Back

OpenAI Launches Codex Security Agent, Scans 1.2 Million Code Commits

lite News Desk 2 min read

At a glance

  • OpenAI began research preview rollout of Codex Security on March 6-7, 2026
  • Codex Security scanned over 1.2 million code commits in 30 days
  • The tool identified 792 critical and 10,561 high-severity findings

OpenAI initiated the research preview of Codex Security, an AI-driven application security agent, on March 6-7, 2026. The tool is designed to identify software vulnerabilities by analyzing code repositories and proposing fixes.

During its 30-day beta period, Codex Security scanned more than 1.2 million commits across external repositories. The application is accessible to ChatGPT Pro, Enterprise, Business, and Edu customers, with the first month offered at no cost.

Codex Security detected 792 critical-severity issues and 10,561 high-severity issues in the code it reviewed. The tool validated vulnerabilities in several open-source projects, including OpenSSH, GnuTLS, GOGS, Thorium, libssh, PHP, and Chromium.

According to OpenAI, Codex Security builds a threat model tailored to each project, tests findings in isolated environments, and suggests remediation steps for human review. The company stated that the tool reduces false positives by over 50% and lowers noise by 84%.

What the numbers show

  • Codex Security scanned more than 1.2 million commits in 30 days
  • 792 critical-severity and 10,561 high-severity findings were identified
  • OpenAI stated the tool cuts false positives by over 50% and noise by 84%

The research preview phase makes Codex Security available to a range of customers, with free access for the first month. The tool represents an advancement from Aardvark, which OpenAI introduced in private beta in October 2025.

Codex Security’s process involves creating a project-specific threat model and validating potential vulnerabilities in sandboxed environments. The tool then proposes fixes, which are subject to human review before implementation.

OpenAI confirmed that Codex Security has already been applied to well-known open-source projects to validate its effectiveness. The company reported that the tool is intended to support developers in identifying and addressing security risks in their codebases.

By making Codex Security available as a research preview, OpenAI is collecting feedback and data on its performance across a variety of real-world projects. The company stated that the tool’s approach is designed to help reduce unnecessary alerts and streamline the vulnerability management process.

* This article is based on publicly available information at the time of writing.

Sources and further reading

Note: This section is not provided in the feeds.

Related Articles

  1. Anthropic introduced Claude Code Security to detect software vulnerabilities. Cybersecurity stocks declined, according to market data.

  2. A recent funding round raised $14.5 million, bringing total investment to $18.8 million, according to company statements.

  3. Fraudulent IRS messages targeting taxpayers are on the rise, with nearly 25% of Americans falling victim to scams in 2025, according to reports.

  4. OpenAI retired the GPT-4o model from ChatGPT on February 13, 2026, affecting 800,000 daily users, while business access continues until April 2026.

  5. Bumble reported a contractor account compromise due to phishing, according to the company. ShinyHunters claimed breaches of Bumble and Match Group.

More on Technology

  1. TorchLight is now a certified cybersecurity vendor for over 400 educational institutions, according to official contracts.

  2. Researchers developed phantom codes to improve quantum error correction. This method achieved over 100,000 instances with reduced logical infidelity.

  3. In March 2026, Claude AI outages peaked at 4,000 reports. Issues were linked to scaling and infrastructure challenges, according to Anthropic.