
OpenAI Codex Still Can't Keep Your Secrets Safe
A known Codex issue lets sensitive files slip through—plus smart LLM routing and openpilot's open-source momentum round out today's signals.
The signal: An open GitHub issue reveals OpenAI Codex still has no reliable way to exclude sensitive files from its context window—and it’s been sitting unresolved.
Why it matters: If you’re wiring Codex into a real codebase, your secrets, credentials, or proprietary logic could be getting scooped up silently. This isn’t theoretical—it’s the kind of quiet data exposure that bites you months later.
The pattern I’m watching: The Wayfinder Router trending alongside this tells the whole story: developers are actively building escape hatches around hosted LLM limitations—routing sensitive queries to local models, controlling what leaves the building. The “local vs. hosted” split isn’t a preference anymore, it’s an architecture decision with real security implications.
What I’d do with this: If Codex is in your stack, treat it like a public API right now—assume anything in context could be logged, and gate accordingly. Start evaluating a hybrid routing layer that keeps sensitive paths local until the hosted tools catch up.