Top AI Product

Every day, hundreds of new AI tools launch across Product Hunt, Hacker News, and GitHub. We dig through the noise so you don't have to — surfacing only the ones worth your attention with honest, no-fluff reviews. Explore our latest picks, deep dives, and curated collections to find your next favorite AI tool.


Codex starts encrypting sub-agent prompts (openai/codex 28058) — and you can’t read your own agent logs anymore

Codex is OpenAI’s terminal coding agent, and its MultiAgentV2 mode lets a lead agent spawn sub-agents to split up a job. PR #26210, merged June 5, encrypted the message payloads on all three handoff tools: spawn_agent, send_message, followup_task.

Encrypted against whom, though? InterAgentCommunication::new_encrypted() deliberately leaves the plaintext content field empty and stuffs everything into encrypted_content. Your local rollout history, your debug surfaces, your traces — all ciphertext. So the one question you actually need answered when a sub-agent goes off the rails, what task did the parent hand it?, is now unanswerable on your own machine.

Why it blew up

359 points and 217 comments on HN. The leading theory is that OpenAI treats these prompts like raw reasoning traces and doesn’t want anyone distilling them. Plausible. But nobody’s demanding the model’s chain of thought — just the instruction one of your agents gave another, on hardware you own. Delivery to the model can stay encrypted; that has nothing to do with wiping the local record.

The fix nobody has shipped

The issue proposes a required plaintext task_message companion field: model still gets ciphertext, humans still get an audit trail. Maintainers haven’t responded. Still open.


You Might Also Like


Discover more from Top AI Product

Subscribe to get the latest posts sent to your email.



Leave a comment