OpenAI Codex Enterprise Push: Mobile Launch, Windows Sandbox, and Customer Stories · history
Version 13
2026-06-02 18:41 UTC · 498 items
What
OpenAI's Codex platform deployed on AWS/Amazon Bedrock on June 1, covering both Commercial and GovCloud regions, and reported 5 million weekly users — up from 4 million in late April [1]. On June 2, OpenAI pivoted Codex's positioning from a developer coding agent to a general knowledge-work platform with a new 'Sites' feature for building interactive web experiences from plain-language instructions [3][4]. Three publicly disclosed vulnerabilities — CVE-2025-59532 (sandbox bypass), CVE-2025-61260 (RCE), and ZDI-26-305 (zero-day sandbox escape) — remain without confirmed OpenAI remediation, though newly surfaced article titles suggest a supply chain patch was issued and an MCP security gap disclosed [11][12], with details unavailable.
Why it matters
The AWS/Bedrock integration covering GovCloud is a meaningful procurement unlock for regulated enterprises, but it amplifies the stakes of the unpatched vulnerability question — expanding into government-adjacent infrastructure before confirming remediation of three public CVEs creates compounded risk. The knowledge-work pivot, if substantive, transforms Codex's total addressable market well beyond software development; if it is primarily a marketing reframe, it signals pressure to differentiate as competitors absorb Codex as an interchangeable component.
Open questions
Article titles suggest a patch was issued for a supply chain vulnerability [11] and that an MCP security gap was disclosed [12] — do these address any of CVE-2025-59532, CVE-2025-61260, or ZDI-26-305, or do they represent additional undisclosed vulnerabilities beyond the three already tracked?
GovCloud availability [1] expands Codex into regulated government infrastructure — what security controls or FedRAMP-equivalent accreditations accompany it given three publicly documented, unpatched CVEs?
The 'Sites' feature and 'Next Era of Knowledge Work' report [3][4] position Codex as a general productivity platform — does this represent real architectural expansion or a rebranding of existing capabilities under competitive pressure?
Ramp's AI Index reports Anthropic has overtaken OpenAI in business AI adoption [15][16] — does the AWS/Bedrock distribution shift change that competitive picture, or does it deepen reliance on third-party channels rather than direct enterprise relationships?
Narrative
OpenAI's Codex platform became available on AWS through Amazon Bedrock on June 1, 2026, covering both Commercial and GovCloud regions [1]. The announcement cited over 5 million weekly users — up from 4 million in late April [2] — and framed AWS availability as removing enterprise friction around 'security, compliance, procurement, billing, and governance workflows.' OpenAI's Daybreak cybersecurity suite, including Codex Security and cyber threat modeling, is planned for future availability on AWS. GovCloud coverage signals explicit ambitions in regulated and government-adjacent markets, representing the broadest single distribution expansion since launch.
On June 2, OpenAI published a 'Next Era of Knowledge Work' report positioning Codex as a productivity tool for general knowledge workers — extending beyond software development into AI-powered research, data analysis, workflow automation, and content creation [3]. A new 'Sites' feature was simultaneously announced, enabling Codex to build and deploy interactive web experiences from plain-language work instructions [4]. Together, these moves reframe Codex from a developer coding agent to a general-purpose workspace builder, though the substance behind the rebranding is not yet independently verifiable.
The security posture remains unresolved and newly complicated. Three vulnerabilities are publicly documented without confirmed remediation: CVE-2025-59532 (command injection/sandbox bypass, with a public proof-of-concept [5][6]), CVE-2025-61260 (RCE disclosed by SentinelOne [7]), and ZDI-26-305 (a zero-day sandbox escape published by Trend Micro's ZDI [8]). BeyondTrust documented that the command injection can expose GitHub tokens in enterprise deployments [9], and Cymulate named the underlying attack class 'Configuration-Based Sandbox Escape' (CBSE) as a category pattern affecting AI coding tools broadly [10]. Newly surfaced article titles — 'OpenAI Codex CLI patch closes major supply chain vulnerability' [11] and 'OpenAI Codex CLI contained dangerous MCP security gap' [12] — suggest at least one patch may have been issued and a new vulnerability class disclosed, but no claim details are available to confirm scope or CVE overlap. Windows Computer Use on Windows shows split user experience: some users report Chrome and Computer Use functioning [13] while others report sudden breakage [14].
