OpenAI launched Codex Security on March 6, entering the application security market with an AI agent that finds and fixes code vulnerabilities. Anthropic had shipped Claude Code Security 14 days earlier, on February 21. Both products are in free research preview.
The rapid-fire launches signal a new product category: AI agents that don’t just write code, but actively hunt for security flaws in it.
How They Differ from Traditional SAST
Static Application Security Testing (SAST) tools — SonarQube, Checkmarx, Snyk — work by matching code patterns against known vulnerability signatures. They’re fast, well-understood, and produce mountains of false positives. VentureBeat called it “SAST’s structural blind spot exposed.”
The AI security agents take a different approach. Instead of pattern matching, they use LLM reasoning to understand what code is doing — tracing data flows, evaluating logic paths, and identifying vulnerabilities that emerge from the interaction between components rather than from any single line. This catches the class of bugs that traditional SAST tools systematically miss: complex logic errors, multi-step injection chains, and authentication bypasses that only manifest across function boundaries.
500 Zero-Days Before Anyone Patched Them
The most striking data point comes from Anthropic’s testing. According to Axios reporting, Opus 4.6 discovered over 500 zero-day vulnerabilities in open-source libraries during the evaluation period for Claude Code Security. These are vulnerabilities that existed in widely-used libraries with no known exploit and no patch — found by an AI model reasoning about code semantics rather than scanning for known signatures.
Anthropic has not disclosed which libraries were affected or whether the findings have been responsibly disclosed to maintainers. The number itself raises an immediate operational question: if a single AI model can find 500 zero-days in a testing window, what happens when these tools are deployed at scale by both defenders and attackers?
The Open-Source Maintainer Problem
Both OpenAI and Anthropic are framing their tools as defensive — helping developers find and fix vulnerabilities before attackers do. But the same LLM reasoning that identifies zero-days defensively can be applied offensively. The AI Business coverage noted that both tools are available in free preview, meaning any user — including adversaries — can access them.
For open-source maintainers already stretched thin, the prospect of AI-generated vulnerability reports flooding issue trackers is a resource problem before it’s a security problem. If these tools find legitimate zero-days (and 500+ from one testing run suggests they will), disclosure programs at major open-source projects will need to scale dramatically.
Pricing and Availability
Both products are currently free during their research preview phases. Neither company has announced pricing. The strategic logic is straightforward: security scanning becomes a wedge to expand the AI coding agent footprint in enterprise development workflows. If Codex Security and Claude Code Security prove effective, they become mandatory additions to CI/CD pipelines — and the hosting companies capture that infrastructure dependency.
OpenAI and Anthropic are now competing across three overlapping product categories: general model API access, AI coding agents, and AI security agents. The security play may prove the stickiest, since switching security tools mid-pipeline carries risk that switching chat providers does not.