OpenAI has introduced Codex Security, an application security agent designed to identify complex vulnerabilities that traditional tools miss. The system combines agentic reasoning with automated validation to deliver high-confidence findings and actionable fixes, reducing the noise of false positives that plague security teams.

Formerly known as Aardvark, Codex Security began as a private beta and has already demonstrated significant improvements. Scans on the same repositories show precision increasing over time, with one case cutting noise by 84% since initial rollout. The system has reduced findings with over-reported severity by more than 90% and false positive rates by over 50% across all repositories.

Starting today, Codex Security is rolling out in research preview to ChatGPT Enterprise, Business, and Edu customers via Codex web with free usage for the next month. The tool builds system context, creates editable threat models, validates issues in sandboxed environments, and proposes fixes that align with system intent. Over the last 30 days, it scanned more than 1.2 million commits across external repositories, identifying 792 critical findings and 10,561 high-severity findings.