Codex Security: OpenAI's AI Agent Hunts Bugs
OpenAI launches Codex Security in research preview — an autonomous agent that discovers, validates, and patches code vulnerabilities. It already found 14 CVEs in OpenSSH, GnuTLS, and Chromium.
An AI agent just found a critical authentication bypass in GOGS, a heap buffer overflow in GnuTLS, and a stack buffer overflow in gpg-agent. Fourteen CVEs and counting — all discovered by Codex Security, OpenAI's new application security agent that shipped in research preview on March 6.
The pitch is simple: point it at a codebase, and it reads the code the way a human security researcher would. It builds a threat model, hunts for vulnerabilities, validates them in sandboxed environments, and proposes patches. Not the kind of static analysis that flags every unused variable — the kind that finds real, exploitable bugs in production systems like OpenSSH and Chromium.
How It Actually Works
Codex Security evolved from Project Aardvark, which ran as a private beta last year. The workflow is three stages. First, it analyzes your repository and generates an editable threat model — a map of what the system does, what it trusts, and where it's exposed. Second, it uses that threat model as context to search for vulnerabilities, pressure-testing findings in sandboxed environments to distinguish real issues from noise. Third, it proposes patches grounded in system-specific context, so fixes align with surrounding behavior rather than blindly plugging holes.
The threat model is the critical piece. Most AI security tools scan code in isolation, which is why they drown you in false positives. Codex Security knows what your application actually does — which endpoints handle authentication, which data stores contain sensitive information, where trust boundaries exist — and uses that context to prioritize findings by real-world impact.
The Numbers So Far
Over the last 30 days of beta testing, Codex Security scanned more than 1.2 million commits across external repositories. It flagged 792 critical findings and 10,561 high-severity findings. Critical issues appeared in under 0.1% of scanned commits — a signal-to-noise ratio that actually respects a security team's time.
OpenAI claims an 84% reduction in noise on repeated scans of the same repos, with false positive rates cut by more than 50% and over-reported severity reduced by more than 90%. The agent also learns from your feedback: adjust the criticality of a finding, and it refines the threat model for subsequent runs.
| Spec | Detail |
|---|---|
| Origin | Evolved from Project Aardvark |
| CVEs found | 14 assigned (OpenSSH, GnuTLS, GOGS, Chromium, PHP, libssh, gpg-agent) |
| Beta stats (30 days) | 1.2M commits scanned, 792 critical / 10,561 high-severity findings |
| Noise reduction | 84% less noise, 50%+ fewer false positives, 90%+ reduction in over-reported severity |
| Availability | Research preview via Codex web — ChatGPT Pro, Enterprise, Business, Edu |
| Pricing | Free usage for the first month |
Who Gets It?
Codex Security is rolling out now to ChatGPT Pro, Enterprise, Business, and Edu customers through Codex web. Usage is free for the next month — OpenAI hasn't announced post-preview pricing yet.
There's also an open-source angle. OpenAI has been scanning the open-source dependencies it relies on and reporting high-confidence vulnerabilities to maintainers. The company is onboarding an initial cohort of open-source maintainers into "Codex for OSS," which provides free ChatGPT Pro and Plus accounts, code review access, and Codex Security scans. Projects like vLLM are already using it as part of their regular workflow.
Does Security Need Another Scanner?
Every enterprise security team already runs Snyk, SonarQube, Semgrep, or some combination. The pitch for Codex Security isn't that it replaces those tools — it's that agentic reasoning catches what pattern-matching misses. A cross-tenant auth bypass doesn't show up in a CVE database until someone finds it. An SSRF that only works because of how your specific middleware chains requests won't trigger a static analysis rule.
NETGEAR's head of product security called it like working with "an experienced product security researcher." That's the right frame — it's less a scanner and more an autonomous researcher you can assign to your codebase. Whether it justifies its cost after the free month ends will depend on how many teams discover their own version of those GnuTLS heap overflows. If you're shipping code with GPT-5.4 or using Symphony to generate PRs autonomously, having an equally autonomous agent reviewing the output for security holes is the obvious next step.