📄 中文摘要
OpenAI发布了Codex安全,这是一个AI应用安全代理的研究预览,能够检测、验证和修补项目上下文中的漏洞。与传统的静态扫描器不同,Codex安全能够追踪调用路径、依赖图和测试,从而减少噪音并提出合理的修复建议。然而,合理的建议并不等于正确,人工审查和可重复的测试依然至关重要。建议在初始阶段以只读模式运行两周,让代理生成工单而不是合并请求,工单模板应包含必要的单元测试、变更日志、风险评级和指定负责人。持续集成的门控措施应确保没有合并请求被接受。
Codex安全:现已进入研究预览阶段
出处: Codex Security: now in research preview
发布: 2026年3月8日
📄 English Summary
Codex Security: now in research preview
OpenAI has launched Codex Security, a research preview for an AI application security agent that detects, validates, and patches vulnerabilities within project context. Unlike traditional static scanners that flag individual lines, Codex Security follows call paths, dependency graphs, and tests, which reduces noise and surfaces plausible fixes. However, plausible does not equal correct, and human review along with reproducible tests remain essential. The recommended adoption strategy involves running the agent in read-only mode for two weeks, allowing it to open tickets instead of pull requests. The ticket template should include required unit tests, changelog entries, risk ratings, and named owners. CI gates should ensure that no pull requests are accepted without proper validation.