Bain at the OpenAI Global Codex Hackathon
Bain at the OpenAI Global Codex Hackathon
A team of engineers shares what it was like to go head-to-head with the world's top developers at OpenAI's global coding hackathon
When OpenAI held its Global Codex Hackathon in San Francisco, Bain sent two teams to compete alongside consulting firms, AI startups, top university teams, and some of the world's leading developers. Both walked out with working products, built in a matter of hours, with one team taking home third place. In this Q&A, one of those teams shares what they built, how they pulled it together, and what the experience says about the technical work happening at Bain.
We really do sit at on the bleeding edge of AI-led development. Everyone on the team was familiar with using and developing agents and setting up multi-agent workflows.
Charles Mendelson
Software Engineering Lead
What type of solution did your team build for the hackathon?
We built Codex-Astartes, a security validation platform that helps teams assess web applications and APIs before problems reach users. It can quickly scan a website URL, or run a deeper review that combines live website checks with codebase analysis.
The system looks for evidence-backed security issues, maps them to common risk categories like the OWASP Top 10, and produces reports that developers can act on directly. A major focus was reducing noise: instead of producing a long list of generic warnings, the tool prioritizes findings that are relevant, reproducible, and tied to the actual application being reviewed. It can scan websites under development as well as websites that are published. As part of our testing, we scanned OpenAI's website, and found a few security vulnerabilities.
The Bain team takes the stage to present their submission at OpenAI HQ in San Francisco.
What was the technical approach, and how did you use Codex/OpenAI’s capabilities to bring it to life?
Our approach was to build a structured, multi-agent security review workflow. Different agents handle different parts of the assessment: profiling the target, mapping the application surface, reviewing code, running safe runtime checks, correlating evidence, and writing the final report.
Codex helped us move quickly from architecture to implementation. We used it to design and iterate on the pipeline, generate and refine code, create test coverage, enforce schema-based outputs, and build CI checks that keep the project reliable. OpenAI's capabilities were especially useful for turning complex security review logic into a more guided workflow: the system can reason across code, live behavior, policy constraints, and evidence, then summarize results in formats developers already use, including Markdown, JSON, SARIF, and pull request comments.
Who did you work with, and how did you tackle the project?
Four members of the Bain team at the OpenAI Global Codex Hackathon.
Eight of us were selected to participate, drawn from Bain offices on the West Coast (San Francisco, Silicon Valley, Seattle, and Los Angeles). We needed to divide into 2 teams, and we used Codex to randomly assign us.
The collaboration was similar to most software projects, just on an accelerated timeline. We divided up work streams between us, pushed branches to git, reviewed them, tested them and merged them, so in many ways, it was business as usual.
How does this experience reflect the depth of technical expertise at Bain?
We really do sit on the bleeding edge of AI-led development, so everyone on the team was familiar with using and developing agents, and setting up multi-agent workflows. We also took a decisive, "Answer First" approach when developing our application, which helped us move quickly and stay focused on delivering a strong solution.
