OpenAI unveils Codex Security to automate code security reviews

Driving the news: Codex Security evolved from Aardvark, a security research agent that OpenAI began testing last year with a small group of customers.

• The platform analyzes code repositories, pressure-tests suspected vulnerabilities in sandboxed environments, generates proof-of-concept exploits to confirm impact, and proposes fixes.
• OpenAI is rolling out Codex Security as a research preview to Enterprise, Business and education customers starting today, allowing those customers to use the tool for free for the first month.

What they're saying: "We wanted to make sure that we're empowering defenders," Ian Brelinsky, a member of OpenAI's Codex Security team, told Axios.

By the numbers: OpenAI says Codex Security identified nearly 800 critical findings, including more than 10,500 high-severity issues, in external-facing code repositories during testing.

• The company has already used Codex Security to identify bugs across open-source projects like OpenSSH, GnuTLS, Chromium and more.

The big picture: As attackers weaponize AI models, frontier AI labs are increasingly rolling out new ways to help defenders beef up their own security.

• Anthropic made a similar move last month when it introduced Claude Code Security — rattling share prices for traditional cybersecurity vendors.

Yes, but: Many security executives argue enterprises will likely continue to rely on a mix of vendors, rather than depend solely on the same AI platform provider to both build and secure their systems.

What's next: Code security is just one part of the broader cybersecurity ecosystem, and Brelinsky said that the company is eying ways to bring more agentic capabilities to defenders.

Go deeper: AI apocalypse isn't coming for cybersecurity industry