OpenAI has launched Codex Security, an AI-powered security agent designed to identify, validate, and propose solutions to vulnerabilities in systems. This new service, which is available in preview mode for ChatGPT Pro, Enterprise, Business, and Edu users, will offer free access for one month to its innovative features.
Reduction of false positives
Codex Security is the evolution of Aardvark, presented in private beta in October 2025, with the aim of helping developers and security teams detect and fix vulnerabilities at scale. During its beta phase, Codex Security has scanned over 1.2 million commits in various open-source projects, identifying 792 critical findings and 10,561 high-severity findings. Among the detected vulnerabilities are issues in popular projects such as OpenSSH, GnuTLS, and PHP.
The company emphasizes that Codex Security combines the reasoning capabilities of its advanced models with automated validation, which minimizes the risk of false positives and delivers practical solutions. An analysis over time in specific repositories has shown an improvement in service accuracy and a 50% reduction in false positive rates.
The operation of Codex Security is based on three stages: first, it analyzes the structure of the repository to create an editable threat model that documents the system’s exposures. Then, it identifies vulnerabilities based on a real context and validates them in an isolated environment. Finally, it proposes solutions that best align with the system’s behavior, facilitating their review and deployment.
The launch of Codex Security comes at a time when competition in the software security field is increasing, especially after the recent launch of Claude Code Security by Anthropic, another agent that helps scan for vulnerabilities in software codebases.