OpenAI

AI lab; foundation-model and agentic-platform provider; CoSAI member.

Notable Output (security-relevant)

  • Codex Security (formerly Aardvark). Agentic security researcher built into Codex as of 2026-03-06; research preview to ChatGPT Enterprise + Business + Edu via Codex web. Four-stage pipeline (whole-repo Analysis → Commit scanning → Sandboxed Validation → Codex-generated Patching). 92% recall on internal golden repos; ten CVE IDs assigned from OSS responsible-disclosure work; pro-bono OSS-scan offering committed. See the announcement page.
  • Outbound coordinated-disclosure policy revised in tandem with the Aardvark launch — explicit shift away from rigid disclosure timelines toward collaborative scalable impact, anticipating AI-driven discovery-rate increase. policies/outbound-coordinated-disclosure-policy.
  • Promptfoo — OpenAI acquired Promptfoo (per the wiki’s existing index entry); CI-gated LLM evaluation + red-teaming framework. Indirectly supports the wiki’s ai-in-sec-defense axis.

Relevance to This Wiki

OpenAI is sourced on the ai-vuln-discovery axis as the commercial-preview vendor companion to Anthropic’s Claude Code Security. Both products (a) reject rule-based SAST framing in convergent language, (b) adopt the human-security-researcher metaphor, and (c) integrate validation as the architectural primary stage rather than as post-hoc filtering. See Adversarial Reflexion for the cross-product discipline; the Aardvark paper page for the OpenAI-specific instance.

Adjacent Gaps

  • Underlying model details for Codex Security beyond “powered by GPT-5” and the eventual Codex integration are not disclosed.
  • No public-benchmark recall comparable across vendors.
  • Coordinated-disclosure policy revision warrants its own framework page if the wiki develops a disclosure-policy taxonomy.