OpenAI Engineers Build Custom Windows Sandbox for Codex After Existing Security Tools Fall Short

OpenAI engineers are building a custom Windows sandbox for their Codex coding agent after discovering that existing Windows security tools like AppContainer and Windows Sandbox fail to meet the strict isolation and flexibility demands of open-ended developer workflows, leading to a new elevated solution using dedicated local users, Windows Firewall rules, and custom binaries to enforce robust process isolation.

• OpenAI engineers are building a custom Windows sandbox for Codex, their coding agent, after finding that existing Windows tools like AppContainer, Windows Sandbox, and Mandatory Integrity Control labeling fall short of meeting the security and flexibility requirements needed for open-ended developer workflows.
• The initial 'unelevated sandbox' prototype uses Windows SIDs and write-restricted tokens to control file system access without requiring admin privileges, but network suppression proves too weak and easily bypassed, prompting a redesign.
• The current 'elevated sandbox' solution introduces dedicated local Windows users, Windows Firewall rules for strong network blocking, and two new binaries — codex-windows-sandbox-setup.exe and codex-command-runner.exe — to safely spawn restricted processes and enforce isolation without disrupting real developer workflows.