OpenAI has launched a research preview of Codex Security, a new AI-powered security agent. The tool is designed to autonomously discover, validate, and propose fixes for software vulnerabilities. Initially available to ChatGPT Pro, Enterprise, Business, and Edu customers via the web, the service will be free for its first month of operation. According to OpenAI, the agent builds deep contextual understanding of a codebase to uncover complex security issues that other automated tools might miss, aiming to provide high-confidence findings with actionable fixes while reducing alert noise.
This new agent is an evolution of a previous tool called Aardvark, which was in private beta as of October 2025. During its recent beta testing phase over the past 30 days, Codex Security has already scanned more than 1.2 million commits across external code repositories. The scans identified 792 critical vulnerabilities and 10,561 high-severity security issues. These findings span numerous prominent open-source projects, including OpenSSH, GnuTLS, PHP, Chromium, and libssh.
OpenAI states that Codex Security leverages the advanced reasoning capabilities of its frontier AI models, combined with automated validation processes. This approach is intended to significantly minimize false positives and deliver reliable, actionable remediation guidance. The company reports that its scanning accuracy has improved over time, with false positive rates across all monitored repositories dropping by more than 50%.
The agent operates in a three-step process: it first analyzes a repository to gather context, then identifies potential vulnerabilities, and finally validates its findings before presenting them to users. This methodology is central to OpenAI's goal of improving the signal-to-noise ratio in vulnerability management. By grounding discoveries in full system context and pre-validating issues, Codex Security aims to help developers and security teams focus on the most critical threats to their systems.
