OpenAI has introduced a cutting-edge security agent known as Codex Security, which leverages artificial intelligence to identify, verify, and propose remedies for software vulnerabilities. This innovative tool is available as a research preview to ChatGPT Pro, Enterprise, Business, and Edu users through the Codex web platform, offering complimentary access for the first month.
Advanced Vulnerability Detection
Codex Security builds comprehensive context around projects to detect intricate vulnerabilities often overlooked by other tools. By providing high-confidence findings and meaningful security improvements, it minimizes the distractions of minor bugs. This tool marks an evolution from OpenAI’s previous project, Aardvark, launched in private beta in October 2025, aimed at helping developers and security teams address security issues at scale.
Impressive Scanning Capabilities
During the past month, Codex Security has examined over 1.2 million commits in external repositories during its beta phase, unearthing 792 critical and 10,561 high-severity vulnerabilities. These discoveries span multiple open-source projects, including OpenSSH, GnuTLS, GOGS, Thorium, libssh, PHP, and Chromium. Examples of identified vulnerabilities include CVE-2026-24881 and CVE-2026-24882 in GnuPG, and several in GnuTLS and GOGS.
Innovative Validation Process
OpenAI’s latest security agent iteration combines reasoning capabilities of advanced models with automated validation to reduce false positives and deliver practical solutions. The company’s ongoing scans have shown improved precision and a significant decrease in false positives, dropping over 50% across all repositories. By grounding vulnerability detection in system context, Codex Security ensures validated findings before presenting them to users.
The agent undertakes a three-step process: analyzing repositories for security-relevant structures, generating editable threat models, and using this context to identify and classify vulnerabilities based on their impact. These flagged issues undergo testing in a sandboxed environment to ensure their validity.
Path to Enhanced Security
When configured with a project’s specific environment, Codex Security can validate potential issues within the running system’s context. This deeper validation reduces false positives and facilitates the creation of working proofs-of-concept, providing security teams with stronger evidence and clearer remediation paths.
The final step involves suggesting fixes that align with system behaviors, minimizing regressions and easing the review and deployment processes. The launch of Codex Security follows closely behind Anthropic’s release of Claude Code Security, which also aims to enhance software codebase vulnerability scanning.
