OpenAI has announced the launch of Codex Security, an application security agent engineered to autonomously identify, validate, and remediate complex vulnerabilities within enterprise and open-source codebases.
Formerly known as Aardvark, the tool leverages frontier AI models to provide context-aware security assessments, aiming to replace noisy static analysis tools that inundate security teams with low-impact findings and false positives.
By automatically pressure-testing potential exploits and generating actionable patches, Codex Security addresses the growing code review bottleneck created by AI-assisted software development.
Starting today, the agent is rolling out in a research preview to ChatGPT Pro, Enterprise, Business, and Edu customers via the Codex web interface.
OpenAI Codex Security
Unlike traditional application security testing tools, Codex Security initiates its analysis by building a project-specific, editable threat model that maps system trust boundaries and exposure points. The agent utilizes this contextual understanding to prioritize vulnerabilities based on real-world impact, rather than generic heuristics.
To further eliminate noise, Codex Security actively validates its findings by executing proof-of-concept exploits within sandboxed environments. If a vulnerability is confirmed, the agent generates a contextual patch designed to minimize regressions and align with the surrounding system architecture.
During its private beta phase, the system demonstrated significant improvements in its signal-to-noise ratio. Across monitored repositories, OpenAI reported an 84% reduction in alert noise, a 90% decrease in over-reported severity levels, and more than a 50% drop in false positive rates.
The agent’s scalability was demonstrated over the last 30 days of the beta, during which it scanned over 1.2 million commits from external repositories. This analysis successfully identified 792 critical vulnerabilities and 10,561 high-severity issues, with critical flaws appearing in fewer than 0.1% of all scanned commits.
A core component of the Codex Security rollout is its application to critical open-source software (OSS). OpenAI utilized the agent to audit widely relied-upon projects such as OpenSSH, GnuTLS, PHP, and Chromium, prioritizing actionable intelligence over speculative reports. These scans resulted in the discovery of high-impact zero-day vulnerabilities and the assignment of 14 official CVEs.
To continually strengthen the OSS ecosystem, OpenAI is launching “Codex for OSS,” a program offering free access to ChatGPT Pro accounts, code review infrastructure, and Codex Security for qualifying open-source maintainers.
The following table details a selection of critical vulnerabilities discovered and validated by Codex Security across major open-source projects:
CVE IDCVSS ScoreAffected ComponentVulnerability Type & ContextCVE-2025-329908.2 (High)GnuTLS certtoolHeap-Buffer Overflow (Off-by-One) in template parsing.CVE-2025-64175N/AGOGSTwo-Factor Authentication (2FA) Security Bypass.CVE-2026-25242N/AGOGSUnauthenticated Access Control Bypass.CVE-2025-35430N/AAgent FrameworkPath Traversal leading to Arbitrary Write capabilities.CVE-2025-35431N/ALdapUserMapLDAP Injection affecting filters and distinguished names.CVE-2025-35432N/AVerification SystemsUnauthenticated Denial of Service (DoS) & Mail Abuse.CVE-2026-24881N/Agpg-agent (ECC KEM)Stack Buffer Overflow via PKDECRYPT.CVE-2025-11187N/APKCS#12 PBMAC1PBKDF2 KeyLength Overflow and MAC verification bypass.
Security and development teams are advised to review the official OpenAI developer documentation to configure repository integrations and establish baseline threat models. For open-source maintainers interested in leveraging these capabilities, applications for the Codex for OSS program are currently open through OpenAI’s platform.
Organizations utilizing the vulnerable software components listed above should immediately track vendor advisories and deploy the validated patches provided by their respective maintainers.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post OpenAI Launches Codex Security that Discover, Validate and Patch Vulnerabilities appeared first on Cyber Security News.