The competitive and financial picture complicates OpenAI's enterprise momentum narrative. Ramp's May 2026 AI Index reports Anthropic has overtaken OpenAI in business AI adoption [15][16], and OpenAI's reported ~$5.7B Q1 2026 revenue sits alongside a critically reported –122% Non-GAAP operating margin [17]. Seven named GSI partners extend Codex's enterprise reach [2], but Infosys publicly positions as model-agnostic [18], UiPath bundles Codex alongside Claude Code and GitHub Copilot as interchangeable components [19][20], and Dell simultaneously deploys Grok 2.5 on identical infrastructure used for Codex [21] — a consistent pattern of Codex being absorbed into existing orchestration layers rather than displacing incumbents.
Timeline
- 2026-04-21: OpenAI reports 4M+ weekly active developers, launches Codex Labs, and names seven GSI partners (Accenture, Capgemini, CGI, Cognizant, Infosys, PwC, TCS) [2][47]
- 2026-05-08: OpenAI publishes 'Running Codex safely at OpenAI' as an enterprise security reference documenting sandboxing, approvals, and agentic telemetry [31]
- 2026-05-14: Codex launches in ChatGPT mobile app on iOS and Android in preview; Sea Limited case study published [24][48][49]
- 2026-05-15: OpenAI publishes engineering retrospective on the Windows sandbox, detailing rejected security primitives and the final composed architecture [32]
- 2026-05-16: Codex Windows app launches in Microsoft Store; community user reports Codex wiped files on their machine [50][51]
- 2026-05-18: OpenAI and Dell Technologies announce partnership for hybrid and on-premises enterprise Codex deployment [25][42][43]
- 2026-05-20: UiPath treats Codex, Claude Code, and GitHub Copilot as interchangeable selectable components; Infosys publicly positions as model-agnostic [19][20][18]
- 2026-05-21: GitHub formally launches Claude and Codex as selectable agents in Agent HQ; GPT-5.3-Codex reported as new Copilot Business/Enterprise base model [37][38][52]
- 2026-05-22: Gartner 2026 Magic Quadrant names OpenAI, GitHub, and Cursor as Leaders (Cursor furthest right); CVE-2025-59532 disclosed; Virgin Atlantic case study published (78–80% codebase reduction, zero P1 defects) [22][40][36][53][54][26]
- 2026-05-23: Check Point Research characterizes CVE-2025-59532 as command injection with a public Docker-based proof-of-concept; Codex Security research preview announced [5][34][55]
- 2026-05-24: Dell confirms Grok 2.5 deployment on identical Codex infrastructure; Codex Security reports 1.2M commits scanned and 10,561 high-severity issues [21][33]
- 2026-05-25: Multiple sources report OpenAI Q1 2026 revenue at ~$5.7B; critical analysis reports –122% Non-GAAP operating margin; Ramp AI Index reports Anthropic overtook OpenAI in business AI adoption [46][17][56][15][16]
- 2026-05-27: Cisco (10–15x defect throughput, 1,500+ engineering hours saved monthly) and Warp (90% agent-created PRs, 35x ARR growth) case studies published [27][28]
- 2026-05-29: Braintrust case study published (50% engineering adoption in one month); Codex Computer Use launches on Windows; widespread sandbox setup failures and CLI tmux escape documented immediately [30][57][35][58]
- 2026-05-30: ZDI publishes ZDI-26-305 as a zero-day; BeyondTrust documents GitHub token exposure via command injection; Cymulate names 'Configuration-Based Sandbox Escape' (CBSE) as an AI coding tool vulnerability category [6][10][45][8][9]
- 2026-05-31: CVE-2025-61260 (RCE) disclosed by SentinelOne; Windows Computer Use UAC and spawn failures continue with no confirmed stable release [7][59][60]
- 2026-06-01: Codex launches on AWS/Amazon Bedrock covering Commercial and GovCloud regions; 5 million weekly users reported; Daybreak cybersecurity suite planned for future AWS availability [1]
- 2026-06-02: Codex repositioned as general knowledge-work platform with new 'Sites' feature enabling interactive web experience creation from plain-language instructions [3][4]
Perspectives
OpenAI (product and marketing)
Positions Codex as a cross-platform, production-ready enterprise platform expanding from developer tool to general knowledge-work platform, with 5M weekly users, AWS/GovCloud deployment, seven GSI partners, Gartner Leader designation, and broad customer case studies [2][22][1][3].
