“OpenAI GPT-5.2-Codex Enhances Agentic Programming and Security Flaw Identification”

OpenAI has introduced GPT-5.2-Codex, a state-of-the-art model tailored for agentic coding and augmented cybersecurity endeavors. The launch underscores advancements in managing intricate software engineering and vulnerability identification.

GPT-5.2-Codex leads the SWE-Bench Pro with 56.4% accuracy, exceeding GPT-5.2 at 55.6% and GPT-5.1 at 50.8%. It achieves a score of 64.0% on Terminal-Bench 2.0, surpassing previous iterations like GPT-5.2’s 62.2%. These improvements arise from enhanced long-context navigation, tool utilization, and native compaction for prolonged coding endeavors.​

The model thrives in professional Capture-the-Flag competitions, exhibiting significant capability improvements compared to former versions. It aids in fuzzing, configurations of test environments, and analyzing attack surfaces, expediting defensive processes. OpenAI emphasizes stronger protections despite dual-use challenges, remaining below “High” cyber capability according to its Preparedness Framework.​

A researcher utilizing GPT-5.1-Codex-Max discovered vulnerabilities in React Server Components while investigating CVE-2025-55182, a serious RCE (CVSS 10.0) resolved on December 3, as noted by OpenAI.

This led to CVE-2025-55183 (source code exposure, CVSS 5.3), CVE-2025-55184, and CVE-2025-67779 (DoS, CVSS 7.5), revealed on December 11. The procedure involved iterative prompting, local configurations, and fuzzing, as illustrated in the provided visuals.​

GPT-5.2-Codex is currently available to subscribed ChatGPT Codex users, with API access forthcoming. An invite-only pilot aims at validated cybersecurity experts for defensive roles such as red-teaming. OpenAI aligns advancements with model safeguards and community collaboration to mitigate abuse.​

This progression equips developers and defenders against escalating threats in codebases and infrastructure. React updates recommend upgrades to releases like 19.0.3+.