frontpage.

If you directly ask Codex to read ~/.ssh/id_rsa, it will usually decline due to "safety concerns". However, the sandbox which the agent is running in doesn't restrict reads outside the working directory in any way and you won't even be asked for approval - it's just a prompt (injection) away. The Codex developers close issues related to this problem and simply suggest running Codex "in a docker container or VM" [1].

To quote the Codex security documentation [2]:

> We’ve chosen a powerful default for how Codex works on your computer. In this default approval mode, Codex can read files, make edits, and run commands in the working directory automatically.

> However, Codex will need your approval to work outside the working directory or run commands with network access. [...]

As a new, naive user (which I was), I'd assume based on the text above that Codex wouldn't be able to extract secrets and read my browser history or whatever else on my PC if I started it in VSCode for example. Running Codex in a Docker container or VM is totally valid and quite a few people are probably doing that, like in a CI/CD pipeline, however, that's definitely the minority.

How is this not a bigger deal? In my experience, other agentic tools like Claude Code give the user much more control in regards to safety and what OpenAI is doing here feels highly irresponsible IMHO.

[1] https://github.com/openai/codex/issues/5237#issuecomment-3536026833

[2] https://developers.openai.com/codex/security/

"There must be something like the opposite of suicide "

Ask HN: Why doesn't Netflix add a “Theater Mode” that recreates the worst parts?

Show HN: Engineering Perception with Combinatorial Memetics

Show HN: Steam Daily – A Wordle-like daily puzzle game for Steam fans

The Anthropic Hive Mind

Just Started Using AmpCode

LLM as an Engineer vs. a Founder?

Crosstalk inside cells helps pathogens evade drugs, study finds

Show HN: Design system generator (mood to CSS in <1 second)

Show HN: 26/02/26 – 5 songs in a day

Toroidal Logit Bias – Reduce LLM hallucinations 40% with no fine-tuning

Top AI models fail at >96% of tasks

The Science of the Perfect Second (2023)

Bob Beck (OpenBSD) on why vi should stay vi (2006)

Show HN: a glimpse into the future of eye tracking for multi-agent use

The Optima-l Situation: A deep dive into the classic humanist sans-serif

Barn Owls Know When to Wait

Implementing TCP Echo Server in Rust [video]

LicGen – Offline License Generator (CLI and Web UI)

Service Degradation in West US Region

The Janitor on Mars

Bringing Polars to .NET

Adventures in Guix Packaging

Show HN: We had 20 Claude terminals open, so we built Orcha

Your Best Thinking Is Wasted on the Wrong Decisions

Warcraftcn/UI – UI component library inspired by classic Warcraft III aesthetics

Trump Vodka Becomes Available for Pre-Orders

Velocity of Money

Stop building automations. Start running your business

You can't QA your way to the frontier

Codex can read sensitive files outside the CWD without approval