OpenAI has introduced Codex Security, an AI-powered security agent designed to detect vulnerabilities in source code at scale. During its beta phase, the system analyzed more than 1.2 million commits and identified 792 critical and 10,561 high-severity vulnerabilities across widely used open source projects, several of which have already received official CVE identifiers. This signals a notable shift toward using generative AI as a first-line tool in application security and secure software development lifecycles (SSDLC).
Access to OpenAI Codex Security and evolution from project Aardvark
At this stage, Codex Security is available as a research preview for ChatGPT Pro, Enterprise, Business, and Edu subscribers via the Codex web interface. OpenAI has announced that the service will be free during the first month, allowing development and security teams to trial the agent within their existing SSDLC and application security pipelines without immediate licensing constraints.
The product is an evolution of OpenAI’s internal project Aardvark, an experimental AI agent previously tested in a closed beta. Aardvark was positioned as an autonomous assistant for developers and security engineers, capable not only of detecting flaws in large codebases but also of automatically proposing fixes. During internal trials it uncovered, among other issues, an SSRF (Server-Side Request Forgery) vulnerability and a critical cross-tenant authentication bypass bug, both of which were remediated by the engineering team.
How OpenAI Codex Security works: from threat modeling to AI vulnerability detection
Unlike traditional static application security testing (SAST) tools that rely heavily on predefined rules and signatures, Codex Security takes a more context-aware approach. The agent does not limit itself to linear scanning of source files. Instead, it begins by examining the repository structure, application architecture, and business context to build a tailored threat model for the specific project.
This threat model focuses on questions security experts typically ask during manual reviews: Which data is most sensitive? How are authentication and authorization implemented? Which external services and APIs are integrated? How does data flow between components? By reasoning about these aspects, the AI attempts to identify attack paths rather than isolated coding mistakes, aligning more closely with how experienced security auditors operate.
The generated threat model is editable. Security engineers can refine attack scenarios, adjust risk priorities, and explicitly mark critical assets or regulatory constraints. This tuning allows organizations to adapt Codex Security to their specific environment, reduce irrelevant findings, and better align scan results with their risk appetite and compliance requirements (for example, PCI DSS or healthcare data regulations).
Reducing false positives with sandbox-based verification
A persistent challenge with classic SAST solutions is the high rate of false positives, which overloads AppSec teams and slows remediation. Codex Security addresses this by attempting to validate suspected vulnerabilities in a sandboxed environment. When the AI flags a suspicious code location, it then tries to demonstrate exploitability under controlled conditions rather than merely warning about a theoretical issue.
According to OpenAI, beta testing showed that this verification step reduced false positives by more than 50% across analyzed repositories. For some projects, “noise” from low-impact or hard-to-exploit issues dropped by up to 84%. This is significant for organizations already struggling to process large SAST reports; it allows security teams to concentrate on genuinely exploitable and high-impact vulnerabilities.
Discovered vulnerabilities and assigned CVEs in major open source projects
OpenAI reports that Codex Security has already found vulnerabilities in several widely used open source projects, including OpenSSH, GnuTLS, GOGS, Thorium, libssh, PHP, and Chromium. A subset of these findings has been assigned official CVE identifiers, underscoring that the issues meet established criteria for publicly documented security flaws.
Among the published identifiers are CVE-2025-32988 and CVE-2025-32989 in GnuTLS, CVE-2025-64175 and CVE-2026-25242 in GOGS, as well as a series of vulnerabilities in the Thorium browser (from CVE-2025-35430 through CVE-2025-35436). The fact that an AI agent is uncovering issues in core cryptographic libraries, SSH components, and browser engines highlights its potential impact on software supply chain security, where a single defect can cascade into thousands of downstream products.
After completing its analysis, Codex Security generates proposed patches that aim to address the vulnerability while preserving the intended behavior of the system and reducing the chance of regressions. Development teams can review, edit, and apply these patches directly from the interface, integrating the AI agent into their existing code review and CI/CD workflows.
Support for open source and competition in AI-driven security tools
In parallel with the product launch, OpenAI announced the Codex for OSS initiative. Under this program, maintainers of open source projects can receive free ChatGPT Pro accounts and access to Codex Security for vulnerability discovery. The goal is to reduce the accumulated technical debt in open source ecosystems and raise the baseline of code security through proactive, automated analysis.
The emergence of OpenAI Codex Security is part of a broader trend of integrating generative AI into cybersecurity. Only weeks earlier, Anthropic introduced a competing solution, Claude Code Security. Together with traditional SAST, dynamic testing, and manual penetration testing, AI agents are forming a new category of context-aware application security tools that can both detect vulnerabilities and suggest tailored remediation steps.
For organizations building and maintaining software, it is increasingly important to plan how AI agents like OpenAI Codex Security will fit into their development pipelines: triggering scans on pull requests, using AI-assisted threat models to prioritize backlog items, and maintaining ongoing collaboration between engineering and security teams. Open source maintainers should consider joining support programs to reduce risk for their users and strengthen trust in their projects. As AI-based vulnerability detection becomes a standard element of the secure SDLC, it will become significantly harder for attackers to exploit overlooked errors in modern software.
