Codex Security Launches to Find, Validate, and Patch Code Vulnerabilities

Mar 6, 2026 · Updated Apr 25, 2026

Codex Security, OpenAI's application security agent, builds a project-specific threat model for each codebase — capturing what the system does, what it trusts, and where it's most exposed. It searches for vulnerabilities, validates findings in sandboxed environments, and proposes fixes aligned with surrounding code behavior. In beta, it scanned 1.2 million commits, surfaced 792 critical findings, and cut false positive rates by more than 50%.

Most AI security tools flood teams with noisy, low-impact reports. Codex Security addresses this bottleneck by grounding analysis in system-specific context, aligning reported severity with real-world risk. As AI agents accelerate development, security review is becoming a critical bottleneck — one Codex Security is built to solve.

Codex Security is rolling out in research preview for ChatGPT Pro, Enterprise, Business, and Edu customers via Codex web, with free usage for the next month. Access it through your ChatGPT account to configure scans for your team.

View the full update on openai.com

OpenAI Developers

@OpenAIDevsMar 6

We're introducing Codex Security. An application security agent that helps you secure your codebase by finding vulnerabilities, validating them, and proposing fixes you can review and patch. Now, teams can focus on the vulnerabilities that matter and ship code faster. https://t.co/L9SkqrGro2

751

View on X