What happened: OpenAI rolled out a big Codex desktop update that lets the agent operate across macOS apps by seeing, clicking, and typing, plus new workflow features like PR review, multiple terminals, SSH devboxes, and an in-app browser.

Why it matters: This is the quiet upgrade from ‘coding assistant’ to ‘computer operator’, which means the real product becomes permissions, logging, and blast radius control. The demo is cute, the governance surface is the whole point.

Wider context: Codex is also adding image generation, dozens of plugins (including MCP servers), and long-running automations, pulling more of the software lifecycle into a single agent workspace. It’s IDE gravity, but for your entire desktop.

Background: The update is described as rolling out to Codex desktop users signed in with ChatGPT, with some personalization features and regions (EU/UK) following soon, and initial ‘computer use’ availability focused on macOS.

Codex can now operate between apps. Where are the boundaries? — Help Net Security

Singularity Soup Take: If your agent can click anything, your security model is now ‘a browser extension with delusions of grandeur’, except it also has SSH, plugins, and a calendar. Congrats, you invented a new kind of insider threat that ships as a feature.

Key Takeaways:

• Desktop control: Background computer use lets Codex interact with macOS apps directly via vision and input, which expands what it can automate beyond API-exposed tools, and makes guardrails (permissions, approvals, auditing) the real differentiator.
• Dev workflow depth: The update adds PR review support, multiple terminals, SSH connections to remote devboxes, and richer file previews, aiming to keep more of the build, test, and review loop inside the agent’s workspace.
• Long-running agents: Automations and a preview memory feature are positioned as ways to preserve context across threads and time, so Codex can resume work later and complete tasks faster without constant re-briefing.