OpenAI has launched Codex Security, an artificial intelligence-powered agent designed to proactively identify, validate, and suggest fixes for software vulnerabilities. This new security tool is now available in a research preview for ChatGPT Pro, Enterprise, Business, and Edu customers, offering free usage for the next month. The agent aims to provide deeper project context than existing tools, uncovering complex vulnerabilities and delivering more accurate findings with actionable remediation steps.
Representing an advancement from OpenAI’s previous Aardvark tool, which entered private beta in October 2025, Codex Security is built to scale vulnerability detection and resolution for developers and security teams. The company stated that the agent’s ability to understand a project’s intricate details significantly enhances its capability to pinpoint critical security flaws that might otherwise be overlooked.
Codex Security: Enhancing DevSecOps with AI
In its recent beta phase, Codex Security analyzed over 1.2 million code commits across external repositories. This extensive scan resulted in the identification of 792 critical security findings and 10,561 high-severity vulnerabilities. The tool successfully flagged issues in prominent open-source projects such as OpenSSH, GnuTLS, GOGS, Thorium, libssh, PHP, and Chromium. Specific examples of identified vulnerabilities include GnuPG with CVE-2026-24881 and CVE-2026-24882, and GnuTLS with CVE-2025-32988 and CVE-2025-32989.
According to OpenAI, the enhanced precision of Codex Security stems from its utilization of advanced frontier models’ reasoning capabilities, coupled with automated validation processes. This combination aims to drastically reduce the likelihood of false positives, ensuring that security professionals can focus on genuinely impactful bugs. OpenAI reported a decrease of over 50% in false positive rates across all scanned repositories during the beta period, indicating a significant improvement in signal-to-noise ratio for security findings.
The effectiveness of Codex Security is attributed to its structured three-step methodology. Initially, the agent performs a deep analysis of a software repository to comprehend its security-relevant architecture. This leads to the generation of an editable threat model, outlining the system’s functions and its most vulnerable points. This comprehensive understanding of the project’s context forms the foundation for subsequent vulnerability detection.
Building upon the established system context, Codex Security then proceeds to identify potential vulnerabilities. Findings are classified based on their potential real-world impact. To further minimize false positives and provide robust evidence, flagged issues undergo rigorous validation within a sandboxed environment. OpenAI noted that when configured with an environment that mirrors the project’s operational setup, Codex Security can validate potential issues directly within a simulated running system, yielding more reliable results and assisting in the creation of proofs-of-concept.
The final stage of the Codex Security process involves the agent proposing specific code fixes. These proposed solutions are designed to align closely with the system’s existing behavior, thereby minimizing the risk of introducing regressions and simplifying the review and deployment process for security teams. This feature streamlines the remediation workflow, offering a clearer path towards enhanced system security.
The introduction of Codex Security follows shortly after Anthropic’s launch of Claude Code Security, another AI tool aimed at assisting users in scanning codebases for vulnerabilities and suggesting patches. The increasing development and deployment of AI-powered security agents signal a significant shift in the landscape of DevSecOps and application security. These advanced tools promise to augment human capabilities, enabling faster and more comprehensive security analysis in an era of rapidly evolving cyber threats.
Looking ahead, the widespread adoption and ongoing refinement of tools like Codex Security will be crucial in addressing the growing complexity of software vulnerabilities. Users will be watching to see how OpenAI continues to integrate feedback from the research preview and what further enhancements can be expected in future iterations, particularly in terms of integration with existing development pipelines and broader platform support.