ragidi
← back

OpenAI on Securing Code-Executing AI Agents — Fouad Matin (Codex, Agent Robustness)

Original: OpenAI on Securing Code-Executing AI Agents — Fouad Matin (Codex, Agent Robustness)

2.8K views · Jul 30, 2025 · 13:59 min · Watch on YouTube ↗
Takeaway

Secure code-executing agents require sandboxing, internet allowlists, and human approval surfaces — Codex CLI is OpenAI's open reference implementation.

Summary

  • OpenAI Codex CLI is open-sourced as a reference for securely running code-executing agents locally; o3/o4-mini reasoning models now use code execution for non-SWE tasks like OCR on images
  • Primary risks: prompt injection/data exfiltration (top priority), agent mistakes (malicious package install, vulnerable code), and sandbox escape
  • Mitigations: give agent its own computer (container/PR pattern in ChatGPT Codex), or local OS-level sandboxing via macOS seatbelt and Linux seccomp+landlock (written in Rust, inspired by Chromium)
  • New configurable internet allowlists with HTTP method restrictions; full-auto mode reads/writes only inside the project dir
securityagentscodex
Original description 
Code is the lingua franca for both software engineers and highly capable AI models. As we give agents the ability to build, test, and run code that they generate, the command line becomes their canvas—and their attack surface.

This keynote explores what it takes to bring code-executing agents from research to real-world deployment while maintaining control and security. We’ll cover how terminals offer AI an ideal interface, why they’re deceptively risky, and what it means to embed security, guardrails, and trust at every layer.

It’s not just about what agents can do—it’s about what they should do, and how we make sure they do it safely.

Join the new Agent Robustness team! https://x.com/gdb/status/1930831992171749773

About Fouad Matin   
Fouad Matin is an engineer who co-founded Indent, temporary access control startup, before joining OpenAI to work on AGI-ready security, and previously worked on data infrastructure products at Segment. In 2016, he co-founded VotePlz, a non-partisan voter registration and turnout non-profit. Passionate about helping people find fulfilling work, he previously started a referral recruiting company which went through Y Combinator in W16 batch.

Recorded at the AI Engineer World's Fair in San Francisco. Stay up to date on our upcoming events and content by joining our newsletter here: https://www.ai.engineer/newsletter

Timestamps:

00:00 Introduction to Code-Executing Agents
02:29 Shifting Paradigm in AI Agent Building
03:07 Security Concerns with Code Execution
04:25 Safety Safeguards: Sandboxing
05:02 Safety Safeguards: Disabling/Limiting Internet Access
09:44 Safety Safeguards: Human Review
11:19 Building Agents and Future Work