Introduction
Cybersecurity is a daily challenge for companies, developers, and everyday users. Increasingly, software flaws are only discovered after someone has already exploited them for malicious purposes. OpenAI, the company known for developing ChatGPT, announced on March 6, 2026, the launch of a new artificial intelligence-based tool designed specifically to change this scenario.
What Happened
OpenAI has made available in research preview a tool called Codex Security, an automated agent capable of analyzing the source code of programs in search of vulnerabilities — that is, flaws that could be exploited by malicious actors. The tool is accessible to customers on ChatGPT Pro, Enterprise, Business, and Edu plans.
Prior to the official launch, during a testing phase lasting approximately 30 days, Codex Security analyzed 1.2 million code updates from external repositories. The result was significant: 792 critical vulnerabilities and over 10,500 high-severity issues were identified.
This was neither a cyberattack nor a data breach. On the contrary, Codex Security examined widely used and common software projects, including OpenSSH, GnuTLS, PHP, Chromium, and GOGS. In some cases, it discovered so-called “zero-day” vulnerabilities — flaws still unknown to vendors and therefore not yet patched. In total, 14 of these vulnerabilities received an official identifier, known as a CVE, which is used to catalog and manage them globally. Among the cited examples are CVE-2025-32990, relating to a memory flaw in GnuTLS, and CVE-2025-35430, linked to a file path issue in another software package.
Why It Matters
The software mentioned is used by millions of people and organizations worldwide. A vulnerability in OpenSSH, for example, could expose to risk the servers running websites, enterprise applications, or critical infrastructure. Identifying these flaws before they are exploited by cybercriminals is precisely the goal of so-called “proactive security.” What is striking in this case is the speed and scale: an automated system accomplished in a few weeks what would take years for a team of human analysts.
What Companies and Users Can Do
Software developers should verify whether the projects they use have been affected by any of the discovered vulnerabilities and promptly apply updates released by vendors. End users, while unable to intervene directly on the code, can protect themselves by keeping their devices and installed applications up to date. Companies, in particular, are encouraged to evaluate the integration of automated code analysis tools into their development processes.
Final Takeaways
– An artificial intelligence developed by OpenAI identified over 11,000 security issues in widely used software, before they could be exploited by malicious actors.
– Fourteen vulnerabilities received an official CVE identifier, confirming the concrete significance of the findings.
– No user data was compromised: this is a preventive research and security initiative, not a cybersecurity incident.
Sources:
https://cybersecuritynews.com/openai-launches-codex-security/
https://www.axios.com/2026/03/06/openai-codex-security-ai-cyber
https://openai.com/index/codex-security-now-in-research-preview/
Source: The Hacker News