News · Cisco built the majority of its AI Defense product with Codex writing the code

Jul, 134 min to read
Automation

Cisco built the majority of its AI Defense product with Codex writing the code

OpenAI's case study details how Cisco moved Codex from a developer tool into production engineering workflows across C/C++ codebases, multi-repo builds, and framework migrations.

The claim that 95% of new AI features were written by Codex

The most striking number in OpenAI's case study is that Codex wrote more than 95% of new AI features at Cisco, and the majority of the code in AI Defense, Cisco's product for protecting against AI safety and security risks.

That is a strong claim, and it is worth reading precisely. It is scoped to new AI features, not the whole codebase. AI Defense is a greenfield product built during the period Codex was adopted, which makes a high share plausible in a way it would not be for legacy systems.

Features that would have taken several quarters to get into customers' hands dropped to weeks.Montana Labs

That quote from DJ Sampath, SVP/GM of AI Software and Platform, is the operational version of the 95% figure: the payoff Cisco is describing is compressed calendar time on a new product, not a wholesale replacement of its engineering organization.

Where the automation actually landed

The case study is unusually concrete about the three workflows that produced the reported gains, and each is a repetitive, well-bounded task rather than open-ended design work.

Cross-repo build optimization: Codex analyzed build logs and dependency graphs across more than 15 interconnected repositories, yielding a roughly 20% reduction in build times and the headline 1,500+ engineering hours saved per month.

Defect remediation at scale, branded CodeWatch: using Codex CLI, Cisco ran agentic compile-test-fix loops on large C/C++ codebases, claiming a 10-15x increase in defect resolution throughput, with work that took weeks now completing in hours.

Framework migration: Splunk teams moved multiple UIs from React 18 to 19, with Codex handling the bulk of repetitive changes and compressing weeks into days. All three are migration-and-cleanup categories where correctness is verifiable through existing tests and builds.

The CLI loop and the review artifact

What distinguishes this from code-completion tooling is the reliance on CLI-based, autonomous compile-test-fix loops. Cisco frames the value as agency: the ability to execute a real workflow and iterate against build and test feedback, not just suggest lines.

One detail from the Splunk group is worth noting for teams evaluating this pattern. Cisco uses Codex to generate and follow a plan document so reviewers can understand both the process and the generated code.

The biggest gains came when we stopped thinking about Codex as a tool and started treating it as part of the team.Montana Labs

The plan document is the mechanism that makes autonomous execution reviewable. When an agent produces both a plan and the diff, the human review shifts from reading unexplained code to checking whether the stated approach was sound.

Co-development, not off-the-shelf adoption

The case study is explicit that Cisco did not simply consume Codex. Engineers gave OpenAI continuous feedback from production use, shaping workflow orchestration, security controls, and support for long-running tasks. OpenAI credits this with accelerating Codex's readiness for compliance, long-running task management, and pipeline integration.

Cisco also appears in OpenAI's Daybreak security initiative, with governed access to a model called GPT-5.5-Cyber, and used Codex to ship an open-source tool called Defense Squad from ideation to the community in under a week.

This is a reminder that the most-cited enterprise deployments are often design partnerships. The results reflect a vendor and a customer tuning the product against each other's needs, which is a different starting position than a team adopting a general-release tool.

What a C/C++ defect loop signals for high-assurance codebases

The specific implication here is the target Cisco chose. Agentic loops running on large-scale C/C++ codebases inside a security product with compliance and governance requirements is a harder environment than the web-app scenarios most agent demos use.

If the 10-15x defect throughput claim holds under Cisco's existing review, security, and governance frameworks, it suggests the constraint on this kind of automation is no longer the language or the repository size but the verification harness around it. The tasks that succeeded all had a fast, objective feedback signal: does it build, do the tests pass, does the migration compile.

Teams reading this should note the shift Cisco describes in how it scopes work, from measuring effort to asking how long a Codex run will take. That framing only works where outcomes are checkable. The open question the case study does not answer is how the same loops perform on judgment-heavy work with no clean pass/fail signal.

Find this story relevant to you?

Contact us to find a unique solution

Contact us

Need an AI engineering partner that can actually build?

We help businesses integrate AI, build AI-powered products, automate high-value workflows, and modernize the software systems behind them.

Get in touch

Related reading

More analysis around product delivery, operational AI, and the systems work that makes deployment hold up in reality.

Jul, 134 min to read
Automation

OpenAI reframes adoption as a 'capability overhang' problem

Jul, 134 min to read
Automation

Commonwealth Bank standardizes on ChatGPT Enterprise as the shared surface for 50,000 employees

Jul, 134 min to read
Automation

Datadog validated Codex against its own past incidents before rolling it out