
TL;DR
OpenAI's Codex CLI now encrypts inter-agent communications for Sol and Terra models, leaving users unable to inspect what their agents are actually doing.
A recent change to OpenAI's Codex CLI encrypts the prompts exchanged between parent agents and sub-agents when using Sol or Terra models. The result: users can no longer inspect what tasks their agents are delegating to each other.
PR #26210 implemented encryption for MultiAgentV2 communications in Codex. When you spawn a sub-agent or send a message between agents, the system now stores only InterAgentCommunication.encrypted_content. The clear-text content field remains empty.
Previously, all prompts were stored in plain text in your local session data. You could browse the logs to see exactly what your parent agent instructed the child agent to do. Now that data is encrypted with keys only OpenAI can decrypt.
This affects three operations in the experimental multi_agent_v2 feature:
spawn_agent - creating new sub-agentssend_message - inter-agent communicationfollowup_task - continuation requestsLuna model users appear unaffected.
The Hacker News discussion (80+ points, 30+ comments) surfaced concerns about transparency and debugging.
The debugging problem is immediate. As one commenter explained: "Traditionally, your agent would send a text prompt to the sub-agent, then it goes off doing its work. In the logs/session data, the clear-text prompt would be there, so if I want to see what's happening, I just browse the data. Now if you browse the data, it's all encrypted content that can only be decrypted by OpenAI."
The enterprise concern follows naturally. One user wrote: "If we can't audit agents... only providers can... it's clear we are on a path to enterprise only has access to these tools." For teams that need to understand what their AI systems are doing - for compliance, debugging, or safety - invisible agent chatter is a problem.
The API pooling theory offers a possible motivation. One commenter noted Chinese black market resellers stopped working the day this shipped. If OpenAI is trying to prevent unauthorized API pooling and data harvesting, encrypting the wire protocol makes that harder.
The competition angle also surfaced. Users speculated OpenAI may be protecting how their multi-agent orchestration works from being reverse-engineered. As one put it: "Quite obviously they're afraid of letting other providers see how they handle the whole multi-agent management stuff."
Newsletter
Get the weekly deep dive
Tutorials on Claude Code, AI agents, and dev tools, delivered free every week.
From the archive
Jul 14, 2026 • 5 min read
Jul 13, 2026 • 5 min read
Jul 13, 2026 • 6 min read
Jul 13, 2026 • 6 min read
Several commenters initially misread the HN title ("Codex starts encrypting prompts, uses ciphertext for inference") as implying homomorphic encryption - computing on encrypted data without decrypting it. That would be technically impressive but computationally infeasible at LLM scale.
The reality is simpler: prompts are encrypted client-side before being sent to sub-agents, then decrypted server-side for actual inference. The user just cannot see the clear-text locally.
Issue #28058 on the Codex repository documents the problem and proposes a solution: maintain encrypted delivery for transport while adding a separate non-encrypted audit field for the readable task text. This would preserve both security and local transparency.
The issue has 20+ thumbs-up reactions and remains open.
Agent-based development is trending toward more autonomous multi-step workflows. When something goes wrong - a sub-agent makes a bad decision, hallucinates an API call, or takes an unexpected path - developers need to understand the chain of reasoning.
Encrypting inter-agent prompts makes that debugging impossible without OpenAI's cooperation. For local development, this is inconvenient. For production systems where auditability is a compliance requirement, it may be disqualifying.
The multi_agent_v2 feature is currently experimental and off by default. If you need full auditability, you can:
Several commenters mentioned using Codex's app-server for custom integrations. One user built a Rust "conductor" that manages agent interactions through Forgejo issues and PRs, avoiding the encrypted paths entirely.
This change arrives as AI providers navigate competing pressures: user demands for transparency, enterprise requirements for auditability, competitive concerns about IP leakage, and abuse prevention for API pooling.
OpenAI chose to prioritize the latter concerns here. Whether that trade-off is acceptable depends on your use case. For hobbyist experimentation, probably fine. For production systems with audit requirements, it is a regression that the current GitHub issue aims to address.
Read next
A Codex CLI SQLite logging bug showed how global TRACE logs can burn SSD write endurance. OpenAI has now merged fixes, but the incident is a useful local-agent operations lesson.
5 min readOpenAI teases its most capable coding model yet - Sol Ultra uses trained subagents that communicate during tasks, reportedly hitting 91.9% on Terminal-Bench 2.1.
5 min readA developer used OpenAI Codex to build a fully open-source WYSIWYG editor for TikZ figures. The technical approach and reception on Hacker News offer a useful case study in what agent-built software looks like when shipped.
7 min readTechnical content at the intersection of AI and development. Building with AI agents, Claude Code, and modern dev tools - then showing you exactly how it works.
OpenAI's open-source terminal coding agent built in Rust. Runs locally, reads your repo, edits files, and executes comma...
View ToolOpenAI's coding agent for terminal, cloud, IDE, GitHub, Slack, and Linear workflows. Reads repos, edits files, runs comm...
View ToolOpenAI's flagship. GPT-4o for general use, o3 for reasoning, Codex for coding. 300M+ weekly users. Tasks, agents, web br...
View ToolLightweight Python framework for multi-agent systems. Agent handoffs, tool use, guardrails, tracing. Successor to the ex...
View ToolEvery coding agent in one window. Stop alt-tabbing between Claude, Codex, and Cursor.
View AppBeat the August 2026 Assistants API sunset. Paste old code, get Responses API.
View AppGenerate ecommerce creative direction, image prompts, ad copy, and campaign variants.
View AppInstall Ollama and LM Studio, pull your first model, and run AI locally for coding, chat, and automation - with zero cloud dependency.
Getting StartedSet up Codex Chronicle on macOS, manage permissions, and understand privacy, security, and troubleshooting.
Getting StartedInstall the dd CLI and scaffold your first AI-powered app in under a minute.
Getting Started
OpenAI Codex Desktop App: Plan/Goal Modes, Plugins, Multi-Agent Workflows & UI Annotation Demo The video showcases OpenAI’s Codex desktop app, which the creator calls OpenAI’s best product and a prem

In this video, we delve into OpenAI's latest release, Codex, a cloud-based software engineering agent designed for various coding tasks. Unlike tools like Cursor or Windsurf, Codex integrates...

Exploring Codex: AI Coding in Terminal In this video, I explore Codex, a new lightweight CLI tool for AI coding that runs in the terminal. This tool, possibly a response to Anthropic's CLI,...

OpenAI teases its most capable coding model yet - Sol Ultra uses trained subagents that communicate during tasks, report...

A Codex CLI SQLite logging bug showed how global TRACE logs can burn SSD write endurance. OpenAI has now merged fixes, b...

The Transformer co-creator leaves Google DeepMind for OpenAI just two years after Google paid $2.7 billion to bring him...

New benchmarks on 5,559 test utterances show Apple's iOS 26 SpeechAnalyzer API achieving 2.12% word error rate - beating...

A new distributed inference system pools GPU resources across multiple machines and exposes them through a single OpenAI...

The world's most famous mathematician used AI coding agents to revive 25-year-old Java applets and build new visualizati...

New tutorials, open-source projects, and deep dives on coding agents - delivered weekly.