OpenAI rolls out a hardened version of Codex that lets developers run code‑generation agents inside tightly scoped sandboxes. The move follows growing use of autonomous coding assistants that can review repos, execute commands, and touch third‑party tools. By embedding controls into the agent’s core, the company aims to keep work productive while preventing unwanted network or file access and securely.

Codex operates under a sandbox that limits file writes, blocks unknown domains, and enforces a network policy that only permits predefined destinations. An approval policy triggers when the agent steps outside the sandbox, allowing users to grant or deny actions on a per‑session basis. The Auto‑review mode streams low‑risk requests through a subagent that pre‑approves commands, keeping developers in flow.

To close the loop, Codex emits OpenTelemetry logs that capture prompts, tool decisions, and network outcomes. These logs feed into OpenAI’s Compliance Platform and third‑party SIEMs, giving security teams a clear audit trail. Coupled with an AI‑driven triage agent, the system distinguishes benign automation from suspicious activity, enabling enterprises for every developer team daily to scale Codex without compromising oversight.