Artificial Intelligence OpenAI Rolls Out Codex Security Vulnerability Scanner Codex Security, formerly Aardvark⁠, has found hundreds of critical vulnerabilities in tested software in the past month. By Eduard Kovacs | March 10, 2026 (9:23 AM ET) Flipboard Reddit Whatsapp Whatsapp Email OpenAI is rolling out a new AI-powered software vulnerability scanner that the company claims can identify complex issues that other agentic tools may miss. Named Codex Security (formerly Aardvark⁠), the tool is currently in research preview, but it has been tested in private beta since last year, including by major companies such as Netgear. Codex Security is now available to ChatGPT Pro, Enterprise, Business, and Edu customers with free usage for the next month. The AI giant says its new tool is designed to analyze repositories for system context and create a threat model focusing on the system’s role, trusted components, and exposures. Advertisement. Scroll to continue reading. Based on the generated threat model, Codex looks for vulnerabilities and rates them by potential real-world impact. It then also proposes patches for the identified flaws. According to OpenAI, Codex Security has been tested against 1.2 million commits over the past 30 days, identifying nearly 800 critical vulnerabilities and more than 10,000 high-severity issues. Vulnerabilities have been found in widely used open source projects such as Chromium, OpenSSL, PHP, GOGS, and GnuTLS. OpenAI’s announcement comes shortly after Claude unveiled its own AI vulnerability scanner, Claude Code Security, which led to the stocks of major cybersecurity companies tumbling . AI-powered vulnerability scanners are not new. GitHub has offered these capabilities for years, and Google claims to have made significant progress in this area. Related : Hackers Weaponize Claude Code in Mexican Government Cyberattack Related : OpenClaw Vulnerability Allowed Websites to Hijack AI Agents Related : Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs Recent Cisco Catalyst SD-WAN Vulnerability Now Widely Exploited Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks James ‘Aaron’ Bishop Tapped to Serve as New Pentagon CISO Data Security Firm Evervault Raises $25 Million in Series B Funding Google: Half of 2025’s 90 Exploited Zero-Days Aimed at Enterprises Russian Ransomware Operator Pleads Guilty in US Cisco Warns of More Catalyst SD-WAN Flaws Exploited in the Wild LeakBase Cybercrime Forum Shut Down, Suspects Arrested Latest News Kevin Mandia’s Armadin Launches With $190 Million in Funding Hundreds of Salesforce Customers Allegedly Targeted in New Data Theft Campaign Escape Raises $18 Million to Automate Pentesting Recent Ivanti Endpoint Manager Flaw Exploited in Attacks SIM Swaps Expose a Critical Flaw in Identity Security Cylake Raises $45 Million to Secure Organizations Barred From Cloud Cybersecurity M&A Roundup: 42 Deals Announced in February 2026 ClickFix Attack Uses Windows Terminal to Evade Detection Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Virtual Event: Supply Chain Security and Third-Party Risk Summit March 18, 2026 Join the event where top security experts unpack the biggest software supply chain risks. Register People on the Move Ed Jennings has been appointed President and CEO at Darktrace. Ironscales has appointed Steven Malone as CSO and Amit Bluman as SVP of Research & Development. Synack has appointed Angela Heindl-Schober Chief Marketing Officer. More People On The Move Expert Insights SIM Swaps Expose a Critical Flaw in Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Security in the Dark: Recognizing the Signs of Hidden Information Security failures don’t always start with attackers, sometimes they start with missing truth. (Joshua Goldfarb) Living off the AI: The Next Evolution of Attacker Tradecraft Living off the AI isn’t a hypothetical but a natural continuation of the tradecraft we’ve all been defending against, now mapped onto assistants, agents, and MCP. (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email