Team shipped a Codex Security plugin with 5 AppSec workflows: > Security Scan Scans PRs, commits, branches, patches, folders, or full repos. Runs the full pipeline end-to-end > Threat Model Maps the repo: assets, trust boundaries, attacker inputs, invariants, and failure