Codex Security: now in research preview

Codex Security shipped with receipts: 15 named CVEs, published noise-reduction curves showing 84% improvement, and false positive rates cut by over 50%, giving enterprise buyers metrics to evaluate rather than claims to trust. The structurally interesting detail is the threat model architecture, which builds an editable intermediate artifact before scanning, making the agent's reasoning inspectable before execution. That pattern generalizes well beyond security, but it sits in direct tension with the cognitive load data surfacing elsewhere this week: if inspecting the agent's intermediate state is what makes it trustworthy, the oversight burden migrates rather than shrinks. Broad tier access from Pro through Edu maximizes adoption velocity while quietly undermining any dual-use containment argument either lab has made. The CISO budget is the Trojan horse for the engineering budget, and both labs are through the door.