Python framework that applies AI agent techniques to penetration testing, bug bounty, and red-team workflows. The project has accumulated 2,497 GitHub stars with modest daily traction (+30). It represents a practical deployment of autonomous agent architectures in offensive security contexts.