Codex has its own cursor now. It can see your screen, click, type, and operate across applications while you do something else entirely. Multiple agents work in parallel on your Mac without getting in your way. Deploying and managing agents is still a core challenge for many developers, but Codex handles this internally.
The April 16 update also adds an in-app browser where you comment directly on pages to guide the agent. Image generation comes through gpt-image-1.5. Over 90 new plugins include Atlassian Rovo, CircleCI, GitLab Issues, and Microsoft Suite.
Developer workflows got attention too. You can now review GitHub PRs through Codex, SSH into remote devboxes, run multiple terminal tabs, and preview files like PDFs and spreadsheets in the sidebar.
Long-term memory lets Codex remember preferences and corrections across sessions. Automations can schedule future work and wake the agent up to continue tasks that span days or weeks.
All of this is macOS-only for now, rolling out to ChatGPT desktop users first. Enterprise, Education, and EU/UK availability is coming soon.
But handing an AI agent direct control of your computer raises questions OpenAI hasn't fully answered. Security researchers have shown autonomous agents can be manipulated into exfiltrating sensitive data through seemingly benign operations. NIST's AI Risk Management Framework recommends human-in-the-loop approval for high-risk agent actions. Some have questioned the transparency of OpenAI's internal processes, leading to the Farrow investigation into whether OpenAI leadership can be trusted. Organizations are already looking at tools like Open Policy Agent to enforce behavioral boundaries.
The cursor works. The trust framework doesn't exist yet.