Artificial intelligence company OpenAI has started rolling out its new AI-powered security tool “Codex Security.” It is an advanced application security agent designed to identify, validate, and suggest fixes for vulnerabilities present in software code.
The feature is currently available as a research preview for ChatGPT Pro, Enterprise, Business, and Edu customers through the Codex web platform. According to OpenAI, the tool will be free to use for the next month.
The company said the system builds deep context about a project to identify complex vulnerabilities that traditional or automated tools often miss. It also reduces the noise of low-priority bugs while providing high-confidence security findings.
FCRF Launches Flagship Certified Fraud Investigator (CFI) Program
Built as an Evolution of the Aardvark Project
Codex Security is an advanced version of OpenAI’s earlier project “Aardvark,” which was introduced in private beta in October 2025. The initiative was designed to help developers and security teams detect and fix security vulnerabilities at scale.
Key Results From Beta Testing
According to OpenAI, during the last 30 days of beta testing, Codex Security analyzed more than 1.2 million code commits across external repositories.
During this process, the system identified:
- 792 critical vulnerabilities
- 10,561 high-severity vulnerabilities
These vulnerabilities were discovered in several widely used open-source projects, including:
- OpenSSH
- GnuTLS
- GOGS
- Thorium
- libssh
- PHP
- Chromium
Some of the discovered flaws have been officially recorded as CVE (Common Vulnerabilities and Exposures) entries.
For example:
- GnuPG: CVE-2026-24881, CVE-2026-24882
- GnuTLS: CVE-2025-32988, CVE-2025-32989
- GOGS: CVE-2025-64175, CVE-2026-25242
- Thorium: CVE-2025-35430 to CVE-2025-35436
Improved Accuracy With Fewer False Positives
OpenAI said Codex Security uses the reasoning capabilities of advanced AI models combined with an automated validation system.
Testing over time showed that:
- False-positive alerts dropped by more than 50%
- The overall accuracy of security analysis improved significantly
How Codex Security Works
The AI agent operates in three main stages:
1. System Analysis and Threat Modeling
First, it analyzes a code repository to understand the system’s architecture, potential attack surfaces, and security risks, creating an editable threat model.
2. Vulnerability Detection and Validation
The AI then identifies potential vulnerabilities and classifies them based on their real-world impact. These findings are validated in a sandbox environment to confirm whether they are exploitable.
3. Fix and Patch Recommendations
Finally, the system proposes security patches or code fixes that align with the software’s behavior and reduce the chances of introducing new bugs.
According to OpenAI, when Codex Security is configured with an environment tailored to a project, it can validate vulnerabilities directly within the context of the running system, giving security teams stronger evidence and a clearer path to remediation.
FutureCrime Summit 2026: Registrations to Open Soon for India’s Biggest Cybercrime Conference
Growing Competition in AI Security Tools
The launch of Codex Security comes shortly after Anthropic introduced its own tool, “Claude Code Security,” which also scans software codebases for vulnerabilities and recommends patches.
Cybersecurity experts believe that AI-powered code security tools will increasingly automate vulnerability detection and remediation, making software development safer while reducing the workload for developers and security teams.
About the author – Ayesha Aayat is a law student and contributor covering cybercrime, online frauds, and digital safety concerns. Her writing aims to raise awareness about evolving cyber threats and legal responses.
