"Codex Security is designed to analyze repositories for system context and create a threat model focusing on the system's role, trusted components, and exposures. Based on the generated threat model, Codex looks for vulnerabilities and rates them by potential real-world impact. It then also proposes patches for the identified flaws."
"According to OpenAI, Codex Security has been tested against 1.2 million commits over the past 30 days, identifying nearly 800 critical vulnerabilities and more than 10,000 high-severity issues. Vulnerabilities have been found in widely used open source projects such as Chromium, OpenSSL, PHP, GOGS, and GnuTLS."
"Codex Security is now available to ChatGPT Pro, Enterprise, Business, and Edu customers with free usage for the next month. The tool is currently in research preview, but it has been tested in private beta since last year, including by major companies such as Netgear."
OpenAI introduced Codex Security, an AI-powered vulnerability scanner currently in research preview after private beta testing with companies like Netgear. The tool analyzes code repositories to create threat models identifying system roles, trusted components, and exposures. It then searches for vulnerabilities, rates them by real-world impact, and proposes patches. Testing on 1.2 million commits identified nearly 800 critical vulnerabilities and over 10,000 high-severity issues in projects including Chromium, OpenSSL, PHP, GOGS, and GnuTLS. The tool is available to ChatGPT Pro, Enterprise, Business, and Edu customers with complimentary usage for the first month.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]