
Codex Security is an application security agent from OpenAI, now in research preview. It builds deep, project-specific context to identify complex vulnerabilities that other agentic tools miss. By combining frontier-model reasoning with automated validation, it surfaces high-confidence findings and actionable fixes, helping teams focus on the vulnerabilities that truly matter and ship secure code faster.
Codex Security analyzes your repository to understand its security-relevant structure, then generates an editable threat model that captures what the system does, what it trusts, and where it is most exposed. This model keeps the agent aligned with your team's unique context.
Using the threat model as context, it searches for vulnerabilities and categorizes findings by expected real-world impact. Where possible, it pressure-tests issues in sandboxed validation environments to distinguish signal from noise, reducing false positives and over-reported severity.
Codex Security proposes fixes that align with system intent and surrounding behavior, enabling patches that improve security while minimizing regressions. Users can filter findings to focus on the highest-impact issues, making remediation safer and faster to review.
"By combining agentic reasoning from our frontier models with automated validation, it delivers high-confidence findings and actionable fixes so teams can focus on the vulnerabilities that matter."
This approach directly tackles the noise problem plaguing most AI security tools. Early internal deployments surfaced a real SSRF and a critical cross-tenant authentication vulnerability, with patches deployed within hours. Over the beta period, scans on the same repositories cut noise by 84%, reduced over-reported severity by more than 90%, and halved false positive rates across all repositories.
You're a security or development team using ChatGPT Pro, Enterprise, Business, or Edu and want to move beyond noisy, low-impact vulnerability scanners. Codex Security is especially valuable if you're shipping code rapidly and need a tool that understands your system's unique architecture, validates findings in context, and proposes patches that won't break existing functionality. The research preview includes free usage for the next month, making it a low-risk opportunity to evaluate how agent-driven security can accelerate your workflow.
Other tools you might consider
Loading comments…
Maker
moonbyte
Visit Website
openai.com/index/codex-security-now-in-research-preview/
Project Info
Product Keywords
Alternatives
Achievement