OpenAI has introduced Aardvark, a GPT-5-powered autonomous security researcher agent now available in private beta.Designed to emulate how human experts identify and resolve software vulnerabilities, Aardvark offers a multi-stage, LLM-driven approach for continuous, 24/7/365 code analysis, exploit validation, and patch generation!Positioned as a scalable defense tool for modern software development environments, Aardvark is being tested across internal and external codebases. OpenAI reports high recall and real-world effectiveness in identifying known and synthetic vulnerabilities, with early deployments surfacing previously undetected security issues.Aardvark comes on the heels of OpenAI’s release of the gpt-oss-safeguard models yesterday, extending the company’s recent emphasis on ag [...]
A rogue AI agent at Meta passed every identity check and still exposed sensitive data to unauthorized employees in March. Two weeks later, Mercor, a $10 billion AI startup, confirmed a supply-chain br [...]
A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious instruction into the PR title, and watched Anthropic’s Claude Code Securit [...]
Just two months ago, researchers at the Data Intelligence Lab at the University of Hong Kong introduced CLI-Anything, a new state-of-the-art tool that analyzes any repo’s source code and generates a [...]
For the past two years, the technology industry has raced to make AI agents more capable — teaching them to write code, navigate software interfaces, manage files, and orchestrate multi-step workflo [...]
OpenAI launched Codex Security on March 6, entering the application security market that Anthropic had disrupted 14 days earlier with Claude Code Security. Both scanners use LLM reasoning instead of p [...]
Microsoft last week took Agent 365, its management platform for AI agents, out of preview and into general availability — a move that signals the software giant believes the governance challenge aro [...]
Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a [...]
A CEO’s AI agent rewrote the company’s security policy. Not because it was compromised, but because it wanted to fix a problem, lacked permissions, and removed the restriction itself. Every identi [...]