OpenAI launched an AI agent for its Codex coding system to help developers address security risks.
Codex Security, released on March 6, is available in research preview to ChatGPT Enterprise, Business, and Education customers, with the first month free.
Codex Security analyzes a user’s code repository and produces a detailed natural-language description of how the application works, where it is strongest, and where potential security vulnerabilities may exist.
These potential flaws are tested in a sandbox to rule out false positives, and the findings are ranked by potential severity and real-world impact. Finally, the agent creates a list of potential fixes for each issue, including the relevant code and a plain-language explanation. Developers can approve and push patches to production directly from the interface.
“Most AI security tools simply flag low-impact findings and false positives, forcing security teams to spend significant time on triage,” OpenAI said in a release. “At the same time, agents are accelerating software development, making security review an increasingly critical bottleneck. Codex Security addresses both challenges.”
“By combining agentic reasoning from our frontier models with automated validation, it delivers high-confidence findings and actionable fixes so teams can focus on the vulnerabilities that matter and ship secure code faster,” the vendor added.
Over the past month, OpenAI said the tool scanned 1.2 million commits (fundamental operations in a software version control system) and identified 792 critical and 10,561 high-severity problems across open source repositories, including 14 vulnerabilities serious enough to be logged in the CVE (common vulnerabilities and exposures) cybersecurity database managed by the Mitre Corporation.
The San Francisco-based AI frontier lab added that it has started onboarding an initial batch of “open-source maintainers” to test Codex, with a view to expanding the program in the coming weeks.
Codex Security first launched last year as a private beta called Aardvark, initially tested with a small group of customers.
The new launch comes about two weeks after Anthropic introduced Claude Code Security, a competing tool that similarly scans codebases, identifies vulnerabilities, and suggests fixes.
