By rssfeeds-admin 
Formerly known as Aardvark, the tool is now available in a research preview. It aims to eliminate the bottleneck of manual security reviews by combining frontier AI models with automated validation, allowing teams to ship secure code faster while significantly minimizing triage noise.
class="wp-block-heading" id="context-driven-threat-detection">Context-Driven Threat Detection
Traditional AI security tools frequently overwhelm security teams with low-impact alerts and false positives.
Codex Security addresses this challenge by analyzing a code repository to understand its specific structure and generating an editable threat model.
This custom model defines what the system does, what it trusts, and where it is most exposed to potential attacks.
Using this deep context, the agent searches for vulnerabilities and ranks them based on expected real-world impact.
To ensure high-confidence reporting, Codex Security pressure-tests its findings in sandboxed validation environments, which can even generate working proof-of-concept exploits.
Finally, the tool proposes automated patches tailored to the system’s intended behavior, fixing vulnerabilities while minimizing the risk of software regressions.
During its beta phase, Codex Security demonstrated massive improvements in precision. Scans showed an 84 percent reduction in overall noise, a 90 percent drop in over-reported severity findings, and a 50 percent decrease in false-positive rates.
The system also features adaptive learning, refining its threat model whenever security teams adjust a finding’s criticality.
Over a recent 30-day period, the tool scanned more than 1.2 million commits across external repositories.
It successfully identified 792 critical and 10,561 high-severity findings while keeping noise to an absolute minimum.
Critical issues appeared in under 0.1 percent of scanned commits, proving the system can efficiently handle large code volumes.
Early access participants, such as NETGEAR, reported that the agent integrated seamlessly into their development environments.
According to Chandan Nandakumaraiah, Head of Product Security at NETGEAR, the tool’s comprehensive findings felt like having an experienced product security researcher working alongside their team.
Core System Capabilities
The system provides several core capabilities to streamline security workflows:
- Threat Modeling: It analyzes repository structure to build custom threat profiles that align security checks with actual system exposure.
- Issue Validation: It tests vulnerabilities in sandboxed environments to reduce false positives and generate proof-of-concepts.
- Automated Patching: It proposes fixes based on full system context to prevent regressions and accelerate remediation.
- Adaptive Learning: It uses team feedback on criticality to continually reduce triage burden and improve precision.
Open-Source Supply Chain Security
OpenAI is utilizing Codex Security to reinforce the open-source software supply chain. Recognizing that open-source maintainers struggle with a high volume of low-quality bug reports, OpenAI built the system to prioritize actionable, high-confidence vulnerabilities.
Through this initiative, Codex Security has discovered critical flaws in several widely used open-source projects.
Key open-source vulnerability discoveries include:
- A critical security flaw identified in the portable version of OpenSSH.
- A high-severity vulnerability in GnuTLS requiring immediate remediation.
- A repository exposure issue tracked within GOGS.
- A tracked vulnerability in Thorium under CVE-2025-35430.
To date, 14 CVEs have been assigned to vulnerabilities uncovered by the agent across projects like PHP, libssh, and Chromium.
To further support the developer community, OpenAI launched “Codex for OSS,” offering free ChatGPT Pro accounts, code review tools, and Codex Security access to open-source maintainers.
Starting today, Codex Security is available in research preview via the Codex web interface, featuring free usage for the first month.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post OpenAI Rolls Out Codex Security in Research Preview for Context‑Aware Vulnerability Detection appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.