OpenAI said Codex Security is rolling out in research preview via Codex web. The company positioned it as a context-aware application security agent that reduces noise while surfacing higher-confidence findings and patches.
OpenAI said it will acquire Promptfoo and fold its security and evaluation stack into OpenAI Frontier. The company said Promptfoo will remain open source and current customers will continue to receive support.
OpenAI announced on X that Codex Security has entered research preview. The company positions it as an application security agent that can detect, validate, and patch complex vulnerabilities with more context and less noise.
OpenAI said on X on March 9 that it plans to acquire Promptfoo, an AI security platform, and keep the project open source. The deal strengthens OpenAI Frontier’s agentic testing and evaluation stack.
Agent Safehouse is an open-source macOS hardening layer that uses sandbox-exec to confine local coding agents to explicitly approved paths instead of inheriting a developer account’s full access.
Cisco expanded AI Defense and AI-aware SASE to help enterprises control model risks, shadow AI, and shadow agents. The move reflects how security vendors are shifting from app-centric controls to policies that also cover prompts, agents, and AI usage paths.
Cloudflare says Cloudflare One now links data security controls from endpoints to AI prompts. The update adds browser RDP clipboard controls, richer SaaS operation logging, on-device DLP, and Microsoft 365 Copilot scanning through API CASB.
OpenAI has put Codex Security into research preview, extending its agent stack into repository scanning, bug reproduction, threat analysis, and remediation. The company says the system sharply reduced review noise and false positives in internal evaluations.
OpenAI Developers said on March 6, 2026 that Codex Security is now in research preview. The product connects to GitHub repositories, builds a threat model, validates potential issues in isolation, and proposes patches for human review.
Anthropic published a Mar 6, 2026 policy for vulnerabilities identified with Claude. The framework sets a 90-day default disclosure window, a 7-day target for actively exploited critical bugs, and human review requirements before reports go out.
Anthropic said on March 6, 2026 that Claude Opus 4.6 uncovered 22 Firefox vulnerabilities in two weeks, including 14 high-severity issues, during a collaboration with Mozilla. The accompanying write-up argues that frontier models are becoming materially useful for real vulnerability discovery, not just benchmark performance.
Anthropic said on March 5, 2026 that it had received a supply-chain risk designation letter from the Department of War. The company says the scope is narrow, plans to challenge the action in court, and will continue transition support for national-security users.