OpenAI Codex Security Rejects SAST: The Real Reason Behind a Bold Design Choice OpenAI published a formal explanation on March 16, 2026, for why Codex Security excludes Static Application Security Testing (SAST) reports as a starting point for its agent.

OpenAI built Codex Security without SAST reports. Independent research shows 87% of AI-written pull requests contained vulnerabilities. Here's the architecture decision that changes how we find them. Read now on AdwaitX. 🔗 #AdwaitX #CodexSecurity #AppSec

OpenAIのCodex Security、SASTレポートを使わない理由とは？💡 AIが脆弱性を「推論」する新時代！ OpenAIのCodex Securityが、従来のSAST（静的アプリケーションセキュリティテスト）レポートに依存せず、AI駆動の制約推論と検証を用いて脆弱性を検出している理由を解説しています。これにより、誤検知を減らし、より現実的な脆弱性を効率的に発見できるとのこと。AIによるセキュリティテストの新しいアプローチに注目です。

知ってた？ OpenAIのCodex Securityは、従来のSASTレポートに頼らずAIで脆弱性を「推論」してるんだって！💡 誤検知が少なくて、本当にヤバい脆弱性だけを効率的に見つけるらしい。まさにAIがセキュリティを変革する時代が来たね！⚡
#CodexSecurity #OpenAI #SAST #AIセキュリティ

📚 AI時代のサイバーセキュリティ www.amazon.co.jp/s

Codex Security by OpenAI: The AI Agent That Finds Bugs Before Hackers Do Codex Security is OpenAI's new AI-powered security agent that scans your codebase, validates real vulnerabilities and many more.

Legacy scanners: noisy.
Codex Security: an AI agent that models your app, confirms real vulns & suggests targeted fixes.
I dug the beta numbers, CVEs found in major OSS & what this means for app security teams.

Full review: techglimmer.io/codex-securi...
#CodexSecurity #OpenAI #AppSec #AIsecurity

OpenAI unveils Codex Security, an AI-driven agent that autonomously detects, validates, and patches complex code vulnerabilities. Enhancing security for enterprise and open-source projects. #OpenAI #CodexSecurity #CyberSecurity Link: thedailytechfeed.com/openai-launc...

OpenAI's Codex Security scans 1.2M commits, uncovering 10,561 high-severity vulnerabilities. A game-changer for software security! #OpenAI #CodexSecurity #CyberSecurity #AI #SoftwareDevelopment Link: thedailytechfeed.com/openais-code...

OpenAI’s Codex Security Flags Over 10,000 High-Risk Vulnerabilities in Code Scan   Artificial intelligence is increasingly being used to help developers identify security weaknesses in software, and a new tool from OpenAI reflects that shift. The company has introduced Codex Security, an automated security assistant designed to examine software projects, detect vulnerabilities, confirm whether they can actually be exploited, and recommend ways to fix them. The feature is currently being released as a research preview and can be accessed through the Codex interface by users subscribed to ChatGPT Pro, Enterprise, Business, and Edu plans. OpenAI said customers will be able to use the capability without cost during its first month of availability. According to the company, the system studies how a codebase functions as a whole before attempting to locate security flaws. By building a detailed understanding of how the software operates, the tool aims to detect complicated vulnerabilities that may escape conventional automated scanners while filtering out minor or irrelevant issues that can overwhelm security teams. The technology is an advancement of Aardvark, an internal project that entered private testing in October 2025 to help development and security teams locate and resolve weaknesses across large collections of source code. During the last month of beta testing, Codex Security examined more than 1.2 million individual code commits across publicly accessible repositories. The analysis produced 792 critical vulnerabilities and 10,561 issues classified as high severity. Several well-known open-source projects were affected, including OpenSSH, GnuTLS, GOGS, Thorium, libssh, PHP, and Chromium. Some of the identified weaknesses were assigned official vulnerability identifiers. These included CVE-2026-24881 and CVE-2026-24882 linked to GnuPG, CVE-2025-32988 and CVE-2025-32989 affecting GnuTLS, and CVE-2025-64175 along with CVE-2026-25242 associated with GOGS. In the Thorium browser project, researchers also reported seven separate issues ranging from CVE-2025-35430 through CVE-2025-35436. OpenAI explained that the system relies on advanced reasoning capabilities from its latest AI models together with automated verification techniques. This combination is intended to reduce the number of incorrect alerts while producing remediation guidance that developers can apply directly. Repeated scans of the same repositories during testing also showed measurable improvements in accuracy. The company reported that the number of false alarms declined by more than 50 percent while the precision of vulnerability detection increased. The platform operates through a multi-step process. It begins by examining a repository in order to understand the structure of the application and map areas where security risks are most likely to appear. From this analysis, the system produces an editable threat model describing the software’s behavior and potential attack surfaces. Using that model as a reference point, the tool searches for weaknesses and evaluates how serious they could be in real-world scenarios. Suspected vulnerabilities are then executed in a sandbox environment to determine whether they can actually be exploited. When configured with a project-specific runtime environment, the system can test potential vulnerabilities directly against a functioning version of the software. In some cases it can also generate proof-of-concept exploits, allowing security teams to confirm the problem before deploying a fix. Once validation is complete, the tool suggests code changes designed to address the weakness while preserving the original behavior of the application. This approach is intended to reduce the risk that security patches introduce new software defects. The launch of Codex Security follows the introduction of Claude Code Security by Anthropic, another system that analyzes software repositories to uncover vulnerabilities and propose remediation steps. The emergence of these tools reflects a broader trend within cybersecurity: using artificial intelligence to review vast amounts of software code, detect vulnerabilities earlier in the development cycle, and assist developers in securing critical digital infrastructure.

OpenAI’s Codex Security Flags Over 10,000 High-Risk Vulnerabilities in Code Scan #ArtificialIntelligence #ChatGPT #CodexSecurity

OpenAI presenta Codex Security, un nuevo agente de seguridad para aplicaciones impulsado por IA OpenAI lanza Codex Security, un agente IA que reduce falsos positivos y parchea vulnerabilidades complejas en el desarrollo de software.

OpenAI presenta Codex Security, un nuevo agente de seguridad para aplicaciones impulsado por IA:

#CodexSecurity #Codex #OpenAI #AI #IA

OpenAI Codex Security: The AI Agent That Catches Vulnerabilities Other Tools Miss OpenAI released Codex Security on March 6, 2026, and it targets one of the most persistent pain points in software development: security tools that generate more noise than signal. This agent combines agentic

OpenAI's Codex Security cuts false positives 50%+ and already found 14 CVEs in OpenSSH, GnuTLS, PHP and more. Now in research preview for Enterprise users. #AdwaitX #CodexSecurity #AIDevSec

Anyone had any experience with OpenAIs Aardvark?

Thoughts?

#CyberSecurity #OpenAI #AISecurity #CodexSecurity #Security #ChatGPT #AI #Aardvark