OpenAI Opens Codex Security Research Preview

On March 6, 2026, OpenAI said on X that Codex Security, its application security agent, is now in research preview. In the product note, OpenAI said the service is rolling out via Codex web to ChatGPT Pro, Enterprise, Business, and Edu customers, with free usage for the next month during the initial rollout window.

OpenAI describes Codex Security as a context-aware security agent that builds a deep understanding of a codebase before it reports issues. The system creates an editable threat model, searches for vulnerabilities with that model as context, validates findings when possible, and proposes patches designed to fit the surrounding behavior of the system. OpenAI says that structure is meant to cut down on low-value alerts and false positives that would otherwise add triage burden to security teams.

The company published several internal beta metrics. OpenAI said scans on the same repositories cut noise by 84% since initial rollout, reduced over-reported severity by more than 90%, and lowered false positives by more than 50% across repositories. Over the last 30 days, OpenAI said the beta cohort scanned more than 1.2 million commits and identified 792 critical findings plus 10,561 high-severity findings.

OpenAI also tied the launch to support for the open-source ecosystem. It said Codex Security has already been used to report vulnerabilities affecting projects such as OpenSSH, GnuTLS, GOGS, libssh, PHP, and Chromium, and that it is expanding a Codex for OSS program for maintainers. The full breakdown of how the product works and where it is rolling out is available in OpenAI's Codex Security announcement.