OpenAI’s Codex now encrypts instructions between AI agents, leaving developers blind to internal delegation

OpenAI’s Codex now hides what its AI agents tell each other. Developers can no longer see how tasks get delegated internally.

Since early June, OpenAI’s coding tool Codex has encrypted the instructions a main agent passes to its subagents. Coding tools are increasingly turning into agentic systems that break down tasks, delegate parts to subagents, and make autonomous decisions in the background. That makes it all the more important whether users can still track these internal processes.

Since the change, the session history shows an unreadable string instead of a readable task description. Developers can no longer check what their agent delegates to each subagent. A bug report on GitHub calls this out directly, asking OpenAI to store a readable copy of the task locally alongside the encrypted version.

For a while, GPT-5.5 wouldn’t even let developers turn off encryption using the dedicated toggle, cutting off visibility entirely. OpenAI has apparently since switched GPT-5.5 back to the readable path. The forced encryption now hits the larger GPT-5.6 variants, Sol and Terra. Only the smallest variant, Luna, still uses the open path.

The new system also appears unreliable. Several developers say the encrypted handoff to a subagent fails because the content can’t be decrypted. In some cases, this happens even when the main agent and subagent use the same model.

The encryption may block distillation, but privacy could be the simpler reason

OpenAI hasn’t explained why it encrypts communication between agents. Only the change itself has been confirmed.

Community members suspect the company treats these prompts like raw reasoning traces and wants to stop rivals from training on them. The suspicion isn’t far-fetched. Zhipu AI’s open GLM-5.2 model was recently suspected of having been distilled from GPT-5.5 and Opus 4.8. Agent-to-agent communication is valuable training data that can help lift a weaker model toward a stronger one’s level. Encrypting it would keep that material out of competitors’ hands.

A simpler reason is just as plausible. OpenAI’s API already encrypts intermediate states so they can be forwarded in follow-up requests without storing plaintext on its servers. We’re still waiting for OpenAI to confirm whether the change is about distillation protection, data privacy, or both.

AI News Without the Hype – Curated by Humans

Subscribe to THE DECODER for ad-free reading, a weekly AI newsletter, our exclusive “AI Radar” frontier report six times a year, full archive access, and access to our comment section.

Subscribe now

Similar Posts

Leave a Reply