OpenAI's new security agent detects, fixes vulnerabilities in your code
What's the story
OpenAI has launched Codex Security, an artificial intelligence (AI)-powered application security agent. The innovative tool is designed to detect, validate, and suggest fixes for vulnerabilities in code. The launch comes as part of a broader trend of using AI technology for code security, which is intensifying competition among traditional application security vendors and other AI labs.
Development journey
Codex Security is successor to Aardvark
Codex Security is the successor to Aardvark, a security research agent that OpenAI had started testing with select customers last year. The new platform goes through code repositories, tests suspected vulnerabilities in isolated environments, creates proof-of-concept exploits to confirm their impact, and suggests fixes. OpenAI has already started making Codex Security available as a research preview for Enterprise, Business, and Education customers.
Testing results
Tool in use to find bugs in open-source projects
During its testing phase, Codex Security found nearly 800 critical findings and over 10,500 high-severity issues in external-facing code repositories. The tool has already been used to find bugs in open-source projects such as OpenSSH, GnuTLS, and Chromium. "We wanted to make sure that we're empowering defenders," Ian Brelinsky, a member of OpenAI's Codex Security team, told Axios.
Industry response
Claude Code Security launched last month
As attackers increasingly use AI models for malicious purposes, leading AI labs are coming up with new ways to help defenders strengthen their own security. Last month, Anthropic took a similar step by launching Claude Code Security, which sent shockwaves through traditional cybersecurity vendors' share prices. However, many security executives believe enterprises will continue to rely on a mix of vendors rather than depending solely on one AI platform provider for both building and securing their systems.