Manexus Logo
Back to BlogWed Jul 15 2026

Codex starts encrypting sub-agent prompts

AIsecurityencryption

OpenAI's Codex introduces encryption for sub-agent prompts, enhancing security in AI interactions.

Codex starts encrypting sub-agent prompts

OpenAI's Codex has started encrypting prompts sent to sub-agents, marking a significant shift in how AI coding assistants handle internal communications. According to [their announcement](https://github.com/openai/codex/issues/28058), this change aims to enhance security and privacy as AI systems become more complex and interconnected.

What Sub-Agent Encryption Actually Means

When Codex processes complex coding tasks, it often breaks them down into smaller subtasks handled by specialized sub-agents. These might include agents for code analysis, debugging, or file operations. Previously, these internal communications were visible to users and could be inspected by third-party tools.

Now Codex encrypts these sub-agent prompts before transmission. The main agent still receives plain text from users, but when it delegates work to sub-agents, those instructions travel in encrypted form. Users can no longer see what specific instructions the main agent sends to its helpers.

This differs from homomorphic encryption, which would allow computation directly on encrypted data. Instead, Codex decrypts the prompts server-side before processing, then encrypts any responses back to the main agent.

Why OpenAI Made This Change

The encryption addresses several security concerns that have emerged as AI agents become more autonomous. Recent incidents, including reports of AI agents accidentally performing destructive operations like deleting user directories, highlight the risks of complex agent interactions.

By encrypting sub-agent communications, OpenAI prevents external tools from intercepting or modifying these internal instructions. This protects against potential attacks where malicious actors might try to inject harmful commands into the sub-agent workflow.

The change also gives OpenAI more control over how their AI systems operate. Third-party developers who built tools to monitor and analyze Codex's internal processes now find their applications breaking in certain scenarios.

Impact on Developers and Competition

This encryption creates a clear divide between OpenAI's managed AI services and more transparent alternatives. Developers who prefer full visibility into AI reasoning processes may migrate toward chat completion endpoints, where they maintain complete control over the conversation flow.

The move puts pressure on competitors to implement similar security measures while highlighting the tension between AI transparency and security. Companies building AI coding assistants must now decide whether to prioritize user visibility or system security.

Some developers report that monitoring tools for coding agent sessions have stopped working, forcing them to rely more heavily on OpenAI's official interfaces. This consolidation of control may drive users toward alternative AI platforms that maintain transparency in their agent communications.

The encryption represents OpenAI's bet that security concerns outweigh the benefits of transparency in AI agent operations. As AI systems handle increasingly sensitive tasks, this approach may become the industry standard, fundamentally changing how developers interact with and debug AI-powered coding tools.

Manexus Logo
© 2025 Manexus. All rights reserved.
PrivacyPrivacy