Running Codex safely at OpenAI

2026-05-07 · Source: OpenAI News · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Robotics & Autonomous Systems · Depth: Intermediate, medium

Summary

OpenAI details its secure deployment strategy for Codex, an AI coding agent capable of autonomous repository review and command execution, within its internal workflows. The approach focuses on establishing clear technical boundaries, enabling frictionless low-risk actions, and requiring explicit approval for higher-risk operations. Key controls include sandboxing, network policies, identity management, and rule-based command execution. Codex is configured via cloud-managed requirements, macOS preferences, and local files, ensuring consistent baselines while allowing for team-specific configurations. The system also generates agent-native telemetry, including user prompts, tool approval decisions, and execution results, which are exported via OpenTelemetry and integrated into OpenAI's Compliance Platform for auditing and security triage.

Key takeaway

For CTOs or VPs of Engineering evaluating AI coding agent integration, understanding OpenAI's Codex deployment strategy is crucial. Implement comprehensive sandboxing, strict network access controls, and granular approval workflows to mitigate risks. Prioritize agent-native telemetry integration with your SIEM and security triage systems to gain essential visibility into agent behavior and user intent, balancing developer velocity with enterprise security requirements.

Key insights

Securely deploying AI coding agents requires robust controls, granular visibility, and a balance between productivity and risk management.

Principles

• Bound agent environments for productivity and safety.
• Automate low-risk actions, require review for high-risk.
• Agent-native telemetry enhances security visibility.

Method

Deploy agents within sandboxed environments, enforce network policies, manage identity via secure keyrings, and apply rule-based command execution. Utilize auto-review for routine approvals and export agent-native OpenTelemetry logs for auditing and AI-powered security triage.

In practice

• Configure `approvals_reviewer = "auto_review"` for low-risk actions.
• Use `allowed_web_search_modes = ["cached"]` to control network access.
• Export Codex events via OpenTelemetry for SIEM integration.

Topics

• Codex
• Coding Agents
• Security Controls
• Sandboxing
• Network Policies

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Security Engineer, MLOps Engineer, AI Architect

Related on AIssential

• Building a safe, effective sandbox to enable Codex on Windows — Effective sandboxing for coding agents on Windows requires custom solutions due to OS-level isolation gaps.
• Rakuten fixes issues twice as fast with Codex — Integrating AI coding agents like Codex significantly boosts development speed, enhances safety, and fosters autonomous project execution.
• How OpenAI Built a Secure Windows Sandbox for Codex Agents — OpenAI built a custom Windows sandbox for Codex to balance agent security with developer workflow integration, overcoming limitations of existing OS primitives.
• What's next for coding agents? — AI agents are rapidly evolving with new interfaces, world-building capabilities, and autonomous communication platforms.
• OpenAI updates Agents SDK with sandboxed execution tools — OpenAI's updated Agents SDK enhances safety and capability for enterprise agent development through sandboxing and improved compatibility.
• TAI #202: GPT-5.5 Moves Codex Into Real Work — Frontier AI models are evolving into integrated work systems, emphasizing tools, memory, and permissions over raw model capability.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by OpenAI News.