A new AI agent from OpenAI, Codex Security, analyzes entire codebases to detect and resolve vulnerabilities.
OpenAI has launched Codex Security, an AI agent that analyzes software projects, detects vulnerabilities, and automatically suggests patches to fix them.
AI agent for application security
The tool analyzes an entire codebase and first builds a threat model of the system. Based on this, it can detect and prioritize vulnerabilities according to their actual impact on the application.
Where possible, the agent also attempts to validate vulnerabilities in a sandbox environment, so security teams waste less time on irrelevant alerts.
Less
During beta testing, Codex Security was able to significantly reduce the number of false positives. In some repositories, noise was reduced by 84 percent and the number of errors dropped by more than 50 percent. Furthermore, the tool suggested patches that take into account the structure and intent of the system.
More than a million commits analyzed
In the beta, Codex Security analyzed more than 1.2 million commits in external repositories. This resulted in the discovery of 792 critical vulnerabilities and over 10,000 high-severity issues.
OpenAI reports that critical vulnerabilities occurred in less than 0.1 percent of commits, which the company says demonstrates that the system can identify relevant issues without overwhelming security teams with alerts.
Codex Security is currently available in research preview for ChatGPT Pro, Enterprise, Business, and Edu users via the Codex web interface. The tool will be rolled out further in the coming weeks and is currently free to use for one month.