frontpage.

If you directly ask Codex to read ~/.ssh/id_rsa, it will usually decline due to "safety concerns". However, the sandbox which the agent is running in doesn't restrict reads outside the working directory in any way and you won't even be asked for approval - it's just a prompt (injection) away. The Codex developers close issues related to this problem and simply suggest running Codex "in a docker container or VM" [1].

To quote the Codex security documentation [2]:

> We’ve chosen a powerful default for how Codex works on your computer. In this default approval mode, Codex can read files, make edits, and run commands in the working directory automatically.

> However, Codex will need your approval to work outside the working directory or run commands with network access. [...]

As a new, naive user (which I was), I'd assume based on the text above that Codex wouldn't be able to extract secrets and read my browser history or whatever else on my PC if I started it in VSCode for example. Running Codex in a Docker container or VM is totally valid and quite a few people are probably doing that, like in a CI/CD pipeline, however, that's definitely the minority.

How is this not a bigger deal? In my experience, other agentic tools like Claude Code give the user much more control in regards to safety and what OpenAI is doing here feels highly irresponsible IMHO.

[1] https://github.com/openai/codex/issues/5237#issuecomment-3536026833

[2] https://developers.openai.com/codex/security/

Logic Puzzles: Why the Liar Is the Helpful One

Optical Combs Help Radio Telescopes Work Together

Show HN: Myanon – fast, deterministic MySQL dump anonymizer

The Tao of Programming

Forcing Rust: How Big Tech Lobbied the Government into a Language Mandate

PanelBench: We evaluated Cursor's Visual Editor on 89 test cases. 43 fail

Can You Draw Every Flag in PowerPoint? (Part 2) [video]

Show HN: MCP-baepsae – MCP server for iOS Simulator automation

Make Trust Irrelevant: A Gamer's Take on Agentic AI Safety

Show HN: Sem – Semantic diffs and patches for Git

Hello world does not compile

Show HN: ZigZag – A Bubble Tea-Inspired TUI Framework for Zig

Metaphor+Metonymy: "To love that well which thou must leave ere long"(Sonnet73)

Show HN: Django N+1 Queries Checker

Emacs-tramp-RPC: High-performance TRAMP back end using JSON-RPC instead of shell

Protocol Validation with Affine MPST in Rust

Female Asian Elephant Calf Born at the Smithsonian National Zoo

Show HN: Zest – A hands-on simulator for Staff+ system design scenarios

Show HN: DeSync – Decentralized Economic Realm with Blockchain-Based Governance

Automatic Programming Returns

Why Are There Still So Many Jobs? The History and Future of Workplace Automation [pdf]

The Search Engine Map

Show HN: Souls.directory – SOUL.md templates for AI agent personalities

Real-Time ETL for Enterprise-Grade Data Integration

Economics Puzzle Leads to a New Understanding of a Fundamental Law of Physics

Switzerland's Extraordinary Medieval Library

A new comet was just discovered. Will it be visible in broad daylight?

ESR: Comes the news that Anthropic has vibecoded a C compiler

Frisco residents divided over H-1B visas, 'Indian takeover' at council meeting

If CNN Covered Star Wars