Codex Security enters research preview as OpenAI’s application security agent

On March 6, 2026, OpenAI announced on X that Codex Security is now in research preview. The product is described as an application security agent that understands project context well enough to find, validate, and even help patch vulnerabilities instead of simply generating generic code review comments.

OpenAI says Codex Security, previously developed under the Aardvark name, analyzes repositories with a project-specific threat model so it can prioritize issues more accurately. In the company’s write-up, the system scanned more than 1.2 million commits across external repositories in the previous 30 days and surfaced 792 critical and 10,561 high-severity findings, while also improving precision relative to earlier internal baselines.

• OpenAI says one large codebase saw an 84% reduction in security alert noise.
• The company reports a roughly 90% reduction in over-reported severity and more than 50% lower false-positive rates between August 2025 and February 2026.
• Codex Security is available in research preview for ChatGPT Pro, Enterprise, Business, and Edu users through the Codex web product, with no additional cost for the first month.

The strategic point is clear: AI coding tools are moving from code generation into verification and remediation. That changes the value proposition for security teams. Instead of reviewing an endless stream of raw suggestions, they can use an agent that reasons about dependency context, exploitability, and fix validation inside the same workflow where code is written and shipped.

If OpenAI can sustain the precision numbers outside a controlled preview, Codex Security could become an important bridge between developer productivity and application security operations. The original X post is here, and the preview announcement is on OpenAI.