News · Cisco built the majority of its AI Defense product with Codex writing the code
Cisco built the majority of its AI Defense product with Codex writing the code
OpenAI's case study details how Cisco moved Codex from a developer tool into production engineering workflows across C/C++ codebases, multi-repo builds, and framework migrations.
The claim that 95% of new AI features were written by Codex
The most striking number in OpenAI's case study is that Codex wrote more than 95% of new AI features at Cisco, and the majority of the code in AI Defense, Cisco's product for protecting against AI safety and security risks.
That is a strong claim, and it is worth reading precisely. It is scoped to new AI features, not the whole codebase. AI Defense is a greenfield product built during the period Codex was adopted, which makes a high share plausible in a way it would not be for legacy systems.
Features that would have taken several quarters to get into customers' hands dropped to weeks.Montana Labs
That quote from DJ Sampath, SVP/GM of AI Software and Platform, is the operational version of the 95% figure: the payoff Cisco is describing is compressed calendar time on a new product, not a wholesale replacement of its engineering organization.
Where the automation actually landed
The case study is unusually concrete about the three workflows that produced the reported gains, and each is a repetitive, well-bounded task rather than open-ended design work.
Cross-repo build optimization: Codex analyzed build logs and dependency graphs across more than 15 interconnected repositories, yielding a roughly 20% reduction in build times and the headline 1,500+ engineering hours saved per month.
Defect remediation at scale, branded CodeWatch: using Codex CLI, Cisco ran agentic compile-test-fix loops on large C/C++ codebases, claiming a 10-15x increase in defect resolution throughput, with work that took weeks now completing in hours.
Framework migration: Splunk teams moved multiple UIs from React 18 to 19, with Codex handling the bulk of repetitive changes and compressing weeks into days. All three are migration-and-cleanup categories where correctness is verifiable through existing tests and builds.
The CLI loop and the review artifact
What distinguishes this from code-completion tooling is the reliance on CLI-based, autonomous compile-test-fix loops. Cisco frames the value as agency: the ability to execute a real workflow and iterate against build and test feedback, not just suggest lines.
One detail from the Splunk group is worth noting for teams evaluating this pattern. Cisco uses Codex to generate and follow a plan document so reviewers can understand both the process and the generated code.
The biggest gains came when we stopped thinking about Codex as a tool and started treating it as part of the team.Montana Labs
The plan document is the mechanism that makes autonomous execution reviewable. When an agent produces both a plan and the diff, the human review shifts from reading unexplained code to checking whether the stated approach was sound.
Co-development, not off-the-shelf adoption
The case study is explicit that Cisco did not simply consume Codex. Engineers gave OpenAI continuous feedback from production use, shaping workflow orchestration, security controls, and support for long-running tasks. OpenAI credits this with accelerating Codex's readiness for compliance, long-running task management, and pipeline integration.
Cisco also appears in OpenAI's Daybreak security initiative, with governed access to a model called GPT-5.5-Cyber, and used Codex to ship an open-source tool called Defense Squad from ideation to the community in under a week.
This is a reminder that the most-cited enterprise deployments are often design partnerships. The results reflect a vendor and a customer tuning the product against each other's needs, which is a different starting position than a team adopting a general-release tool.
What a C/C++ defect loop signals for high-assurance codebases
The specific implication here is the target Cisco chose. Agentic loops running on large-scale C/C++ codebases inside a security product with compliance and governance requirements is a harder environment than the web-app scenarios most agent demos use.
If the 10-15x defect throughput claim holds under Cisco's existing review, security, and governance frameworks, it suggests the constraint on this kind of automation is no longer the language or the repository size but the verification harness around it. The tasks that succeeded all had a fast, objective feedback signal: does it build, do the tests pass, does the migration compile.
Teams reading this should note the shift Cisco describes in how it scopes work, from measuring effort to asking how long a Codex run will take. That framing only works where outcomes are checkable. The open question the case study does not answer is how the same loops perform on judgment-heavy work with no clean pass/fail signal.
Find this story relevant to you?
Contact us to find a unique solution
Need an AI engineering partner that can actually build?
We help businesses integrate AI, build AI-powered products, automate high-value workflows, and modernize the software systems behind them.
Related reading
More analysis around product delivery, operational AI, and the systems work that makes deployment hold up in reality.