What it is
Aardvark is OpenAI’s agentic security researcher. OpenAI describes it as an agent that reads repositories, identifies vulnerabilities, validates exploit paths in a sandbox, and attaches suggested fixes for human review. In 2026, the capability evolved into Codex Security.
What is verified
OpenAI’s public Aardvark announcement said the system had been applied to open-source projects and that ten responsibly disclosed vulnerabilities received CVE identifiers. OpenAI’s March 2026 Codex Security research-preview post says 14 CVEs had been assigned and lists example CVE IDs.
What is counted
The current ledger counts the 14 non-OpenSSL example CVE IDs from OpenAI’s Codex Security appendix. Two OpenSSL examples in that appendix are not counted under this profile because they overlap with the AISLE OpenSSL cluster and need dual-reporting context.