Evolution: Knowledge work pivot [3] and Sites feature [4] represent a significant product scope expansion beyond software development; AWS/Bedrock availability [1] adds major cloud distribution; no public response to accumulating security disclosures.
OpenAI (engineering and security)
Published 'Running Codex safely at OpenAI' as an enterprise reference model [31] and a candid Windows sandbox architecture retrospective [32], while Codex Security preview documented 1.2M commits scanned [33].
Evolution: Three public CVEs remain without confirmed remediation [6][7][8]; newly surfaced titles suggest a supply chain patch and MCP gap disclosure [11][12], but details are unavailable — leaving the remediation status of all three tracked CVEs unconfirmed.
GitHub / Microsoft
Earned third consecutive Gartner Magic Quadrant Leader designation [36] and formally launched Claude and Codex as selectable agents in Agent HQ [37]; Azure documented cloud-sovereign Codex deployment.
Evolution: Consistent; three-year incumbency frames OpenAI's entry as joining an established market rather than defining one.
Cursor
Named a Leader in the 2026 Gartner Magic Quadrant and confirmed as positioned furthest to the right on completeness of vision among all three Leaders [40].
Evolution: Consistent.
Dell Technologies
Multi-model infrastructure broker enabling on-premises and hybrid AI deployment — confirmed deploying both Codex for OpenAI [25] and Grok 2.5 for xAI [21] on identical Dell AI Factory infrastructure with no disclosed exclusivity.
Evolution: Consistent.
Security researchers (Check Point, Cymulate, BeyondTrust, ZDI, SentinelOne)
Multiple independent firms have characterized Codex vulnerabilities: command injection with a public proof-of-concept [5], CBSE as a category affecting AI coding tools broadly [10], GitHub token exposure via command injection [9], ZDI-26-305 as a zero-day [8], and CVE-2025-61260 RCE [7]; an MCP security gap and supply chain vulnerability have also been covered [11][12][44].
Evolution: Escalated: a possible patch and new MCP gap disclosure have emerged [11][12], adding uncertainty about whether remediation has begun, while the total count of disclosed vulnerability classes continues to grow.
Independent market data (Ramp AI Index)
Ramp's May 2026 AI Index reports Anthropic has overtaken OpenAI in business AI adoption [15][16], in direct tension with OpenAI's enterprise momentum claims.
Evolution: Consistent.
Enterprise automation platforms (UiPath, GitHub Agent HQ)
UiPath treats Codex, Claude Code, and GitHub Copilot as interchangeable selectable components [19][20]; GitHub Agent HQ formally treats Claude and Codex as equivalent selectable agents [37] — absorbing Codex into existing orchestration layers rather than adopting it as a standalone platform.
Evolution: Consistent; commoditization pattern unchanged.
Tensions
- OpenAI published 'Running Codex safely at OpenAI' as an enterprise security reference [31] and expanded into GovCloud [1], but CVE-2025-59532 [6], CVE-2025-61260 [7], and ZDI-26-305 [8] remain publicly disclosed without confirmed remediation, and a newly disclosed MCP security gap [12] extends the unresolved exposure into government-adjacent infrastructure. [31][6][7][8][1][12]
- Cymulate frames CBSE as a category-level vulnerability pattern affecting AI coding tools broadly [10], while BeyondTrust specifically documents GitHub token exposure via Codex's command injection in enterprise deployments [9], together suggesting OpenAI's security reference model [31] systematically understates the attack surface. [10][9][31]
- OpenAI's scale narrative claims 5M+ weekly users and ~$5.7B Q1 2026 revenue with Codex as a driver [1][46], while Ramp's AI Index reports Anthropic has overtaken OpenAI in business AI adoption [15][16] and a critical analysis reports a –122% Non-GAAP operating margin [17]. [1][46][17][15][16]
