OpenAI has released GPT‑5.2-Codex, the most advanced agentic coding model yet for complex, real-world software engineering. It is designed to handle long-horizon tasks, large code changes, and cybersecurity workflows.
GPT‑5.2-Codex
GPT‑5.2-Codex is a version of GPT‑5.2 further optimized for agentic coding in Codex. Key improvements include long-horizon work via context compaction, stronger performance on large code changes like refactors and migrations, improved reliability in Windows environments, and significantly stronger cybersecurity capabilities.
The company said that as models advance along the intelligence frontier, the improvements also lead to capability gains in specialized domains such as cybersecurity. For example, a security researcher recently used GPT‑5.1-Codex-Max with Codex CLI to identify and responsibly disclose a React vulnerability that could expose source code.
While GPT‑5.2-Codex has stronger cybersecurity capabilities than previous models, it does not yet reach a ‘High’ level under OpenAI’s Preparedness Framework, and its deployment is structured to accommodate future capability growth.
Features
1. Pushing the frontier on real-world software engineering
GPT‑5.2-Codex builds on GPT‑5.2’s strengths in professional knowledge work and GPT‑5.1-Codex-Max’s frontier agentic coding and terminal-using capabilities. It now offers improved long-context understanding, reliable tool calling, enhanced factuality, and native context compaction, making it a dependable partner for long-running coding tasks while remaining token-efficient.
Performance and capabilities include:
- Achieves state-of-the-art performance on SWE-Bench Pro and Terminal-Bench 2.0, which measure agentic coding in realistic terminal environments.
- More effective and reliable in native Windows workflows.
- Can work across large repositories over extended sessions.
- Reliably completes tasks such as refactors, code migrations, and feature builds.
- Continues to iterate without losing track, even when plans change or attempts fail.
Vision and interface capabilities:
- Can interpret screenshots, technical diagrams, charts, and UI surfaces.
- Can convert design mocks into functional prototypes.
- Assists developers in taking prototypes to production.
2. Advancing the cyber frontier
Performance on cybersecurity evaluations shows a sharp capability increase from GPT‑5-Codex to GPT‑5.1-Codex-Max, and now to GPT‑5.2-Codex. OpenAI evaluates models as if they could reach ‘High’ cybersecurity capability in the future and has added safeguards to manage dual-use risks.
3. Real-world cyber capabilities
Modern society depends on software reliability in sectors like banking, healthcare, communications, and essential services. Vulnerabilities may exist long before detection, and identifying, validating, and fixing them relies on engineers and independent security researchers.
On December 11, 2025, the React team disclosed three security vulnerabilities affecting React Server Components. Andrew MacPherson, a principal security engineer at Privy (a Stripe company), used GPT‑5.1-Codex-Max with Codex CLI to study a prior critical React vulnerability, React2Shell (CVE-2025-55182).
MacPherson first attempted zero-shot analyses, then higher-volume iterative prompting. When these failed, he guided Codex through standard defensive security workflows, including setting up a local test environment, reasoning through attack surfaces, and fuzzing malformed inputs. Codex surfaced unexpected behaviors, leading to the discovery of previously unknown vulnerabilities, which were responsibly disclosed to the React team.
These cases show how advanced AI can accelerate defensive security work, while also highlighting the dual-use risk of misuse by bad actors.
4. Empowering cyberdefense through trusted access
Security teams often face restrictions when emulating threat actors, analyzing malware, or stress-testing infrastructure. OpenAI is piloting a trusted access program to reduce friction for qualifying users and organizations, enabling them to use frontier AI capabilities for defensive purposes.
The invite-only pilot is for vetted security professionals with a history of responsible disclosure and organizations with clear cybersecurity use cases. Participants receive access to advanced models to conduct legitimate dual-use work. OpenAI encourages qualified professionals to express interest and provide feedback.
Outlook
GPT‑5.2-Codex advances real-world software engineering and cybersecurity workflows. By gradually rolling out the model with safeguards, access controls, and collaboration with the security community, OpenAI aims to maximize defensive impact while reducing misuse risk. Insights from this release will guide future expansions as software and cyber frontiers evolve.
Availability
GPT‑5.2-Codex is available today across all Codex surfaces for paid ChatGPT users. API access is expected in the coming weeks. The invite-only trusted access pilot for vetted cybersecurity professionals and organizations is running in parallel, balancing accessibility with safety.