Blog

OpenAI has hired more than 100 investment bankers. Not to raise money (they’ve already done that), but presumably to build something that replaces much of the entry-level grunt work that fresh MBA grads do at banks. You know, the people who spend their first two years color-coding PowerPoint slides and building Excel models at 2am that their VP will completely redo anyway.

Most people assumed this hiring spree was about making GPT-5 or whatever better at financial modeling and memo writing. Train the general-purpose model on enough pitch books and it’ll eventually figure out how to calculate a leveraged buyout, right?

But last week I wrote about Aardvark, OpenAI’s specialized security researcher agent. And now I’m wondering if we’re seeing a pattern. What if there’s a finance-Aardvark coming? (Someone at OpenAI please name it Meerkat or Mongoose, I’m begging you.)

This matters more than it might seem. I’ve spent a lot of time puzzling over why OpenAI commands such a high valuation compared to other model providers. Setting aside the whole “maybe superintelligence breaks capitalism” question, foundation model providers are on track to become utilities. Profitable, rent-seeking utilities sure - but utilities nonetheless.

We’ve seen this movie before with cloud hyperscalers. AWS, Azure, and GCP all provide roughly the same compute, storage, and networking primitives. You pick one based on which sales engineer was most responsive, or which free credits program was most generous, or honestly just which console UI annoys you least. The services are commoditized even if the margins are great.

Model APIs are heading the same direction. Claude and GPT-4 and Gemini all cost about the same per token, all have roughly comparable capabilities (with different trade-offs), and you can swap between them with minimal code changes. Every model provider will eventually have a fast cheap model, a balanced model, and a slow expensive smart model. The differentiation gets narrower every quarter.

So if that’s the trajectory, why is OpenAI worth more than a sum-of-discounted-API-revenue valuation? What’s the moat?

Maybe the answer is: they’re not trying to be a model provider at all. Or at least, not primarily.

Aardvark isn’t just GPT-4 with a fancy system prompt that says “you are a security researcher.” It’s an agent system that knows how to use tools, read codebases, write tests, and reason about threat models. (Or at least, it claims to - the threat modeling part is where I’m still skeptical.) The value isn’t in the underlying model; it’s in the scaffolding, the specialized tooling, the domain knowledge baked into the agent architecture.

If OpenAI is hiring 100 investment bankers, they’re probably not just collecting training data. They’re building a finance-specialized agent system that knows how to use Bloomberg terminals, pull comps, model cap tables, and format documents to Goldman’s house style. The model is the commodity input; the agent is the differentiated product.

This would also explain why Codex - their software engineering agent - might be more interesting than people assume. Most commentary treats it as GPT-4 with some fine-tuning and a code editor wrapper. But what if it’s actually a sophisticated agent system under the hood, with specialized tools for understanding codebases, managing context, and reasoning about software architecture? That would be a lot harder to replicate than just “train a model on GitHub.”

I’m not entirely convinced this strategy works. Agent systems are notoriously brittle, and there’s a real risk that “specialized agent for X” just means “GPT with a prompt and some light tool integration” that every competitor can copy in six months. But if OpenAI can build genuinely differentiated agent systems - ones that require deep domain expertise and sophisticated tooling to replicate - then maybe they’re not heading for commodity utility status after all.

Or maybe I’m giving them too much credit and in two years we’ll all be choosing between five identical API providers based on which one has the best uptime SLA. Either way, I’m watching to see if Meerkat (manifesting this name into existence) gets announced soon.

OpenAI just announced [their agentic security researcher(https://openai.com/index/introducing-aardvark/). They named it Aardvark, which is either a reference to eating bugs or someone at OpenAI really wanted to be first alphabetically in the AI agent rankings. From OpenAI:

“Aardvark continuously analyzes source code repositories to identify vulnerabilities, assess exploitability, prioritize severity, and propose targeted patches. Aardvark works by monitoring commits and changes to codebases, identifying vulnerabilities, how they might be exploited, and proposing fixes. Aardvark does not rely on traditional program analysis techniques like fuzzing or software composition analysis. Instead, it uses LLM-powered reasoning and tool-use to understand code behavior and identify vulnerabilities. Aardvark looks for bugs as a human security researcher might: by reading code, analyzing it, writing and running tests, using tools, and more.”

I don’t know if it’s just me, but I’ve never really trusted SAST and SCA tools that claim to be able to identify vulnerable packages and code in my team’s products. The signal-to-noise ratio has been well off, and I’ve never been able to shake the feeling that their total lack of understanding of the application architecture and threat model renders the whole thing an exercise in performative compliance (aka the worst kind). You know, the kind of security theater where the SAST tool finds 47 ‘critical’ SQL injection vulnerabilities in your GraphQL API that doesn’t use SQL.

But does Aardvark know what matters? Does it know that your admin API is only exposed to VPN’d employees, or is it going to freak out that you don’t have rate limiting on an endpoint that three people use twice a month? I’m deeply, deeply curious about how the threat modelling part of Aardvark works - do you give it a filled out architecture (as code?) with STRIDE analysis, or does it infer it? How does it make sure that the vulnerabilities it identifies are for real?

A few months back, I played around with building my own security analyst agent with some interesting results. It found a few security issues with a product before it went out, but equally it identified a few theoretical issues that it swore blind were exploitable, but that weren’t really. My agent was like that friend who’s convinced every headache is a brain tumor - technically possible, but buddy, maybe it’s just caffeine withdrawal. Those findings needed to be investigated and took up a bunch of engineering time, ultimately for nothing.

Look, if Aardvark can actually reason about threat models instead of just pattern-matching CVE descriptions, it’ll be huge. If it can’t, it’s just another scanner with a more expensive API bill. I’m rooting for the former, but my money’s on a lot of confused engineers wondering why the AI is so worried about their internal monitoring dashboard.