OpenAI has begun rolling out Codex Security, an AI‑powered security agent designed to detect, validate, and recommend fixes for vulnerabilities across software projects.
The tool is now available in a research preview for ChatGPT Pro, Enterprise, Business, and Edu customers through the Codex web interface, with free usage offered for the next month.
According to OpenAI, Codex Security builds a deep understanding of a project’s architecture to uncover complex vulnerabilities that traditional automated tools often miss. It surfaces higher‑confidence findings and delivers fixes intended to meaningfully strengthen system security while minimizing noise from low‑value bugs.
Codex Security is the evolution of Aardvark, a private‑beta tool introduced in October 2025 to help developers and security teams identify and remediate vulnerabilities at scale. During the past 30 days of beta testing, Codex Security has scanned over 1.2 million commits across external repositories, uncovering 792 critical issues and 10,561 high‑severity vulnerabilities. These findings span multiple open‑source projects such as OpenSSH, GnuTLS, GOGS, Thorium, libssh, PHP, Chromium, and others. Examples include:
- GnuPG – CVE‑2026‑24881, CVE‑2026‑24882
- GnuTLS – CVE‑2025‑32988, CVE‑2025‑32989
- GOGS – CVE‑2025‑64175, CVE‑2026‑25242
- Thorium – CVE‑2025‑35430 through CVE‑2025‑35436
OpenAI says the latest version of the agent combines the reasoning capabilities of its frontier models with automated validation, reducing false positives and delivering fixes that are both practical and actionable.
Repeated scans of the same repositories have shown improvements in accuracy over time, with false positive rates dropping more than 50% across all projects.
In a statement to The Hacker News, OpenAI explained that Codex Security improves signal‑to‑noise ratios by grounding its analysis in system context and validating vulnerabilities before presenting them to users.
How Codex Security Works
The agent operates in three main stages:
-
System Understanding & Threat Modeling
Codex Security first analyzes a repository to understand the structure and security‑relevant components of the system. It generates an editable threat model outlining system behavior and areas of potential exposure. -
Vulnerability Identification & Validation
Using this system context, it identifies vulnerabilities and ranks them based on real‑world impact. Potential issues are then tested in a sandboxed environment to verify their validity.
When configured with an environment tailored to the project, Codex Security can validate findings directly against the running system, reducing false positives even further and enabling working proof‑of‑concepts. -
Fix Recommendation
After validation, the agent proposes fixes aligned with system behavior to reduce regressions and streamline review and deployment.
The launch of Codex Security follows the recent debut of Claude Code Security from Anthropic, another AI‑driven tool designed to scan codebases for vulnerabilities and suggest remediation strategies.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
