OpenAI Misses Key Revenue, User Targets in High-Stakes Sprint Toward IPO

The company’s CFO and board have questioned the wisdom of massive data-center spending in the face of slowing growth

Several interesting details in this article, including that both Google and Anthropic are eating a bit of OpenAI's lunch. DeepSeek's latest model would be poised to eat all their lunches if it weren't for the US government running cover for US firms. This does not feel like a stable situation to me.

#AI #GenAI #GenerativeAI #LLM #OpenAI #ChatGPT #economy #economics #Anthropic #Codex #Claude

Canceled Claude. Every 4-6 months Anthropic distills Opus / Sonnet. Like last year.

#gemini #openrouter #codex

----------------

🧭 AI Security

This report documents a critical command injection vulnerability in OpenAI Codex that enabled theft of GitHub User Access Tokens via the ChatGPT Codex Connector. The discovery was credited to BeyondTrust Phantom Labs and disclosed to OpenAI on December 16, 2025. OpenAI issued a hotfix on December 23, 2025, followed by additional fixes for branch shell escape (January 22, 2026) and further shell-escape hardening and reduced GitHub token access (January 30, 2026). The vulnerability was classified as Critical (Priority 1) on February 5, 2026, with permission granted for public disclosure.

Technical narrative
• The ChatGPT Codex Connector uses short-lived, scoped OAuth 2.0 access tokens to act on behalf of consenting users. With broad default scopes, the application can access repositories, workflows, actions, branches, and private organizational resources when authorized inside an organization.
• In the Codex Web portal, user prompts that target repositories and branches create “cloud task” POST requests carrying environment identifiers, branch, and prompt text. On backend execution, Codex spins up containerized environments that run setup scripts, install dependencies, and may execute code derived from prompts.
• Environments support custom setup scripts, environment variables, and secrets, and by default allow outbound internet access during setup via an HTTP/HTTPS proxy. The command injection allowed an attacker to achieve shell escape within these containers, access environment-scoped secrets, and exfiltrate GitHub tokens.

Attack chain (reported)

🎣 Initial Access — crafted prompts or repository inputs processed by Codex allowed injection into backend task handling.
===================

⚙️ Execution — containerized environment executed injected commands during setup or runtime.
📤 Exfiltration — obtained short-lived OAuth tokens were transmitted out via network proxy pathways.

Observed fixes and timeline
• 2025-12-23: Hotfix for command injection.
• 2026-01-22: Fix for GitHub branch shell escape.
• 2026-01-30: Additional shell escape hardening and limits on GitHub token access.

This account focuses on the concrete findings: vulnerable task handling in Codex, container shell escape leading to token theft, the privileged default scopes of the GitHub integration, and the sequence of fixes applied by OpenAI. #OpenAI #Codex #GitHub #OAuth #Security

🔗 Source: https://www.beyondtrust.com/blog/entry/openai-codex-command-injection-vulnerability-github-token

Evening folks,

A busy one for me on #omnimem. We now have 76% test coverage :) Still more to do but getting there. Automated security scanning and automated docker builds for amd64 and arm64. This means you know longer have to build the project your self to get started. All you need is docker installed, check out the new guide:

https://codeberg.org/ric_harvey/omnimem/src/branch/main/guides/docker-hub.md

There are now guides for #VScode + CoPiliot #Cursor #Codex #Kiro #GitlabDuo #OpenCode and of course #Claude

#AI #Memory that isn't binary!

Seems Codex have improved a lot lately. Can it match Claude Code? 🤔 need to do more testing #codex #claudecode

I don’t quite understand all the hype around coding with Claude Code. I’ve been genuinely impressed with both Antigravity and Codex. Both have been superb for assisting me with coding and consistently deliver strong results.

#ClaudeCode #Antigravity #Codex #AI #Coding

¿Mejor IA para programar? Claude Opus 4.6 vs Codex 5.3 vs Codex Spark

00:00 Introducción
01:19 GPT 5.3 Codex
05:24 Claude Opus 4.6
07:28 Prueba con GPT 5.3 Codex
09:20 Resultado con GPT 5.3 Codex
10:46 Prueba con Claude Opus 4.6
11:46 Resultado con Claude Opus 4.6
13:14 Prueba con GPT 5.3 Codex Spark
15:32 Resultado con GPT 5.3 Codex Spark
16:53 Conclusiones

Vía: Dotcsv - Divulgación sobre Inteligencia Artificial

#Divulgación #Ciencia #Tecnología #Ingeniería #Programación #RedesNeuronales #Robótica #IA #InteligenciaArtificial #DOTCSV #CarlosSantanaVega #ClaudeOpus #Codex #CodezSpark

https://www.youtube.com/watch?v=90Zh42oYduE

I no longer use a website or desktop app to search the web or ask ai anything. I just use Claude Code or Codex in the terminal. It is amazing! Just go to a folder and just start talking to AI. You can use /init if you want things to save across sessions. #AI, #ClaudeCode, #Codex