OpenAI Releases Codex Security Agent and GPT-5.4 With Expanded Safety Controls
OpenAI announced Codex Security (formerly Aardvark), an application security agent designed to autonomously discover, validate, and remediate vulnerabilities in enterprise and open-source codebases. The product builds a project-specific threat model (mapping trust boundaries and exposure points), then prioritizes issues by likely real-world impact and attempts to confirm findings by running proof-of-concept exploits in sandboxed environments before generating contextual patches intended to minimize regressions. OpenAI reported beta metrics including an 84% reduction in alert noise, a 90% decrease in over-reported severity, and a >50% drop in false positives, and said the system scanned 1.2 million commits from external repositories over a 30-day period; the tool is rolling out as a research preview via the Codex web interface to ChatGPT Pro, Enterprise, Business, and Edu customers.
Separately, OpenAI released the GPT-5.4 model across ChatGPT, Codex, and the API (gpt-5.4 and gpt-5.4-pro), positioning it as a flagship model with improved reasoning, coding, and agent workflows, plus native computer-use capabilities. OpenAI stated it reduced hallucinations and errors (claiming user-flagged factual errors were 33% less likely than GPT-5.2 on a de-identified prompt set) and said it upgraded safety protections while keeping the same high cyber-risk classification used for GPT-5.3-Codex, indicating continued emphasis on security controls as model capabilities expand.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
OpenAI says Codex Security found zero-days and led to 14 CVE assignments
As part of audits of major open-source projects including OpenSSH, GnuTLS, PHP, and Chromium, OpenAI reported that Codex Security discovered zero-day vulnerabilities and contributed to the assignment of 14 CVEs.
OpenAI launches Codex Security research preview
OpenAI announced Codex Security, an application security agent designed to find, validate, and remediate vulnerabilities in enterprise and open-source codebases. The product began rolling out as a research preview via the Codex web interface to ChatGPT Pro, Enterprise, Business, and Edu customers, with a Codex for OSS program for qualifying maintainers.
OpenAI releases GPT-5.4 with native computer use and updated safeguards
OpenAI released GPT-5.4 across ChatGPT, Codex, and the API, positioning it as a flagship model with improved reasoning, coding, tool use, and agent workflows. The company said it added upgraded safeguards, maintained the same high cyber-risk classification as GPT-5.3-Codex, and published related safety research on reasoning concealment.
Codex Security beta scans 1.2 million commits and finds thousands of severe issues
During the 30 days preceding its public announcement, OpenAI said Codex Security scanned more than 1.2 million commits across external repositories and identified 792 critical and 10,561 high-severity findings. OpenAI also said the system helped reduce alert noise and false positives in private beta.
OpenAI unveils Aardvark private beta for AI-driven vulnerability discovery
OpenAI unveiled Aardvark, the private beta precursor to Codex Security, in October 2025 as an effort to detect and help fix software vulnerabilities at scale.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
Claude Code Security vs. OpenAI Codex Security - AI Arms Race - TheCyberThrone
thecyberthrone.in
Open sourceOpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues
thehackernews.com
Open sourceOpenAI Launches Codex Security that Discover, Validate and Patch Vulnerabilities
cybersecuritynews.com
Open sourceOpenAI’s GPT-5.4 doubles down on safety as competition heats up - Help Net Security
helpnetsecurity.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
OpenAI GPT-5.2-Codex Release and AI-Driven Vulnerability Detection
OpenAI has released GPT-5.2-Codex, a new AI model designed to enhance agentic coding and cybersecurity tasks, with notable improvements in vulnerability detection and software engineering workflows. The model demonstrates superior performance on benchmarks such as SWE-Bench Pro and Terminal-Bench 2.0, and excels in professional Capture-the-Flag challenges, supporting advanced tasks like fuzzing, attack surface analysis, and test environment setup. OpenAI has implemented stronger safeguards to mitigate dual-use risks and is offering the model to paid ChatGPT Codex users, with an invite-only pilot for vetted cybersecurity professionals focused on defensive applications. The model's capabilities have already contributed to the discovery of several critical vulnerabilities in React Server Components, including CVE-2025-55182 (RCE), CVE-2025-55183 (source code exposure), and CVE-2025-67779 (DoS), prompting urgent patching recommendations. Industry research highlights both the promise and risks of AI-generated code, with studies showing that machine-written pull requests contain significantly more bugs and security vulnerabilities than those authored solely by humans. Issues such as improper password handling, insecure object references, and cross-site scripting are notably more prevalent in AI-generated code, raising concerns about the security implications of rapid AI-driven development. These findings underscore the importance of robust review processes and the need for continued vigilance as AI tools become more deeply integrated into software engineering and cybersecurity operations.
Jun 29, 2026
Enterprise Platforms for Deploying and Governing AI Agents Expand as OpenAI Launches GPT-5.3-Codex and Frontier
OpenAI announced **GPT-5.3-Codex**, positioning it as more than a code-generation model and expanding its availability across a new macOS desktop app plus CLI, IDE extension, and web interface, with API access described as forthcoming. OpenAI and third-party coverage said the model is intended to support broader software-lifecycle work (e.g., debugging, deployments, monitoring, tests, and documentation) and highlighted benchmark gains over prior Codex versions; reporting also pushed back on claims that “Codex built itself,” characterizing OpenAI’s statement as the model being *instrumental* in its own development rather than fully autonomous. In parallel, OpenAI unveiled **Frontier**, an enterprise framework aimed at building, deploying, and managing AI agents, including promised agent security features and an approach modeled on Palantir-style **forward-deployed engineers** working alongside customer teams. Separately, *MintMCP* launched an enterprise governance platform focused on deploying, monitoring, and securing AI agents and MCP servers, emphasizing audit trails, policy enforcement, observability/guardrails, and centralized access controls to reduce risks from privileged agents (e.g., credential exposure and data exfiltration). Other items in the set were not tied to these launches, including a general CIO column on SMB IT “quick fixes” creating long-term risk and a corporate internal AI learning program announcement from Hancom.
Jun 29, 2026
OpenAI Restricts GPT-5.6 Sol Preview Amid Cybersecurity Misuse Concerns
OpenAI has launched a limited preview of its `GPT-5.6` model family—**Sol**, **Terra**, and **Luna**—with access initially restricted to a small group of trusted partners through the API and Codex. The company described **Sol** as its most advanced cybersecurity-focused model and said the rollout follows consultations with the U.S. government while broader national-security risk assessment frameworks for cyber-capable AI are developed. OpenAI said wider availability across ChatGPT, Codex, and API offerings is planned in the coming weeks. OpenAI said `GPT-5.6 Sol` improves vulnerability discovery, patch development, and exploit-related research, and internal as well as third-party testing indicated it can identify security flaws, generate credible memory-safety leads, and in some cases uncover previously unknown vulnerabilities. At the same time, the company said the model is not yet capable of reliably carrying out autonomous end-to-end attacks against hardened targets, and it has added layered safeguards including refusal training, output screening, real-time classifiers, secondary review models, account-level evaluations, misuse monitoring, and large-scale automated red-teaming to limit abuse of sensitive cyber capabilities.
Jun 30, 2026