Wedoany.com Report on 9th, Recently, US artificial intelligence company OpenAI recently launched Codex Security, an AI-powered security agent specifically designed to detect and validate code vulnerabilities and provide remediation suggestions. The tool is now available in a research preview to ChatGPT Pro, Enterprise, Business, and Education customers via the Codex web interface and will be free to use next month.

During a recent 30-day test, Codex Security scanned over 1.2 million commits from external code repositories, identifying 792 critical issues and 10,561 high-risk vulnerabilities. These vulnerabilities involved multiple open-source projects such as OpenSSH, GnuTLS, GOGS, Thorium, libssh, PHP, and Chromium, including specific cases like CVE-2026-24881 and CVE-2026-24882 for GnuPG, and CVE-2025-32988 and CVE-2025-32989 for GnuTLS.

OpenAI stated that Codex Security is based on an evolved version of Aardvark and was launched as a private beta in October 2025, aiming to help developers and security teams handle security vulnerabilities at scale. The agent leverages the reasoning capabilities of cutting-edge models combined with an automated verification mechanism to reduce the risk of false positives and provide actionable fixes. The company said: "It builds deep contextual understanding of projects, identifies complex vulnerabilities that other tools might miss, and presents high-confidence findings and remediation suggestions, thereby enhancing system security and reducing noise from irrelevant errors."

According to OpenAI, Codex Security's workflow consists of three steps: first, analyzing the codebase to understand the system structure and security-relevant parts, generating an editable threat model; second, identifying and categorizing vulnerabilities based on system context, validating their effectiveness in a sandbox environment; and finally, proposing remediation solutions that match system behavior to reduce regression issues and simplify review and deployment. Continuous scanning shows the tool's precision has improved, with the false positive rate dropping by over 50% across all codebases.

In a statement shared with The Hacker News, OpenAI emphasized that Codex Security improves the signal-to-noise ratio by validating findings based on system context. The company added: "When configured with custom environments, Codex Security can directly validate potential issues within the running system. This deep verification further reduces false positives and provides security teams with a clearer remediation path." Previously, Anthropic also launched a similar tool, Claude Code Security, for scanning codebase vulnerabilities and suggesting patches.