Codex Security Launches to Find, Validate, and Patch Code Vulnerabilities

OpenAIOpenAI

· Updated

OpenAI launched Codex Security, an AI agent that identifies complex code vulnerabilities, validates them automatically, and proposes targeted fixes. It cuts triage noise significantly, so security teams focus on real threats rather than false positives.

Codex Security, OpenAI's application security agent, builds a project-specific threat model for each codebase — capturing what the system does, what it trusts, and where it's most exposed. It searches for vulnerabilities, validates findings in sandboxed environments, and proposes fixes aligned with surrounding code behavior. In beta, it scanned 1.2 million commits, surfaced 792 critical findings, and cut false positive rates by more than 50%.

Most AI security tools flood teams with noisy, low-impact reports. Codex Security addresses this bottleneck by grounding analysis in system-specific context, aligning reported severity with real-world risk. As AI agents accelerate development, security review is becoming a critical bottleneck — one Codex Security is built to solve.

Codex Security is rolling out in research preview for ChatGPT Pro, Enterprise, Business, and Edu customers via Codex web, with free usage for the next month. Access it through your ChatGPT account to configure scans for your team.

OpenAI Developers
OpenAI Developers
@OpenAIDevs
X

We're introducing Codex Security. An application security agent that helps you secure your codebase by finding vulnerabilities, validating them, and proposing fixes you can review and patch. Now, teams can focus on the vulnerabilities that matter and ship code faster. https://t.co/L9SkqrGro2

751retweets
View on X

Every HeadsUpAI update is written based on its original source and reviewed before it's published. Read our editorial standards →

Share this update