macrumors.com via Reddit

OpenAI Codex runs Mac tasks behind locked screen

openai agents coding tools ai-agents developer-tools coding-automation

Key insights

  • OpenAI Codex can now autonomously operate Mac apps while the screen is locked via an Apple authorization plug-in.
  • The Locked Use feature is geographically restricted at launch, excluding EEA, UK, and Switzerland users.
  • Codex cannot automate Terminal or itself under Locked Use, limiting but not eliminating local system exposure.

Why this matters

Desktop-level agent control marks a qualitative shift from cloud-based AI automation to persistent, OS-integrated agents that operate outside active user sessions, raising the stakes for enterprise endpoint security policies. The geographic exclusion of EEA, UK, and Switzerland signals that OpenAI is anticipating regulatory friction around autonomous agents with local system access, a pattern that will shape how AI agent features get scoped and launched globally. For founders building on top of agentic frameworks, the permission architecture OpenAI is establishing here -- Apple auth plug-ins, explicit Accessibility grants -- is likely to become the template other platforms and competitors reference when designing their own agent access models.

Summary

OpenAI's Codex desktop agent for Mac can now operate apps and execute long-running tasks after the screen is locked, thanks to a new capability called Locked Use announced May 22. The feature works through an Apple authorization plug-in that temporarily unlocks the machine under strict behavioral constraints. Developers can kick off a task, lock their Mac, and monitor or review progress remotely from a phone -- making multi-hour agentic workflows practical without babysitting a machine. Essentially: (OpenAI, Apple) are deepening the integration layer between AI agents and desktop OS-level permissions. - Locked Use is blocked at launch for users in the EEA, UK, and Switzerland, likely due to regulatory exposure around autonomous agents. - The feature cannot automate Terminal or Codex itself, narrowing the blast radius of runaway agent behavior. - It requires explicit Screen Recording and Accessibility permissions, placing the consent decision squarely on the user at setup. As AI agents move from cloud tasks to local machine control, the permission and trust model of desktop operating systems is becoming a front-line product decision, not just a security footnote.

Potential risks and opportunities

Risks

  • Enterprise IT and security teams have no established policy framework for AI agents holding Accessibility and Screen Recording permissions at the OS level, creating a compliance gap that could trigger internal audit findings within 30-60 days of employee adoption.
  • If a Locked Use session is hijacked or behaves unexpectedly on a developer machine with production credentials in scope, OpenAI faces significant liability exposure and potential for Apple to revoke or restrict the authorization plug-in mechanism.
  • Competitors and regulators in the EEA could cite the regional exclusion as evidence that OpenAI considers the feature non-compliant with AI Act or GDPR obligations, accelerating scrutiny of the entire Codex agent product line in those markets.

Opportunities

  • Endpoint security vendors (CrowdStrike, SentinelOne, Jamf) can move quickly to add Locked Use session monitoring and policy controls to their Mac agent management products, targeting enterprise Codex deployments.
  • Developer tooling companies building on the Codex API -- particularly those in CI/CD automation (Buildkite, CircleCI) -- gain a credible path to pitching overnight autonomous build-and-test pipelines that run on local developer hardware without cloud egress costs.
  • Apple has an opening to formalize and monetize a sanctioned 'trusted agent' permission tier in macOS, creating a new developer certification program that generates both revenue and a competitive moat against Windows-based agent runtimes.

What we don't know yet

  • Whether Apple reviewed or formally approved the authorization plug-in mechanism, or whether OpenAI is operating in a policy gray area Apple has not yet addressed.
  • What audit or logging infrastructure exists for Locked Use sessions, and whether developers can replay or inspect agent actions taken while locked.
  • Whether the EEA/UK/Switzerland exclusion reflects pre-emptive legal counsel or active regulatory dialogue with bodies like the ICO or EDPB as of May 2026.

Originally reported by macrumors.com

Read the original article →

Original headline: OpenAI Codex Can Now Control Your Mac Even When the Screen Is Locked — 'Locked Use' Feature Targets Long-Running Developer Tasks