Addendum to o3 and o4-mini system card: Codex

Source: OpenAI Date: 2025-05-16 URL: https://openai.com/index/o3-o4-mini-codex-system-card-addendum

Summary

Addendum to the o3 and o4-mini system card specifically covering Codex CLI — OpenAI’s coding agent built on top of the o-series reasoning models. Published May 2025, shortly after Codex CLI’s launch, this addendum extends the safety evaluation documentation to cover the agent-specific risks that the base model system card didn’t address: code execution in sandboxed environments, file system access, autonomous multi-step task completion, and the potential for misuse in automated attack pipelines.

Implications

System card expansions as governance. OpenAI’s practice of publishing system cards and then addenda as products extend into new deployment contexts is the right approach — base model evals don’t transfer cleanly to agentic deployments where the model is taking actions rather than just generating text. The Codex addendum specifically addresses the expanded attack surface of “model that can run code” vs. “model that suggests code.”

Agentic safety surface. Code execution + file access + internet access (in some Codex configurations) creates a substantially more dangerous misuse surface than chat. The system card addendum acknowledges this explicitly. Whether the documented safeguards (sandboxing, user confirmation prompts, scope limitations) are sufficient is an open question.

Thread: agentic safety documentation. Sits alongside the ChatGPT Agent system card (July 2025) and the o3 operational procedures addendum (May 2025) as OpenAI’s documentation of safety thinking for autonomous agent deployments.

Watch: Whether independent security researchers find Codex’s sandbox escape or scope violation vulnerabilities that the system card evaluation missed.