From Coding Assistant to Operating Surface
Codex is steadily morphing from a coding helper into a full operating surface for developers and knowledge workers. What began as a cloud-based agent inside ChatGPT now spans a macOS and Windows desktop app, a command-line interface, IDE extensions, and, most recently, a dedicated Codex Chrome extension. OpenAI reports more than four million weekly active users, an eightfold jump since early 2026, signaling that engineers are increasingly comfortable letting AI sit inside core workflows. The strategic direction is clear: Codex is being positioned as a daily driver capable of handling browser-based tasks, local automation, and persistent infrastructure work. In parallel, OpenAI is testing voice mode powered by its GPT-Realtime-2 speech model, combining long-context reasoning with real-time interaction. All of these surfaces—desktop, browser, mobile, and voice—are converging on a single idea: AI agents that can move fluidly across environments and act with minimal human hand-holding.
Codex Chrome Extension: Background Web Automation Without Hijacking Your Browser
The Codex Chrome extension marks a deliberate shift in how AI computer control is delivered in the browser. Unlike traditional Computer Use modes that hijack your screen and cursor, this plugin gives Codex its own isolated tab groups and a separate browser instance. It can test web apps, inspect logs, review dashboards, and gather context from signed-in tools like Salesforce, Gmail, or internal admin consoles, all without disrupting your active browsing. Developers trigger it from the Codex Plugins menu, then govern access via allowlists and blocklists defined in Computer Use settings. Each new site interaction requires explicit approval, and browser history access remains scoped to individual requests—there is no blanket “always allow” switch. This design keeps desktop automation powerful but contained, allowing Codex to run long web development or QA sessions in the background while humans continue working unimpeded in their own windows.
Windows Sandbox: Governing AI Control of the Local Machine
As Codex gains deeper access to developer PCs, OpenAI has tightened its Windows sandbox to keep AI computer control in check. The latest design introduces two local identities—CodexSandboxOffline and CodexSandboxOnline—to separate tasks that can run without network access from those that require connectivity. By default, Codex runs in an offline posture, reading broadly across the system but writing mainly inside the active workspace unless users explicitly grant more freedom. Before this redesign, the agent relied on proxies, restricted tokens, and synthetic security identifiers, but tests showed that child processes and package managers could still open their own network paths. The new model pushes enforcement deeper into Windows itself: DPAPI-managed credentials, firewall checks, and command-runner handoffs all execute before a final child process starts. This layered approach is aimed squarely at enterprises, which want the benefits of desktop automation and autonomous AI agents without ceding uncontrolled access to local files or networks.
Remote Device Control and Locked-Laptop Operation
Beyond the browser and local sandbox, OpenAI is extending Codex into remote device control that looks much more like an autonomous AI operator. A developing feature will let Codex control macOS applications through Computer Use even when a laptop is locked or asleep, removing a major friction point for phone-to-desktop workflows. Instead of walking back to wake and unlock a machine, users could ask Codex from their phone to open a simulator, test a graphical build, or query a local data source. OpenAI is also exploring multi-device setups, where multiple desktops or, for example, a Mac Mini can be run headlessly and operated directly from a primary device running Codex. Earlier experiments with SSH-based remote control are evolving into more persistent, flag-driven sessions designed to keep agents connected. Together, these capabilities push Codex closer to an always-available operator that can manage infrastructure and development tasks across machines.
Toward Fully Autonomous AI Agent Workflows
Taken together, the Codex Chrome extension, Windows sandbox, and expanding Computer Use capabilities sketch a roadmap toward fully autonomous AI agent workflows. Codex can already run web development tasks in the background, enforce fine-grained permissions in the browser, and adhere to strict sandbox rules on Windows while still automating local development environments. With remote device control maturing—and the prospect of Codex keeping sessions alive on sleeping or locked machines—the agent is poised to handle multi-step sequences that span browsers, local tools, and remote boxes without constant human oversight. For developers, this could mean offloading routine operations like log review, dashboard monitoring, test runs, and even light infrastructure maintenance to Codex as a persistent background operator. The challenge now shifts from “can Codex control this device?” to “how do we orchestrate and govern an ecosystem where autonomous AI agents continuously operate our desktops and dev environments?”