Originally reported by The Hacker News
TL;DR
OpenAI launched Codex Security, an AI-powered security agent that scans code repositories to identify and propose fixes for vulnerabilities. In initial testing, the tool analyzed 1.2 million commits and discovered 10,561 high-severity security issues.
New AI-powered security tool from major provider with demonstrated capability finding thousands of vulnerabilities. While significant for the industry, no immediate threat or exploitation involved.
OpenAI launched Codex Security on Friday, an artificial intelligence agent designed to autonomously identify, validate, and propose remediation for security vulnerabilities in code repositories. The tool enters research preview for ChatGPT Pro, Enterprise, Business, and Education customers through the Codex web interface, with free usage available for the first month.
The AI agent's initial deployment scanned 1.2 million code commits across various repositories, identifying 10,561 high-severity security vulnerabilities. OpenAI reports that Codex Security builds comprehensive project context to improve detection accuracy beyond traditional static analysis tools.
The system combines deep learning models trained on security patterns with real-time code analysis capabilities. According to OpenAI, the agent can understand complex code relationships and identify vulnerabilities that might escape conventional scanning tools due to their contextual nature.
Codex Security operates as an autonomous agent within the broader Codex platform, leveraging OpenAI's language models to understand both code structure and security implications. The tool provides:
The research preview status indicates OpenAI continues refining the system's accuracy and reducing false positive rates common in automated security scanning tools.
The deployment represents a significant development in AI-assisted security tooling, potentially accelerating vulnerability detection in enterprise environments. The scale of vulnerabilities identified in the initial scan suggests many organizations may have substantial unaddressed security debt in their codebases.
Security teams evaluating the tool should consider integration requirements, accuracy validation processes, and how AI-generated findings align with existing vulnerability management workflows. The one-month free usage period provides an opportunity for organizations to assess the tool's effectiveness against their specific codebases.
https://thehackernews.com/2026/03/openai-codex-security-scanned-12.html
Originally reported by The Hacker News