frontpage.

If you directly ask Codex to read ~/.ssh/id_rsa, it will usually decline due to "safety concerns". However, the sandbox which the agent is running in doesn't restrict reads outside the working directory in any way and you won't even be asked for approval - it's just a prompt (injection) away. The Codex developers close issues related to this problem and simply suggest running Codex "in a docker container or VM" [1].

To quote the Codex security documentation [2]:

> We’ve chosen a powerful default for how Codex works on your computer. In this default approval mode, Codex can read files, make edits, and run commands in the working directory automatically.

> However, Codex will need your approval to work outside the working directory or run commands with network access. [...]

As a new, naive user (which I was), I'd assume based on the text above that Codex wouldn't be able to extract secrets and read my browser history or whatever else on my PC if I started it in VSCode for example. Running Codex in a Docker container or VM is totally valid and quite a few people are probably doing that, like in a CI/CD pipeline, however, that's definitely the minority.

How is this not a bigger deal? In my experience, other agentic tools like Claude Code give the user much more control in regards to safety and what OpenAI is doing here feels highly irresponsible IMHO.

[1] https://github.com/openai/codex/issues/5237#issuecomment-3536026833

[2] https://developers.openai.com/codex/security/

Code Wiki: Accelerating your code understanding

Meta and Google Discuss Deploying TPUs in Meta Datacenters Starting 2027

Who first understood how eyes work?

OpenAI's AI gadget now has a prototype

Computer Science and Game Theory: A Conversation – Timothy Roughgarden [video]

AI or You? Who is the one who can't get it done?

Ask HN: Why do maintainers spend time reviewing my code?

Show HN: Kibun (気分) – a decentralized status.cafe alternative I made

Unexpected 'Zig-Zag' Structures Discovered in Earth's Magnetic Field

The AI Invasion of Knitting and Crochet

Why investors are increasingly fatalistic

Quantum computing production expands with Shenzhen's factory project in China

Stanford Agentic Reviewer

Webfoundry gets GPT 5.1 Codex HTML generation through voice assistant

The price of gold: In Venezuela, mining threatens Indigenous Pemón

Linux compatible reliable C# boost for NATS messaging

Show HN: NBPro – NanoBanana Pro prompt library (100 prompts)

Rare Layoffs at Apple Impact Dozens in Sales Roles

Towards Better Word

Nvidia's rebuttal to Michael Burry's criticism

MetaOCaml: Ten Years Later System Description

Seekdb: The AI-Native Search Database

The lesson I learnt in the USSR that still fools millions

Show HN: I Built a Small Startup Idea Validation Platform

Four Top Contenders at Apple to Succeed Tim Cook

China's Xi Jinping Raises Future of Taiwan in Call with Donald Trump

CS 61A: Structure and Interpretation of Computer Programs

Ask HN: MSRC silently patched my report (Status: "Complete") but denied bounty?

Google is bringing Fuchsia OS to Android devices in pKVM microfuchsia VM (2024)

Ask HN: How should we self-assemble and launch "Naybor SOS" (Neighbor 911)?

Codex can read sensitive files outside the CWD without approval