OpenAI Launches ‘Codex Security’ AI Agent to Hunt and Fix Software Vulnerabilities

OpenAI has introduced Codex Security, an AI-powered application security agent designed to automatically detect and fix vulnerabilities in software code.

The tool is currently available in research preview for enterprise, business and education customers.

Last month, OpenAI unveiled the Codex App to help developers write, edit and explore code more efficiently across mobile and desktop devices.

Codex Security analyses code repositories to identify potential weaknesses, validate whether they can be exploited, and suggest fixes. The system can also generate proof-of-concept exploits in controlled environments to confirm the severity of vulnerabilities before recommending patches.

The tool evolved from an internal research project called Aardvark, which OpenAI had previously tested with a small group of customers. During early testing, the system analysed external-facing code repositories and identified nearly 800 critical findings and more than 10,500 high-severity security issues, demonstrating the potential of AI-driven security reviews.

Codex Security has already been used to uncover bugs in widely used open-source software projects, including OpenSSH, GnuTLS and Chromium.

The launch comes as cybersecurity teams face growing pressure from increasingly sophisticated attacks, including those that use AI tools. By automating parts of the vulnerability discovery process, OpenAI aims to help developers and security teams detect flaws faster and strengthen defenses before attackers can exploit them.

The release also signals intensifying competition among AI companies to build tools that support secure software development and protect critical digital infrastructure.