OpenAI is rolling out Codex Security, an application security agent that builds deep context about projects to identify complex vulnerabilities. Available in research preview for ChatGPT Enterprise, Business, and Edu customers, it will be free for the first month. The tool aims to reduce the burden of triaging low-impact findings by aligning reported severity with real-world risks and offering actionable fixes. Codex Security evolved from OpenAI’s Aardvark, a private beta launched last year that detected severe flaws like cross-tenant authentication vulnerabilities.
In early deployments, it surfaced critical issues such as SSRF exploits, which were patched within hours. Testing improvements have cut noise by 84% and reduced false positives by more than 50%, enhancing its precision and usability for security teams.
In the past month, Codex Security scanned 1.2 million code commits, identifying 792 critical and 10,561 high-severity issues. OpenAI reports these included findings in prominent open-source projects like OpenSSH, GnuTLS, and Chromium. By validating suspected vulnerabilities before proposing fixes, the tool enables security teams to prioritize confirmed threats.
With attackers increasingly weaponizing AI, tools like Codex Security may become central to enterprise defense strategies. One possible future sees deep integration of such agents into development pipelines, automating much of vulnerability detection and remediation. Alternatively, enterprises may opt for a multi-vendor approach, balancing AI lab offerings with traditional cybersecurity solutions to mitigate dependency risks.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
