OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues
Summary
OpenAI launched Codex Security, an AI-powered security agent that scans code repositories to find and fix vulnerabilities. During its beta testing, it scanned over 1.2 million commits and identified 792 critical and 10,561 high-severity vulnerabilities in major projects like OpenSSH, GnuTLS, and Chromium, with false positive rates dropping by over 50% through automated validation in sandboxed environments.
Solution / Mitigation
OpenAI describes Codex Security's three-step approach: first, it analyzes a repository and generates an editable threat model; second, it identifies vulnerabilities and pressure-tests flagged issues in a sandboxed environment to validate them (and can validate directly in a project-tailored environment to reduce false positives further); third, it proposes fixes aligned with system behavior to reduce regressions. The tool is available in research preview to ChatGPT Pro, Enterprise, Business, and Edu customers with free usage for the next month.
Classification
Affected Vendors
Related Issues
Original source: https://thehackernews.com/2026/03/openai-codex-security-scanned-12.html
First tracked: March 7, 2026 at 03:00 PM
Classified by LLM (prompt v3) · confidence: 92%