- The 2026 Gartner Magic Quadrant provided OpenAI its first major analyst validation [22], but GitHub earned the same Leader designation for the third consecutive year [36] and Cursor is confirmed furthest right [40], reflecting category maturity across incumbents rather than a breakthrough for any new entrant. [22][36][40]
- OpenAI markets Codex as a uniquely positioned enterprise platform, but Infosys — one of its seven named GSI partners — publicly positions as model-agnostic [18], UiPath bundles Codex alongside Claude Code and GitHub Copilot as interchangeable components [19][20], and Dell simultaneously deploys Grok 2.5 on identical infrastructure [21]. [19][20][18][21]
- All named enterprise performance claims — Virgin Atlantic's 78–80% codebase reduction [26], Cisco's 10–15x defect throughput [27], Warp's 90% agent-created PRs [28], Braintrust's 50% adoption in one month [30] — originate exclusively from OpenAI-controlled or co-published materials with no independent technical verification. [26][27][28][30]
Sources
- [1] OpenAI frontier models and Codex are now available on AWS — OpenAI Blog (2026-06-01)
- [2] Scaling Codex to enterprises worldwide — OpenAI Blog (2026-04-21)
- [3] Codex is becoming a productivity tool for everyone — OpenAI Blog (2026-06-02)
- [4] OpenAI just gave Codex a major upgrade. — Rohan Paul Twitter (2026-06-02)
- [5] OpenAI Codex CLI Vulnerability: Command Injection — reactive:openai-codex-enterprise-rollout
- [6] Codex has sandbox bypass due to bug in path configuration logic | GitLab Advisory Database (GLAD) — reactive:openai-codex-enterprise-rollout
- [7] CVE-2025-61260: OpenAI Codex CLI RCE Vulnerability — reactive:openai-codex-enterprise-rollout
- [8] ZDI publishes OpenAI Codex sandbox bypass as a zero-day — reactive:openai-codex-enterprise-rollout
- [9] OpenAI Codex Command Injection Vulnerability - BeyondTrust — reactive:openai-codex-enterprise-rollout
- [10] Configuration-Based Sandbox Escape (CBSE) in AI Coding Tools — reactive:openai-codex-enterprise-rollout
- [11] OpenAI Codex CLI patch closes major supply chain vulnerability — reactive:openai-codex-enterprise-rollout
- [12] OpenAI Codex CLI contained dangerous MCP security gap — reactive:openai-codex-enterprise-rollout
- [13] Codex app on Windows: Chrome and Computer Use worked. — reactive:openai-codex-enterprise-rollout (2026-06-01)
- [14] Windows版CodexでComputer Use / Chrome連携が急に使えなくなりました。 — reactive:openai-codex-enterprise-rollout (2026-06-01)
- [15] Anthropic finally beat OpenAI in business AI adoption - VentureBeat — reactive:enterprise-ai-coding-battle
- [16] Anthropic beats OpenAI on business adoption - Ramp — reactive:enterprise-ai-coding-battle
- [17] News: OpenAI Had A Negative 122% Non-GAAP Operating Margin ... — reactive:openai-codex-enterprise-rollout
- [18] Infosys Partners with OpenAI on Codex | CRN India posted on the ... — reactive:openai-codex-enterprise-rollout
- [19] UiPath Launches Enterprise Platform for Claude Code, OpenAI Codex, Copilot, and More - https://t.co/BKLcG2k1oK @UiPath @... — reactive:openai-codex-enterprise-rollout (2026-05-20)
- [20] UiPath opens its platform to every coding agent - here's why Claude Code and Codex go first — reactive:openai-codex-enterprise-rollout
- [21] Grok 2.5 and Dell AI Factory Power AI Revolution | Dell — reactive:openai-codex-enterprise-rollout
- [22] OpenAI named a Leader in enterprise coding agents by Gartner — OpenAI Blog (2026-05-22)
- [23] How frontier enterprises are building an AI advantage — OpenAI Blog (2026-05-06)
- [24] Work with Codex from anywhere — OpenAI Blog (2026-05-14)
- [25] OpenAI and Dell partner to bring Codex to hybrid and on-premise enterprise environments — OpenAI Blog (2026-05-18)
- [26] How Virgin Atlantic ships faster with Codex — OpenAI Blog (2026-05-22)
- [27] Cisco and OpenAI redefine enterprise engineering with Codex — OpenAI Blog (2026-05-27)
