Hi Divesh, I have also looked into these tools. The initial details look useful and they seem helpful for improving code security. Found this article; https://www.opensourceforu.com/2026/03/anthropic-and-openai-challenge-traditional-sast-with-ai-open-source-bug-discovery/?utm_source=chatgpt.com .
Kind Regards, Chandan Khandelwal On Wed, Mar 11, 2026 at 12:20 PM Divesh Dutta < [email protected]> wrote: > Hi everyone, > > Recently both OpenAI and Anthropic announced new AI-based security agents > designed to detect and help fix vulnerabilities in software projects. > > Two announcements that caught my attention: > > • *Codex Security (OpenAI)* – currently in research preview > OpenAI Codex > https://openai.com/index/codex-security-now-in-research-preview/ > > • *Claude Code Security (Anthropic)* > Claude (AI assistant) > https://www.anthropic.com/news/claude-code-security > > Both tools aim to automatically: > > - > > Scan repositories for security vulnerabilities > - > > Identify insecure patterns or dependency risks > - > > Suggest fixes or patches > - > > Help developers remediate issues directly in code > > An interesting aspect is that both organizations are offering free access > for open-source projects, which could make them particularly useful for > projects like Apache OFBiz. > > Given OFBiz’s size and long history, tools like these could potentially > help us: > > - > > detect vulnerabilities earlier > - > > automate parts of security review > - > > assist contributors in fixing issues faster > - > > strengthen overall project security posture > > I’m curious whether anyone in the community has already experimented with > either of these tools. > > If there is interest, we could explore: > > 1. > > Applying for *open-source access* for the OFBiz project > 2. > > Running scans against the repository > 3. > > Evaluating the results and usefulness of the findings > 4. > > Potentially integrating these tools into the development workflow (for > example during code reviews or CI pipelines) > > I would love to hear thoughts from the community: > > - > > Has anyone tried these tools already? > - > > Do these look useful for Apache OFBiz? > - > > Would it make sense to run an experiment with one or both? > > Looking forward to hearing your opinions. > > Thanks > > -- > > Divesh Dutta > > www.hotwaxsystems.com >
