Why Codex Security Doesn't Include a SAST Report
OpenAI explains the design rationale behind Codex Security's approach to vulnerability detection, which forgoes traditional Static Application Security Testing (SAST) in favor of AI-driven constraint reasoning and validation. The post argues this approach surfaces real vulnerabilities while reducing false positives compared to conventional static analysis tools. This represents a substantive technical position on how LLM-based code analysis differs from rule-based security scanning.
Related guides (3)
Related events (8)
Codex Security: now in research preview
OpenAI has launched Codex Security in research preview, an AI-powered application security agent. It analyzes project context to detect, validate, and patch complex vulnerabilities with the goal of higher confidence and reduced false-positive noise compared to traditional tools. The product extends OpenAI's Codex brand into the security domain.
Running Codex Safely at OpenAI
OpenAI published a blog post describing the security architecture used to run Codex as a coding agent internally, covering sandboxing, human approval workflows, network policies, and agent-native telemetry. The post is aimed at supporting enterprise adoption of coding agents by demonstrating safe and compliant deployment patterns. It provides operational detail on how OpenAI itself governs agentic code execution in production.
Datadog uses Codex for system-level code review
OpenAI has published a case study describing Datadog's deployment of Codex for system-level code review tasks. The announcement highlights an enterprise adoption pattern where a major observability/monitoring company integrates OpenAI's code-focused model into production engineering workflows. Specific technical details about the integration scope, model version, or performance metrics are not available from the provided content.
Building a safe, effective sandbox to enable Codex on Windows
OpenAI describes the engineering work behind a secure sandbox environment for running Codex coding agents on Windows. The sandbox enforces controlled file access and network restrictions to enable safe, efficient agentic code execution. This is part of OpenAI's broader effort to deploy coding agents in production environments with appropriate isolation guarantees.
Anthropic Launches Claude Code Security: AI-Powered Vulnerability Detection for Defenders
Anthropic has released Claude Code Security in limited research preview for Enterprise and Team customers, a capability built into Claude Code that scans codebases for security vulnerabilities and suggests patches for human review. Unlike rule-based static analysis tools, it uses Claude's reasoning to understand code context, trace data flows, and detect complex vulnerabilities including novel ones. Built on Claude Opus 4.6, the system found over 500 previously undetected vulnerabilities in production open-source codebases during internal research. The release is framed as a defensive measure to put AI-enabled vulnerability discovery in the hands of defenders before attackers can exploit the same capabilities.
Harness Engineering: Leveraging Codex in an Agent-First World
OpenAI published a technical post by Ryan Lopopolo describing how Codex is being used in an agent-first engineering workflow. The piece appears to cover practical patterns for integrating Codex into software development pipelines where AI agents take a more central role. As a Tier 1 source announcement, it likely details real-world engineering practices and lessons from deploying Codex at scale.
Introducing Codex
OpenAI has announced Codex, a new product or capability targeting software development and coding tasks. The announcement comes from OpenAI's official blog, suggesting a significant product or model release. The body content was not provided, but given the Codex name and OpenAI's history, this likely involves an AI-powered coding agent or updated code generation system. Further details on capabilities, pricing, and availability are expected in the full announcement.
Sea Limited's CPO on Deploying OpenAI Codex Across Engineering Teams
Sea Limited's Chief Product Officer David Chen discusses the company's decision to deploy OpenAI Codex across its engineering teams to accelerate AI-native software development in Asia. The piece frames Codex as a tool for agentic software development workflows. This is a customer perspective piece published on OpenAI's blog, highlighting enterprise adoption of Codex in a major Southeast Asian technology conglomerate.