- OpenAI has launched Codex Security, an AI agent that scans code for vulnerabilities and proposes fixes.
- The tool is available in a research preview through late April 2026 for its paid and education-tier users.
- During its beta, the system scanned over 1.2 million commits and identified thousands of critical and high-severity vulnerabilities.
- The AI uses a three-step process to build system context, discover/validate flaws, and provide actionable remediation steps.
OpenAI publicly rolled out its powerful new Codex Security AI agent on March 7, 2026, aiming to transform how developers find and fix software flaws. The feature builds on a prior agent called Aardvark and represents a significant evolution in automated vulnerability discovery.
It is currently available in a research preview for ChatGPT Pro, Enterprise, Business, and Edu customers. Consequently, early adoption is being encouraged with a month of free usage via the Codex web platform, the company said.
The tool’s core strength lies in reasoning deeply about a project’s context. This approach allows it to identify complex vulnerabilities that simpler tools might miss while reducing false-positive alerts.
In fact, false positive rates fell by over 50% across scanned repositories during the beta. “It builds deep context about your project to identify complex vulnerabilities that other agentic tools miss” OpenAI explained, highlighting its goal of meaningful signal over noise.
Its methodology follows three distinct stages. First, it analyzes a repository to build an editable threat model of the system’s security-relevant structure and potential exposures.
Next, it uses this context to discover and classify potential vulnerabilities based on real-world impact. Crucially, each flagged issue is pressure-tested in a sandboxed environment to validate it before being presented to the user.
The final step involves proposing specific fixes designed to align with the system’s existing behavior. This design minimizes regressions and aims to make remediation easier to review and deploy for security teams.
This launch follows a similar move by competitor Anthropic with its Claude Code Security tool. Meanwhile, the beta performance of Codex Security was demonstrated by scanning more than 1.2 million commits across external repositories over 30 days.
Those scans identified 792 critical and 10,561 high-severity findings in major projects. Validated vulnerabilities were found in widely used software like OpenSSH, GnuTLS, GOGS, Thorium, libssh, PHP, and Chromium.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
