Codex Security: now in research preview

Source: OpenAI Date: 2026-03-06 URL: https://openai.com/index/codex-security-now-in-research-preview

Summary

OpenAI announcement from March 2026 opening Codex Security — a specialized capability allowing Codex to analyze codebases for security vulnerabilities — to research preview. The offering positions Codex as a security analysis tool that can identify OWASP-class vulnerabilities, review dependencies for known CVEs, and suggest remediation. Research preview means access is gated; a companion post (“Why Codex Security doesn’t include a SAST report”) clarifies why the tool was scoped to not produce traditional static analysis output formats.

Implications

Coding agents moving into AppSec. Security code review has traditionally been a separate workflow from AI coding assistance — linters, SAST tools (Semgrep, Snyk, Veracode), and dedicated security engineers. Codex Security brings AI-native vulnerability analysis into the same workflow as AI coding assistance. This creates a potential competitive threat to the AppSec tooling vendors.

Research preview gate as a safety decision. The fact that Codex Security isn’t general availability reflects genuine concern about misuse — a security analysis tool that identifies vulnerabilities in arbitrary code is also a reconnaissance tool for attackers. The research preview gate and the companion post explaining the SAST report decision suggest OpenAI is genuinely thinking about dual-use risk here.

Thread: Codex platform expansion. Sits alongside Codex security research preview, the trusted access for cyber post (February 2026), and the safety bug bounty (March 2026) as OpenAI’s security and cybersecurity thread through Q1 2026.

Watch: Whether Codex Security’s general availability, when it comes, includes enterprise-grade false positive/negative rates and audit logging sufficient for compliance use cases, or whether it remains a developer-quality tool.