- [28] Warp’s big bet on building open source with GPT-5.5 — OpenAI Blog (2026-05-27)
- [29] How Endava builds an agentic organization with Codex — OpenAI Blog (2026-05-28)
- [30] How Braintrust turns customer requests into code with Codex — OpenAI Blog (2026-05-29)
- [31] Running Codex safely at OpenAI — OpenAI Blog (2026-05-08)
- [32] Building a safe, effective sandbox to enable Codex on Windows — OpenAI Blog (2026-05-15)
- [33] OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues — reactive:openai-codex-enterprise-rollout
- [34] GitHub - baktistr/cve-2025-59532-poc: A Docker-based research ... — reactive:openai-codex-enterprise-rollout
- [35] @daniel_mac8 No. Codex never works on my Windows. Somehow it stuck at Agent Sandbox set up and cant do anything. Shitty ... — reactive:openai-codex-enterprise-rollout (2026-05-29)
- [36] GitHub recognized as a Leader in the Gartner® Magic Quadrant ... — reactive:openai-codex-enterprise-rollout
- [37] Pick your agent: Use Claude and Codex on Agent HQ — reactive:openai-codex-enterprise-rollout
- [38] Claude and Codex are now available in public preview on GitHub — reactive:openai-codex-enterprise-rollout
- [39] Codex with Azure OpenAI in Microsoft Foundry Models — reactive:openai-codex-enterprise-rollout
- [40] Cursor is a leader in the 2026 Gartner Magic Quadrant for Enterprise AI Coding Agents, positioned furthest to the right ... — reactive:coding-agent-industry-pivot (2026-05-22)
- [41] Cursor named a Leader in the 2026 Gartner® Magic Quadrant™ for ... — reactive:openai-codex-enterprise-rollout
- [42] OpenAI and Dell Technologies partner to bring Codex to hybrid and on-premises enterprise environments | OpenAI https://t... — reactive:openai-codex-enterprise-rollout (2026-05-20)
- [43] OpenAI and Dell Collaborate to Deploy Codex in Hybrid and On-Premise Enterprise Settings — reactive:openai-codex-enterprise-rollout (2026-05-20)
- [44] Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers - SecurityWeek — reactive:openai-codex-enterprise-rollout
- [45] OpenAI Codex: Reported Sandbox Escape Disclosed (ZDI-26-305) — reactive:openai-codex-enterprise-rollout
- [46] PYMNTS | OpenAI’s Codex Helps Drive Nearly $6 Billion Quarter — reactive:openai-codex-enterprise-rollout
- [47] OpenAI leans on global consultancies to expand Codex use in large ... — reactive:openai-codex-enterprise-rollout
- [48] Sea's View on the Future of Agentic Software Development with Codex — OpenAI Blog (2026-05-14)
- [49] OpenAI says Codex is coming to your phone - TechCrunch — reactive:codex-practical-dev-tool
- [50] OpenAI Codex Arrives on Windows with Native Sandbox and Agentic Workflows | Windows Forum — reactive:openai-codex-enterprise-rollout
- [51] Built a Windows sandbox after Codex wiped files on my machine — reactive:openai-codex-enterprise-rollout
- [52] 🚨Codex CLI 0.133.0 is out! — reactive:openai-codex-enterprise-rollout (2026-05-21)
- [53] CVE-2025-59532 Detail - NVD — reactive:openai-codex-enterprise-rollout
- [54] Codex has sandbox bypass due to bug in path configuration logic — reactive:openai-codex-enterprise-rollout
- [55] Codex Security: now in research preview - OpenAI — reactive:openai-codex-enterprise-rollout
- [56] OpenAI Posts $5.7B Q1 Revenue, Leads Anthropic | Let's Data Science — reactive:openai-codex-enterprise-rollout
- [57] @OpenAI Codex Desktop Computer Use on Windows won’t start. — reactive:openai-codex-enterprise-rollout (2026-05-29)
- [58] Reminder that @OpenAI Codex CLI disregards its sandbox when using tmux: Codex will use the bash session opened in anoth... — reactive:openai-codex-enterprise-rollout (2026-05-29)
- [59] ムキー!codex-windows-sandbox-setup.exeがUACで失敗するとかなんなん! — reactive:openai-codex-enterprise-rollout (2026-05-31)
- [60] Codex Desktop on Windows: Computer Use helper fails immediately — reactive:openai-codex-enterprise-rollout (2026-05-30)