OpenAI: how to run Codex safely in production — sandbox, approvals and agent telemetry
OpenAI published guidelines for securely running the Codex coding agent in enterprise environments. The document describes four security layers: execution sandboxing, an approvals system, network policies and agent-native telemetry, aimed at teams evaluating compliance and controlled AI agent integration into development pipelines.
This article was generated using artificial intelligence from primary sources.
OpenAI published the document Running Codex safely at OpenAI on May 8, a guide for enterprise users describing how to run the Codex coding agent safely in a production environment. The material is part of OpenAI’s broader series of publications on coding agent security, following earlier texts on the Codex Security agent (March 2026).
What four security layers does OpenAI propose?
The guide describes four complementary mechanisms. Sandboxing isolates code execution in a controlled environment where the agent cannot directly affect production systems. Approvals are a human oversight system made mandatory for high-risk actions — network access, modification of sensitive files, deployment. Network policies define which external domains and internal services the agent is permitted to reach. Agent-native telemetry records tool calls, decisions and context, enabling behavioral auditing rather than mere request/response logging.
What does this mean for enterprise compliance?
The approach reflects a trend of shifting AI security from the model level to the agent execution level. Traditional application security assumes deterministic code; AI agents introduce indeterminacy that compliance teams must address through granular execution policies and audit trails. OpenAI signals that “the model is safe” is no longer sufficient — environmental controls must ensure that even unsafe or unpredictable output stays within acceptable boundaries.
How does this fit into the OpenAI Codex narrative?
The guide follows two earlier texts: Codex Security: Now in Research Preview (March 6) on the AI agent for finding vulnerabilities and Why Codex Security Doesn’t Include a SAST Report (March 16) on a constraint-based approach to bug detection. The new document completes the picture — having addressed the agent’s own security capabilities, attention now shifts to safely operating the agent in production. The full article content was not available through public channels at time of writing; this summary is based on the official RSS description.
Frequently Asked Questions
- What is agent-native telemetry?
- Telemetry designed specifically for AI agents — it records tool calls, decisions made, context and execution results, instead of classic request/response logs. It enables auditing of agent behavior and anomaly detection.
- Why are approvals important for AI coding agents?
- The approvals system makes human oversight mandatory for high-risk actions (e.g. network access, file deletion, deployment). It prevents the agent from independently executing something the team has not approved and leaves an audit trail.
- Who is this OpenAI guide aimed at?
- Enterprise teams that already use or are evaluating Codex in production and need to satisfy compliance, security and internal review requirements. The guide also serves as a reference for internal security policies.
Related news
arXiv:2605.04572: SQSD reveals that even benign fine-tuning undermines model safety
OpenAI: GPT-5.5 and GPT-5.5-Cyber expand the Trusted Access for Cyber program
arXiv:2605.04019: automated red teaming agent achieves 85% success rate against Meta Llama Scout with 45+ attacks and 450+ transformations