Back to blogARTICLE_READY
    Security9 min readJul 18, 2026

    GPT-5.6 Sol + Codex Security: Scan Outside, Fix Inside

    VibeLeak finds public trust-surface signals from the attacker's view. Codex Security reasons inside the repository, validates vulnerabilities, and proposes reviewable patches. The agent-ready Markdown export connects the two.

    VibeLeak workflow showing an outside-in website scan becoming an agent-ready report and a validated code patch.
    PUBLIC SURFACE → AGENT-READY MARKDOWN → REVIEWED PATCH

    The trust loop

    The security model got stronger. Your input signal still matters.

    OpenAI's GPT-5.6 release gives defenders a much stronger reasoning engine. Codex Security gives that engine a repository-aware workflow. The practical question for builders is what evidence you hand it first.

    The short version

    VibeLeak scans what an attacker can see on the live public surface. Codex Security investigates what the code is actually doing, validates the issue, and proposes a patch for human review. Scan outside. Fix inside. Then rescan to close the trust loop.

    If you ship websites or AI-built apps, this announcement matters because security work is moving closer to the code.

    That is especially relevant for vibe coding security. Fast-moving teams can generate an impressive amount of product in a week, but the public deployment can still expose a missing Content Security Policy, a client-visible AI key, a cloud storage URL, or a route that behaves differently in production than it did locally.

    GPT-5.6 Sol

    What OpenAI actually announced

    Two pieces matter here: a frontier model with stronger cyber performance and a security workflow designed to move from discovery to evidence to remediation.

    The Last Ones

    7 / 10

    GPT-5.6 Sol completed the 32-step corporate-network simulation in seven of ten attempts.

    GPT-5.5 baseline

    2 / 10

    The previous model completed the same long-horizon range in two of ten attempts.

    Codex Security

    3 stages

    Identify the vulnerability, validate the finding, then propose a reviewable remediation.

    Cyber benchmark movement

    The Last Ones
    5.5 20% → 5.6 70%
    ExploitBench
    5.5 47.9% → 5.6 73.5%
    SEC-Bench Pro
    5.5 45.8% → 5.6 71.2%

    The headline result is real: in OpenAI's published system-card comparison, GPT-5.6 Sol completed The Last Onesin seven of ten attempts, up from GPT-5.5's two. OpenAI also reports major gains on ExploitBench and SEC-Bench Pro. But the most useful positioning is defensive: OpenAI says GPT-5.6 is better at finding and fixing vulnerabilities than at reliably carrying out autonomous end-to-end attacks against hardened targets.

    Codex Security turns that reasoning into a workflow. It builds repository context and an editable threat model, investigates realistic attack paths, validates high-signal findings in an isolated environment where possible, and proposes a minimal patch. It does not silently rewrite production code. Humans review the evidence and decide what becomes a pull request.

    Outside-in evidence

    The missing piece is often the deployed public surface

    A repository can look clean while the live domain still leaks useful clues. Deployment headers, edge configuration, generated bundles, cloud references, and public files only become fully visible after the app ships.

    AIGuard

    Looks for AI provider keys exposed in delivered HTML and conservatively checks bounded same-origin AI route signals.

    CloudLeak

    Finds public backend and cloud-storage references, including Firebase, Supabase, S3, Google Cloud Storage, and Azure Blob signals.

    Security headers

    Checks CSP, HSTS, frame protection, referrer policy, MIME sniffing protection, and the other controls browsers enforce on the live response.

    VibeSignal

    Measures whether crawlers and AI agents can discover, read, and correctly interpret the public site without inventing missing facts.

    Keep the boundary honest

    VibeLeak is a passive public-surface website security scanner, not a source-code auditor or penetration test. Codex Security is repository-aware, but it does not replace the reality check of scanning the deployed domain. The value is in joining both views.

