comments (10)

  • This title is easy to misinterpret. If I understand correctly: Codex now encrypts sub-agent prompts and hides those prompts from the user.

    edit: originally was "Codex starts encrypting prompts, uses cyphertext for inference instead"

    niam

  • I was wondering why my local tool to inspect coding agent sessions stopped working in some cases.

    This is a really interesting engineering decision, I wonder how many people will want an encrypted external piece of instructions running on their machine.

    jeanlucas

  • I've been sticking with the chat completion endpoint because of this same behavior. OAI has been subtly pushing users away from chat completion and toward the endpoints that are possible to obfuscate (responses API).

    With chat completion, the reasoning process is entirely under your control. You can build a reasoning agent that uses custom MCTS techniques with GPT5.6 models today if you are willing to get your hands just a little bit dirty. You have to enable experimental flags and set options in slightly confusing ways, but it still works.

    You can use models up to gpt5.5 with custom API tokens and model configuration in VS Copilot. gpt5.6 family (currently) no longer work in this setup. Presumably, because we aren't explicitly forcing reasoning_effort to none to satisfy the new moat expansion behavior.

    bob1029

  • I wonder if they are gonna stop us from using gpt subscriptions in alternative harnesses. If not - that doesn't matter much, codex cli is a remarkably unremarkable harness.

    pshirshov

  • HN Title is ( edit: was ) very misleading, it makes it sound like inference is being done directly on ciphertext, which would require homomorphic encryption well advanced of what is known.

    xnorswap

  • There was a recent report on twitter of a GPT 5.6 sub-agent accidentally deleting the user's home directory.

    I wonder if there was any safeguard failure due to loss of visibility into what the sub-agent was trying to do?

    https://x.com/mattshumer_/status/2076794038456385546?s=20

    HarHarVeryFunny

  • Could someone explain to me where exactly the encryption is happening?

    I assumed that the main agent makes calls to sub-agents locally. Does Codex work in such a way where the main agent makes calls to sub-agents in the backend (openai server) before reaching local?

    iknownothow

  • Ah I was wondering why the Chinese black market resellers stopped working yesterday, I guess that's it

    flexagoon

  • I assume this is mostly to frustrate efforts to proxy large numbers of user requests and responses and use it to train competitor models.

    londons_explore

  • It’s just a short hop to not being able to see it at all. I started using pi.dev recently, the idea that a third party is taking more and more direct control of my software development process sits badly with me.

    clickety_clack