The Scanner

OpenAI launched an autonomous agent that scans code for vulnerabilities. Anthropic launched one two weeks earlier. Both find what went wrong in the code. Neither asks who told the agent to write it. On March sixth, OpenAI launched Codex Security — an autonomous AI agent powered by GPT-5 that scans code repositories commit by commit, builds project-specific threat models, validates findings in isolated sandboxes, and proposes fixes. In thirty days of beta testing, it scanned one point two million commits. It found seven hundred and ninety-two critical issues and ten thousand five hundred and sixty-one high-severity vulnerabilities. It discovered fourteen CVEs in major open-source projects including OpenSSH, Chromium, GnuTLS, libssh, and PHP. False positive rates dropped more than fifty percent during the preview. Two weeks earlier, Anthropic launched Claude Code Security. Built on Claude Opus 4.6, it found more than five hundred vulnerabilities in production open-source software that ha