Why OpenAI says a SAST-first workflow can miss the real bug

OpenAI argued on March 16, 2026 that Codex Security intentionally does not begin from a static application security testing, or SAST, report. The company said many of the vulnerabilities that matter most in real repositories are not simple source-to-sink dataflow problems. Instead, they appear when validation logic, canonicalization order, trust boundaries, or business invariants break under unexpected inputs.

To make that point concrete, OpenAI described an allowlist pattern that checks a URL path before decoding it. The policy can look correct in source form yet fail after URL decoding, turning a narrow validation bug into an open redirect or similar behavior. OpenAI linked that failure mode to the same kind of subtle logic issue seen in CVE-2024-29041 in Express.

How Codex Security approaches the repo instead

Rather than importing an existing findings list and asking a model to triage it, OpenAI says Codex Security starts by reading the repository, identifying the intended security properties, and mapping the architecture that sits behind them. The agent then narrows its attention to small, testable slices of code, writes micro-fuzzers when needed, and validates hypotheses in a sandboxed environment. OpenAI also said the system can use a Python environment with tools such as the z3-solver package to reason about edge cases more precisely.

The company’s argument is not that SAST is useless. OpenAI explicitly said SAST remains valuable for policy enforcement, secure coding standards, and known pattern detection. The claim is narrower: when a security agent is anchored too early to a SAST report, it can inherit wrong assumptions, collapse its search space around the wrong abstraction, and become harder to evaluate fairly against other approaches.

This is an important design signal for agentic security tooling. Vendors increasingly promise autonomous review of large repositories, but the quality of those systems depends on whether they can discover behavioral flaws that only become visible when code is executed, transformed, or observed under adversarial inputs. OpenAI is positioning Codex Security less like a summarizer of preexisting scanner output and more like a hypothesis-driven security investigator.

OpenAI says Codex Security does not start from a SAST report by design.
The system focuses on repository behavior, intended security properties, and small executable tests.
OpenAI still describes SAST as useful for standards and known-pattern enforcement.
The company argues that evaluation is cleaner when the agent is judged on what it independently finds and validates.

Source: OpenAI

#sast

OpenAI says Codex Security should validate behavior, not inherit a SAST findings list