Skip to main content
Kaino.dev
Discover
Evals
News
Academics
Insights
Kaino.dev

Discover, evaluate, and compare AI tools, models, and agents.

Explore

  • Discover
  • Evaluations
  • News
  • Academics
  • Insights

Community

  • Twitter
  • YouTube
  • Instagram
Privacy PolicyTerms of Service

© 2026 Kaino.dev. All rights reserved.

Version 1.1.0
OpenAI Codex change encrypts MultiAgentV2 message payloads · News · Kaino
OpenAI Codex change encrypts MultiAgentV2 message payloads
Kaino
YesterdayJul 14, 2026, 12:00 AM0 views

OpenAI Codex change encrypts MultiAgentV2 message payloads

A merged OpenAI Codex pull request encrypts MultiAgentV2 agent instructions between model calls, leaving ciphertext rather than readable task text in local history and trace data. A follow-up GitHub issue says the change improves confidentiality but removes a readable audit trail for spawned-agent tasks.

agentsOpenAICodex

OpenAI Codex adds encryption for multi-agent messages

OpenAI merged a Codex change that encrypts MultiAgentV2 message payloads between model calls, according to the GitHub pull request titled “Encrypt multi-agent v2 message payloads” (#26210).

The pull request says MultiAgentV2 agent instructions are encrypted between model calls. It also says Codex forwards only ciphertext, stores empty plaintext content alongside an encrypted_content field, and relies on Responses to decrypt the payload internally for the recipient model.

That is a narrow but important implementation change: the task content sent among Codex agents is no longer plainly visible in the local rollout, history, or trace records described by the project’s own GitHub discussion.

What changed in Codex

According to the GitHub PR description for openai/codex #26210, the change applies to MultiAgentV2 message payloads, including agent instructions. Instead of retaining readable message text in the local records that Codex maintains around a run, the system stores an empty plaintext content value and an encrypted payload.

NewReleases, which tracks GitHub project releases, lists “Encrypt multi-agent v2 message payloads” in the changelog for openai/codex rust-v0.138.0. That indicates the change shipped in that Codex release line.

SourceFeed’s report, “Codex Encrypts Multi-Agent Messages, Kills Audit Trails,” similarly says the OpenAI Codex change was merged on June 5, 2026, and that local rollout history now contains ciphertext rather than the task text for affected MultiAgentV2 messages.

The public materials do not support a broader claim that models perform inference directly on ciphertext. The GitHub PR excerpt says Codex forwards ciphertext and that Responses decrypts internally for the recipient model. In other words, the documented design protects the payload while it moves through Codex’s local message handling, while decryption still occurs inside the model-serving path described by the OpenAI source document.

Security benefit and audit trade-off

The security rationale is straightforward: sensitive agent instructions are less exposed in local traces or logs if the readable content is replaced with encrypted content. For workflows where prompts or task instructions may contain secrets, customer data, proprietary code context, or operational details, reducing plaintext copies can lower the risk created by logs and diagnostics.

But the same change also affects observability. A later GitHub issue in the same repository, “Regression: encrypted MultiAgentV2 messages remove readable task audit trail” (#28058), says that after PR #26210, spawn_agent, send_message, and followup_task payloads are hidden behind ciphertext in rollout, history, and trace data. The issue says this removes a readable local audit trail.

That complaint does not necessarily mean the change is wrong. It highlights a common security engineering trade-off: encrypting message payloads can reduce exposure, while also making debugging, review, and forensic inspection harder for developers who previously depended on readable traces.

Why it matters for agent systems

Multi-agent coding systems often break work into subtasks, pass instructions between specialized agents, and record intermediate steps for debugging or review. If those intermediate instructions are stored in plaintext, they can become a secondary data exposure surface. If they are encrypted, operators may lose the ability to inspect exactly what was delegated without access to a decryption mechanism or separate audit tooling.

The Codex change is therefore best understood as a concrete adjustment to message handling in OpenAI’s Codex codebase, not as a sweeping shift across all AI systems. The available sources show a specific merged PR, a release note indicating shipment in rust-v0.138.0, and a follow-up issue documenting the auditability concern.

For teams building or operating agentic developer tools, the lesson is practical: encryption of inter-agent payloads should be paired with a deliberate audit design. Otherwise, stronger confidentiality for message contents can come at the cost of readable debugging and accountability records.

Key takeaways
  • 1

    The pull request says MultiAgentV2 agent instructions are encrypted between model calls.

  • 2

    It also says Codex forwards only ciphertext, stores empty plaintext content alongside an encrypted content field, and relies on Responses to decrypt the payload internally for the recipient model.

  • 3

    What changed in Codex According to the GitHub PR description for openai/codex 26210, the change applies to MultiAgentV2 message payloads, including agent instructions.

Continue reading

Latest from Kaino News

Story pulse

Freshness

Yesterday

Views

0

Reading

3 min

Byline

Kainotomic Team

Utilities

Topics

agentsOpenAICodex

Sources

Reference material and original reporting used in this story.

GitHub / openai/codex

Published Jul 14, 2026, 12:00 AM

View source