Cisco uses Codex to test a faster tempo for enterprise AI security
AI Defense as a security layer for enterprise AI systems.📷 AI-generated image / TECH&SPACE
- ★Cisco uses Codex for most of the AI Defense codebase and nearly every new feature the team is building.
- ★AI Defense is positioned as end-to-end protection against safety and security risks introduced by AI.
- ★The important signal is not just productivity, but a shift in the delivery tempo of enterprise security software.
Cisco and OpenAI are not presenting a vague story about “AI coding” here. In the OpenAI video, the case is more concrete: Cisco is using Codex to develop AI Defense, a security layer designed for risks that AI applications, models and agents introduce into organizations. According to the published context, Codex was used to write the majority of AI Defense and nearly every new feature Cisco is currently building.
That matters more than the familiar “developer productivity” slogan. Enterprise security software does not live in a lab; it moves through slow cycles of assessment, integration, validation and delivery. When DJ Sampath says features that would previously have taken several quarters dropped to weeks, the point is not only that code is being written faster. The point is that the pace at which a security team can respond to a new class of risk is changing.
OpenAI says Cisco used Codex to write most of AI Defense and nearly every new feature, compressing development from quarters to weeks.
Codex changes the pace of security feature development.📷 AI-generated image / TECH&SPACE
AI Defense is interesting because it sits at the intersection of two problems. The first is defense against AI risk: organizations are deploying generative tools, internal agents and automated workflows, while opening questions around data leakage, unsafe outputs, prompt manipulation and weak control over model behavior. The second is the way that defense is built. If a security product is developed with an AI coding system, the same technological wave becomes both a source of risk and a tool for containment.
Codex is not being framed here as a simple autocomplete assistant. OpenAI positions it as part of a broader move toward AI-native enterprise software development, where teams use models to generate, modify and accelerate the delivery of larger parts of a product. The useful distinction is between marketing and measurable impact: from the supplied context, we do not know AI Defense’s architecture, test coverage, developer count, quality metrics or review process. We do know the claims about most of the codebase, nearly all new features and delivery cycles moving from quarters to weeks.
That makes this case a signal, not a final proof. Cisco has a clear reason to accelerate AI security because the market is moving faster than traditional release cycles. OpenAI has an equally clear reason to show that Codex is not just a tool for individual programmers, but infrastructure for building real enterprise products. If this pattern holds across more teams, the industry question will not be whether developers use AI. It will be how deeply AI enters the software production line itself.
For security software buyers, the colder test remains unchanged: faster features only matter if they are stable, reviewable and well integrated. In AI security, speed without control can become a new attack surface. But if Cisco can combine shorter development cycles with enterprise discipline, AI Defense becomes more than a product. It becomes a working example of how security tools for the AI era may themselves be built with AI.
