Aardvark

Keeping software secure is hard, especially when code changes every day. Aardvark is OpenAI’s answer to that problem: an AI security researcher designed to help teams spot vulnerabilities, validate risks, and suggest fixes before issues grow into bigger problems.

If you build software, manage repositories, or work in application security, Aardvark is aimed at making security review more continuous and easier to scale. Instead of relying only on manual reviews or traditional scanning methods, it uses AI reasoning to inspect code changes and surface actionable findings.

What is Aardvark?

Aardvark is an agentic security research tool from OpenAI. It analyzes source code repositories, looks for security vulnerabilities, checks how exploitable they may be, and proposes patches that teams can review and apply.

OpenAI introduced Aardvark as a private beta product for organizations that want AI-assisted vulnerability discovery at scale. OpenAI also noted that, as of March 6, 2026, Aardvark has been folded into Codex as Codex Security, where it is being rolled out as a research preview. That means people researching the product today should view Aardvark as the original name and Codex Security as its newer product direction.

Who is Aardvark for?

Aardvark is mainly built for developers, software engineering teams, application security teams, and organizations managing large or fast-moving codebases. It is especially useful for teams that want security checks to happen continuously instead of only during occasional audits.

It can also be relevant for open-source maintainers, since OpenAI has discussed using it to help identify vulnerabilities in open-source projects as well.

Main features

One of Aardvark’s standout features is repository-wide analysis. It does not just inspect one file in isolation. It tries to understand the broader codebase and build a threat model based on the project’s design and security goals.

Another key feature is commit scanning. Aardvark watches code changes and checks new commits against the wider repository context, which helps it catch issues introduced during normal development.

It also includes validation in a sandboxed environment. When it finds a possible vulnerability, it attempts to confirm whether the issue is actually exploitable, which can help reduce noisy or low-confidence alerts.

Aardvark can also propose patches. OpenAI says it integrates with Codex to attach suggested fixes to findings, making it easier for human reviewers to evaluate and apply changes.

Beyond classic security bugs, OpenAI says the tool can also uncover related issues such as logic flaws, incomplete fixes, and privacy problems.

How Aardvark works

At a high level, Aardvark starts by analyzing a repository to understand how the project works and what kinds of threats matter most. This initial understanding helps it evaluate later code changes more intelligently.

Next, it scans existing repository history and new commits to identify suspicious patterns or risky logic. When it finds something important, it explains the issue in a way that humans can review.

After that, it tries to validate the finding in an isolated environment. This extra step matters because it helps distinguish theoretical concerns from vulnerabilities that can actually be triggered.

Finally, it can generate or attach a proposed patch through OpenAI Codex, giving teams a faster path from detection to remediation.

Common use cases

Aardvark is useful for continuous vulnerability monitoring in active repositories. Teams shipping code daily can use it to catch problems closer to the moment they are introduced.

It is also helpful for reviewing pull requests and commit-level changes, especially in larger engineering organizations where manual review time is limited.

Security teams can use it to prioritize issues based on severity and exploitability instead of sorting through a long list of generic alerts. For engineering leaders, it can support more secure development workflows without creating as much friction for developers.

For open-source maintainers, Aardvark may offer another layer of defense by identifying vulnerabilities that are easy to miss in volunteer-led or resource-constrained projects.

How to use Aardvark

Using Aardvark starts with access. OpenAI originally offered it through a private beta, so teams typically need approval or access through OpenAI’s enterprise tooling environment.

Once access is available, the general workflow is straightforward. First, connect the relevant source code repository. Then let Aardvark analyze the repository structure and history. After that, it can begin scanning commits and changes for potential vulnerabilities.

When findings appear, review the explanation, severity, and validation details. If a patch is suggested, your team can inspect the proposed fix, test it internally, and decide whether to apply it.

Because the product direction has shifted toward Codex Security, new users should expect the experience to be tied more closely to Codex rather than a standalone Aardvark dashboard.

Pricing and availability

Public pricing for Aardvark was not clearly listed when OpenAI announced it. The product launched in private beta, which usually means pricing is either custom, limited to approved users, or not publicly disclosed yet.

Because of that, the pricing model is best treated as unknown from public sources. There is also no clearly published free plan for the original Aardvark product. However, OpenAI stated that after Aardvark became Codex Security on March 6, 2026, it was rolling out to ChatGPT Enterprise, Business, and Edu customers via Codex web with free usage for the next month during the research preview period.

Supported platforms and integrations

Aardvark is designed for code repository workflows rather than as a mobile or consumer app. OpenAI specifically described integrations with GitHub and Codex, and the newer experience appears to be available through Codex web for supported OpenAI customers.

That makes it best suited to teams already working in modern cloud-based development environments and repository-driven workflows.

Why Aardvark stands out

What makes Aardvark interesting is that it aims to behave more like a security researcher than a basic scanner. Instead of only matching known patterns, it reads code, reasons about behavior, uses tools, and tries to validate what it finds.

That approach can be especially valuable for complex vulnerabilities that depend on broader application logic. It also helps teams move from detection to remediation faster by pairing findings with patch suggestions.

For organizations that want stronger security without slowing development too much, Aardvark points toward a more continuous, AI-assisted model of code defense.

Final thoughts

Aardvark is a strong example of how AI is moving deeper into software security. It is built for teams that need more than a basic code scanner and want help understanding, validating, and fixing vulnerabilities as code evolves.

While public access and pricing have been limited, the tool is worth watching closely, especially now that it has transitioned into Codex Security. If your team already uses OpenAI’s enterprise products and wants AI-driven security support, this is one of the more interesting tools in the space.