OPENAI has rolled out Codex Security in a research preview for ChatGPT Pro, Enterprise, Business and Edu users, offering an AI-powered security agent that identifies vulnerabilities, validates findings, and suggests fixes.
In its beta, Codex Security has scanned more than 1.2 million commits across external repositories in the last 30 days, identifying 792 critical findings and 10,561 high-severity findings, with open-source projects such as OpenSSH, GnuTLS, GOGS, Thorium, libssh, PHP and Chromium among those affected.
OpenAI describes Codex Security as building deep context about a project, creating an editable threat model, and using that context to classify findings by real-world impact, before pressure-testing issues in a sandbox. The three-stage process starts with analysing a repository to map security-relevant structures and exposures, then identifies and classifies vulnerabilities, and finally proposes fixes that align with the system’s behaviour to reduce regressions.
Some of the highlighted issues include CVE-2026-24881 and CVE-2026-24882 in GnuPG, CVE-2025-32988 and CVE-2025-32989 in GnuTLS, and multiple CVEs in Thorium; OpenAI notes that there has been a more than 50% decline in false positives across repositories as precision has improved.