OpenAI Rolls Out Codex Security Vulnerability Scanner

OpenAI is rolling out a new AI-powered software vulnerability scanner that the company claims can identify complex issues that other agentic tools may miss.

Named Codex Security (formerly Aardvark⁠), the tool is currently in research preview, but it has been tested in private beta since last year, including by major companies such as Netgear. 

Codex Security is now available to ChatGPT Pro, Enterprise, Business, and Edu customers with free usage for the next month.

The AI giant says its new tool is designed to analyze repositories for system context and create a threat model focusing on the system’s role, trusted components, and exposures. 

Based on the generated threat model, Codex looks for vulnerabilities and rates them by potential real-world impact. It then also proposes patches for the identified flaws.

According to OpenAI, Codex Security has been tested against 1.2 million commits over the past 30 days, identifying nearly 800 critical vulnerabilities and more than 10,000 high-severity issues. 

Vulnerabilities have been found in widely used open source projects such as Chromium, OpenSSL, PHP, GOGS, and GnuTLS.

OpenAI’s announcement comes shortly after Claude unveiled its own AI vulnerability scanner, Claude Code Security, which led to the stocks of major cybersecurity companies tumbling.

AI-powered vulnerability scanners are not new. GitHub has offered these capabilities for years, and Google claims to have made significant progress in this area.    

Related: Hackers Weaponize Claude Code in Mexican Government Cyberattack

Related: OpenClaw Vulnerability Allowed Websites to Hijack AI Agents

Related: Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise