OpenAI's Coding Tool Now Hides How Its AI Agents Talk to Each Other
Since early June, OpenAI's Codex encrypts the instructions a main AI agent passes to its helper agents, so developers can no longer see how work gets divided up. For the bigger GPT-5.6 models it is mandatory. Why transparency advocates are uneasy.
A quiet change in OpenAI’s coding tool Codex is raising eyebrows among developers. Since early June, when Codex works on a task, the instructions its main AI “agent” hands off to its helper agents are now encrypted. In plain terms: a big task gets split into smaller jobs and passed to sub-assistants, and you can no longer read the notes being passed between them. For the larger GPT-5.6 models, Sol and Terra, this hiding is not optional. It is switched on by default and cannot be turned off.
A quick translation of the jargon. An “agent” here is just an AI assistant that can work through a task in steps rather than answering in one shot, and modern agents often spin up “subagents” to handle pieces of the job in parallel. Until now, a developer could watch that internal hand-off, useful for understanding what the tool was doing, debugging when it went wrong, and checking it was not doing something unexpected. Encrypting those messages closes that window.
What’s behind it: OpenAI has not laid out a detailed public reason, so take intentions as unconfirmed, but the likely motives are not mysterious. Those internal instructions can reveal how the model reasons and plans, which is exactly the kind of secret sauce a company wants to keep from competitors who might copy it. There may also be a safety angle, making it harder for outsiders to reverse-engineer and manipulate the system. The trade-off is transparency. Developers who build on top of Codex are being asked to trust a process they can no longer fully see, and for people who care about being able to audit what AI tools actually do, mandatory encryption on the bigger models is a step in the wrong direction.
What this means for you: If you do not write code, this one is background noise, but it points at a trend worth watching: as AI tools get more capable, the companies behind them are also making them more of a sealed box. If you are a developer, the practical impact is real. Debugging gets harder when you cannot see how a task was delegated, and you are leaning more on OpenAI’s word that everything inside is behaving. It is a fair moment to ask how much visibility you need from the tools you build on, and whether more open alternatives fit better when auditability matters to you.
Sources
OpenAI Built an AI Whose Only Job Is to Attack Its Other AIs
OpenAI trained an internal model called GPT-Red to hunt for security holes in its own systems, and it finds them far more often than human experts. What 'prompt injection' means, and why this matters as AI starts acting on your behalf.