🛡🛡🛡 OpenAI launches Codex Security - a set of tools for automatically finding vulnerabilities in code.
GPT-5.3-Codex is the first model that OpenAI has classified as "High capability" for cybersecurity tasks. It is the first model specifically trained to find vulnerabilities in software. When tested on external repositories, it found about 800 critical and over 10,500 high-priority issues.
The main product of the line is the Aardvark agent. It autonomously analyzes a repository, builds a threat model of the project, scans each commit for vulnerabilities, and attempts to exploit found bugs in an isolated environment. If a vulnerability is confirmed, it generates a patch via Codex. During the beta testing period, Aardvark found vulnerabilities that were assigned 10 CVE identifiers. Now OpenAI is expanding the beta and offering free scanning for popular open-source projects, including Next.js.
A separate story is Trusted Access for Cyber. This is a program of controlled access to the model's cyber capabilities. High-risk requests are automatically redirected to the less capable GPT-5.2. There is a separate application for legitimate security researchers to gain full access. Additionally, OpenAI is allocating $10M in API credits to protect open-source and critical infrastructure.
An interesting case: in December 2025, an engineer from Privy (a Stripe company) found several previously unknown vulnerabilities in React Server Components within one week using GPT-5.1-Codex-Max, which were responsibly disclosed to the React team.
https://openai.com/index/codex-security-now-in-research-preview/