OpenAI launched Codex Security in March. Real results. Previously unknown vulns in OpenSSH and Chromium. Most coverage stopped there.

It reads your repo. It doesn't send requests to your running app. That's not a gap that better models will eventually close. It's a category difference. Read the full blog here: stackhawk.com/blog/codex-sec…