Building a safe, effective sandbox to enable Codex on Windows

Source: OpenAI Date: 2026-05-15 URL: https://openai.com/index/building-codex-windows-sandbox

Summary

OpenAI published the engineering writeup behind Codex’s Windows deployment, detailing the sandbox architecture required to run agentic code execution safely on Windows hosts. The core challenge is that Codex executes arbitrary AI-generated code in a tight loop — the sandbox must prevent filesystem escapes, network exfiltration, and privilege escalation while remaining fast enough to not degrade the agentic workflow. OpenAI’s solution layers Windows Sandbox (hardware-isolated VMs) with additional process-level restrictions, keeping each Codex session fully isolated from the host and from other sessions.

Implications

• Agent-layer convergence. Safe sandboxing for agentic code execution is an unsolved infrastructure problem across the industry — this writeup is one of the first production-grade treatments. It sets a reference design that Cursor, Aider, and other Codex-adjacent tools will benchmark against when designing their own execution environments.
• Enterprise deployment battleground. Windows is the dominant enterprise OS. Codex on Windows with a credible security story removes the last major blocker for corporate IT departments; expect enterprise Codex adoption to accelerate in the 6 months following this publication.
• Standards/protocol thread. The sandbox spec implicitly defines what “safe agentic execution” means on Windows — a de facto standard that regulators and enterprise security teams will treat as the baseline when evaluating competitor products.