OpenAI’s Codex Can Now Control Your Locked Mac: A Security Nightmare or a Productivity Dream?
A contentious new feature for OpenAI's Codex desktop app on macOS is called "Locked Computer Use." As the name implies, this upgrade enables Codex to run Mac apps even while the machine is locked and the screen is off. While your device is locked, you may send tasks from your phone and observe how the AI agent interacts with the clipboard, types, navigates menus, and clicks through windows.
How "Locked Use" Actually Works
The security architecture of macOS is directly integrated with the functionality. You need to install the Computer Use plugin and specifically give Codex accessibility and screen recording permissions in order for it to work. Next, navigate to Codex → Settings → Computer Use to locate the locked use setting.
Codex will briefly unlock the computer in the background while protecting the screen when you send a task from your phone. You can quickly regain control by pressing any key or clicking the noticeable "Codex is Using Your Mac" overlay that appears on the screen. Additionally, if the system notices any local activity, like someone touching the keyboard or mouse, it instantly relocks the Mac.
The Security Implications
Unquestionably powerful, the functionality can replicate GUI-only issues, conduct flows in desktop apps, and modify app settings when command-line tools are inoperable. But it also brings up important issues with danger and digital autonomy.
The "Locked Use" feature essentially gets around macOS's built-in screen lock protection. Giving an AI agent the power to unlock your device from a remote order creates a sizable new attack surface, even though OpenAI stresses that the unlock window is brief and limited to the active Codex job.
An attacker could gain remote access to your desktop environment without requiring your password or physical presence if your OpenAI account or the Codex agent itself are successfully compromised. Additionally, the Computer Use plugin requires deep system permissions, which, if abused, might expose important workflows by enabling an agent to communicate with any app you have specifically permitted.
How to Protect Yourself
You must have a comprehensive, proactive security plan if you decide to use this functionality.
- Examine and Audit Your Agent: Turn on "Locked Use" only if you have a legitimate, continuous requirement. Examine the list of apps you have designated as "Always allow" on a regular basis.
- Harden Your OpenAI Account: This function creates a master key from your OpenAI login. Make sure your account has a strong, one-of-a-kind password and enforce multi-factor authentication (MFA).
- Apply the Principle of Least Privilege: Don't give the Computer Use plugin unrestricted access. Establish limits and restrict the agent's access to the particular apps it needs to do its assigned responsibilities.
- Retain Physical Vigilance: The risk persists even after the feature relocks upon local detection. Consider the possibility of a rapid lock failure if your Mac is in a shared physical area. If necessary, be ready to manually interrupt the agent.
How Bayon Technologies Group Can Help
Although features like "Locked Computer Use" can increase productivity, we at Bayon Technologies Group are aware that they also pose serious concerns. We support organizations:
- Perform Agent Security Assessments: We examine the data flows and access rights of AI agents that are integrated into your environment, as well as their security posture.
- Enforce Least-Privilege Access for AI: To stop a single compromised account from causing a system-wide breach, we impose stringent rules over what your AI agents can access and do.
- Create AI Governance Frameworks: To ensure compliance and security without impeding innovation, we develop policies and procedures for the safe usage of autonomous agents.
Convenience shouldn't be your next security vulnerability. To develop a safe, reliable AI strategy, get in touch with Bayon Technologies Group right now.
‹ Back
