OpenAI launched an AI agent for its Codex coding system to help developers deal with security risks.
Codex Security, released March 6, is available in research preview for ChatGPIT Enterprise, Business, and Education customers, the first month is free.
Codex Security analyzes the user’s code repository and produces a detailed natural-language description of how the application works, where it is strongest, and where there is potential security vulnerabilities may exist.
These potential flaws are tested in a sandbox to eliminate false positives, and the findings are ranked by potential severity and real-world impact. Finally, the agent generates a list of possible solutions for each problem, including the relevant code and an explanation in a common language. Developers can approve patches directly from the interface and push them to production.
“Most AI security tools only flag low-impact findings and false positives, forcing security teams to spend significant time on triage,” OpenAI said in a statement. release. “At the same time, agents are accelerating software development, making security reviews a serious bottleneck. Codex Security addresses both challenges.”
“By combining agentive reasoning from our boundary models with automated validation, it delivers high-confidence findings and actionable solutions so teams can focus on critical vulnerabilities and deploy secure code faster,” the vendor said.
In the last month, OpenAI Said the tool performed 1.2 million scans does (Fundamental operations in a software version control system) and identified 792 critical and 10,561 high-severity issues in the open source repository, including 14 vulnerabilities serious enough to be logged in the CVE (Common Vulnerabilities and Exposures) cybersecurity database managed by Miter Corporation.
San Francisco-based AI Frontier Lab said it has begun enlisting an initial batch of “open-source maintainers” to test Codex, with a view to expanding the program in the coming weeks.
Codex Security was first launched last year as a private beta called Aardvark, initially tested with a small group of customers.
The new launch comes about two weeks after Anthropic introduced Cloud Code Security, a competing tool that scans codebases, identifies vulnerabilities and suggests solutions.
