OpenAI's Codex now encrypts the internal instructions exchanged between AI agents, making it impossible for developers to track how tasks get delegated. Since early June, the coding tool has encrypted the instructions a main agent passes to its subagents, leaving developers with only unreadable strings in session history. This change has raised concerns among developers who rely on transparency to understand how tasks are managed internally.

Encryption is now mandatory for the larger GPT-5.6 models Sol and Terra, but users report that the encrypted handoff to a subagent sometimes fails. In some cases, the content cannot be decrypted, even when the main agent and subagent use the same model. A GitHub bug report highlights the issue, urging OpenAI to store a readable copy of the task locally alongside the encrypted version. Developers suspect the change may be a privacy measure or an attempt to prevent rivals from using internal communication to train their own models.

OpenAI has not provided an explanation for the encryption change, though some community members believe it may be related to protecting against model distillation. Zhipu AI's GLM-5.2 model was recently suspected of being distilled from GPT-5.5 and Opus 4.8. Agent-to-agent communication is considered valuable training data that can help weaker models reach stronger performance levels. Encrypting it would keep this material out of competitors' hands. A simpler reason is also possible, as OpenAI's API already encrypts intermediate states to avoid storing plaintext on its servers.

Source: thedecoder