OpenAI Introduces Codex Security: An AI Agent to Tackle Code Vulnerabilities
OpenAI recently unveiled Codex Security, an innovative AI-driven security agent. This tool is designed to detect, validate, and suggest solutions for software vulnerabilities on a large scale. As of March 6, it is in research preview and available to ChatGPT Pro, Enterprise, Business, and Education customers, with the first month of usage being free.
In its beta phase, Codex Security analyzed over 1.2 million commits from external repositories within a span of 30 days. The results were impressive, with 792 critical findings and 10,561 high-severity issues identified. The agent found vulnerabilities in major open-source projects such as OpenSSH, GnuTLS, GOGS, Chromium, and PHP, contributing to the reporting of 14 CVEs.
Codex Security is a progression from OpenAI’s Aardvark project. It tackles a recurring issue in software development: security tools generating an overwhelming number of false positives. According to OpenAI, false positive rates decreased by over 50% during testing. Furthermore, over-reported severity findings saw a reduction of more than 90%. The company stated, “It builds deep context about your project to identify complex vulnerabilities that other agentic tools miss.”
The introduction of Codex Security comes hot on the heels of Anthropic launching Claude Code Security. This has intensified competition in the AI-powered cybersecurity arena. OpenAI is now poised to compete not only with other AI labs but also with traditional application security vendors in this fast-paced market.
Source: https://openai.com/index/codex-security-now-in-research-preview/