Ethical Hacking News

OpenAI's Codex Security: Revolutionizing AI-Powered Vulnerability Scanning

OpenAI's Codex Security is a game-changing feature that leverages AI-powered vulnerability scanning tools to improve the overall security posture of software systems. With its ability to identify complex vulnerabilities, deliver actionable fixes, and reduce false positives, Codex Security has the potential to revolutionize the field of application security.

Codex Security is an AI-powered security agent designed to find, validate, and propose fixes for vulnerabilities in software systems.

The feature is available in a research preview to select customers via the Codex web with free usage for the next month.

Codex Security leverages reasoning capabilities of its frontier models and automated validation to minimize false positives and deliver actionable fixes.

It can build deep context about a project to identify complex vulnerabilities that other agentic tools miss.

The feature has shown increasing precision and declining false positive rates, with a 50% decline across all repositories.

Codex Security represents an evolution of Aardvark, which was unveiled in private beta in October 2025.

The feature identified over 1.2 million commits across external repositories, including critical and high-severity findings in various open-source projects.

OpenAI has recently rolled out its highly anticipated feature, Codex Security, an artificial intelligence (AI)-powered security agent designed to find, validate, and propose fixes for vulnerabilities in software systems. The introduction of this innovative feature marks a significant milestone in the evolution of application security, bringing forth unprecedented possibilities for developers, security teams, and organizations alike.

Codex Security is currently available in a research preview to ChatGPT Pro, Enterprise, Business, and Edu customers via the Codex web with free usage for the next month. This signifies a pivotal moment in the industry as it paves the way for widespread adoption of AI-powered vulnerability scanning tools, ultimately enhancing the overall security posture of software systems.

According to OpenAI, Codex Security leverages the reasoning capabilities of its frontier models and combines them with automated validation to minimize the risk of false positives and deliver actionable fixes. This innovative approach not only increases the accuracy of vulnerability detection but also streamlines the process of identifying and remediating vulnerabilities in software systems.

The feature's ability to build deep context about a project to identify complex vulnerabilities that other agentic tools miss has garnered significant attention from the cybersecurity community. Moreover, its capacity to surfacing higher-confidence findings with fixes that meaningfully improve the security of a system while sparing users from the noise of insignificant bugs is truly impressive.

In an effort to further improve the efficacy of Codex Security, OpenAI's scans on various repositories over time have demonstrated increasing precision and declining false positive rates, with the latter falling by more than 50% across all repositories. This impressive feat underscores the feature's ability to learn from its environment and adapt to new situations.

Furthermore, Codex Security represents an evolution of Aardvark, which OpenAI unveiled in private beta in October 2025 as a way for developers and security teams to detect and fix security vulnerabilities at scale. Over the last 30 days, Codex Security has scanned more than 1.2 million commits across external repositories, identifying 792 critical findings and 10,561 high-severity findings.

These findings include vulnerabilities in various open-source projects such as OpenSSH, GnuTLS, GOGS, Thorium, libssh, PHP, and Chromium, among others. The list of identified vulnerabilities includes:

* GnuPG - CVE-2026-24881, CVE-2026-24882
* GnuTLS - CVE-2025-32988, CVE-2025-32989
* GOGS - CVE-2025-64175, CVE-2026-25242
* Thorium - CVE-2025-35430, CVE-2025-35431, CVE-2025-35432, CVE-2025-35433, CVE-2025-35434, CVE-2025-35435, CVE-2025-35436

According to OpenAI, the latest iteration of the application security agent leverages the reasoning capabilities of its frontier models and combines them with automated validation to minimize the risk of false positives and deliver actionable fixes. This iterative approach enables Codex Security to continuously improve its accuracy and effectiveness.

The feature's ability to validate potential issues directly in the context of a running system has been praised for its potential to reduce false positives even further and enable the creation of working proofs-of-concept, giving security teams stronger evidence and a clearer path to remediation.

In conclusion, Codex Security represents a significant breakthrough in AI-powered vulnerability scanning tools, offering unparalleled possibilities for developers, security teams, and organizations alike. Its innovative approach, precision, and accuracy have garnered widespread attention from the cybersecurity community, and its potential to revolutionize the field of application security cannot be overstated.

Related Information:

https://www.ethicalhackingnews.com/articles/OpenAIs-Codex-Security-Revolutionizing-AI-Powered-Vulnerability-Scanning-ehn.shtml

https://thehackernews.com/2026/03/openai-codex-security-scanned-12.html

https://openai.com/index/codex-security-now-in-research-preview/

https://nvd.nist.gov/vuln/detail/CVE-2025-32988

https://www.cvedetails.com/cve/CVE-2025-32988/

https://nvd.nist.gov/vuln/detail/CVE-2025-32989

https://www.cvedetails.com/cve/CVE-2025-32989/

https://nvd.nist.gov/vuln/detail/CVE-2025-64175

https://www.cvedetails.com/cve/CVE-2025-64175/

https://nvd.nist.gov/vuln/detail/CVE-2026-24881

https://www.cvedetails.com/cve/CVE-2026-24881/

https://nvd.nist.gov/vuln/detail/CVE-2026-24882