Three Buddy Problem OpenAI’s Dave Aitel talks Aardvark, economics of bug-hunting with LLMs
15 snips
Oct 31, 2025 Dave Aitel, an experienced security researcher at OpenAI, joins the discussion to unveil Aardvark, a groundbreaking AI designed to identify and fix code vulnerabilities. He shares insights on the interplay between AI and bug-hunting, emphasizing its advantages over traditional methods like fuzzing. The conversation also delves into the evolving landscape of cybersecurity, including recent legal issues around exploit sales and proposed legislation in Russia affecting vulnerability disclosures. Aitel offers valuable advice for startups in this rapidly changing field.
AI Snips
Chapters
Transcript
Episode notes
AI As A Scalable Security Dial
- Aardvark applies scaled AI reasoning to security, aiming to improve bug-finding proportionally with investment.
- Dave Aitel says the goal is a linear intelligence dial: more compute and time yields higher-value findings.
Keep Humans In The Disclosure Loop
- Validate reported bugs with humans before disclosure to avoid false positives and developer harm.
- Aardvark currently routes findings through human triage and lets customers accept or reject patches.
Software Entropy Observed In Commits
- Codebases show an entropic drift: Aardvark's early evals found ~1–2% of commits introduce bugs.
- Many introduced bugs may be transient and disappear across subsequent commits.