    Operational workflow

    Run VibeLeak, export the evidence, then let Codex validate it

    VibeLeak's Markdown export is structured for AI coding agents such as Codex, Cursor, and Claude. It carries findings, severity, evidence, remediation guidance, verification steps, and a definition of done.

    01

    Scan the production URL

    Run the live domain through VibeLeak. Review the trust grade, high-impact findings, AIGuard and CloudLeak signals, security headers, and VibeSignal posture.

    02

    Export agent-ready Markdown

    Save the owned scan and download the structured report. This gives the coding agent concrete evidence instead of a vague request to “make the app secure.”

    03

    Open Codex Security

    Attach or paste the report into the Codex Security plugin or workflow for the repository you own. Ask it to validate every finding against code and deployment configuration.

    04

    Review the patch

    Inspect the attack path, validation evidence, proposed changes, and tests. Reject fixes that hide the symptom without correcting the root cause.

    05

    Deploy and rescan

    Ship the reviewed patch, run VibeLeak again, and compare the public result. A fix is not finished until the live surface proves it.

    codex-security / prompt.mdcopy + run
    Review the attached VibeLeak Markdown report for this repository.
    
    For each finding:
    1. Locate the responsible code or deployment configuration.
    2. Validate whether the public evidence is reproducible and security-relevant.
    3. Explain the attack path, assumptions, and false-positive risk.
    4. Propose the smallest root-cause fix.
    5. Add or update regression tests before changing behavior.
    6. Run the relevant tests, lint, typecheck, and security validation.
    
    Do not invent missing infrastructure. Keep unrelated behavior unchanged.
    Return: validated findings, rejected findings, patch summary, verification evidence,
    remaining risk, and the exact VibeLeak rescan checks needed after deployment.

    Fast teams

    Who gets the most value from this trust loop

    The workflow is useful anywhere shipping speed has outrun security review, but it is especially strong for vibe-coded apps and small teams without a dedicated application-security engineer.

    • Solo builders who used AI agents to assemble authentication, payments, storage, or API routes quickly.
    • Agencies that need a repeatable pre-handoff check and a fix brief the delivery team can execute.
    • Startups where infrastructure, frontend, and product decisions are landing in the same pull request.
    • Teams migrating between cloud providers, AI APIs, or frameworks and worried about stale public configuration.
    • Security reviewers who want an external signal to complement repository scanning and threat modeling.

    The common failure mode is not that the team ignored security. It is that responsibility became fragmented. The website scanner saw the header. The developer knew the framework. The agent knew the code. Nobody carried one verified thread from the public symptom to the deployed fix. This workflow does.

    Run it

    Catch the leak before it leaks you

    Start with the surface anyone can inspect, hand the result to a code-aware security agent, and prove the patch on the live domain.

    One clean loop

    vibeleak@trust-surface:~$ scan → export → validate → patch → deploy → rescan. Run the first scan free at vibeleak.app, then try the report with Codex Security in a repository you are authorized to test.

    FAQ

    GPT-5.6 Sol, Codex Security, and VibeLeak

    The scope boundaries worth keeping straight before you put an agent in the loop.

    Does Codex Security replace a website security scanner?

    No. Codex Security reasons from code and repository context. VibeLeak tests the live public surface. A deployment can expose signals that are not obvious from source alone, so use both views.

    Does Codex Security automatically change my code?

    No. OpenAI says it proposes patches for human review. Review the evidence, run your normal tests, and decide what becomes a pull request.

    Can other coding agents use the export?

    Yes. VibeLeak Markdown reports are agent-ready and can be used with Codex, Cursor, Claude, or another capable coding agent. Codex Security adds a purpose-built identify, validate, remediate workflow.

    Sources

    Source context: OpenAI's GPT-5.6 launch post, the GPT-5.6 system card, and the Codex Security documentation. VibeLeak is not affiliated with OpenAI or Codex Security.

    Next action

    Run the scanner against your own site

    The article lands hardest when it turns into a fix list. Scan, close the gaps, and recheck.

    Start scan