The digital security landscape is experiencing a week of stark contrasts. On one hand OpenAI has pushed the boundaries of automation by allowing its Codex assistant to operate on a locked Mac with the screen off, a remarkable leap for remote productivity. On the other hand the hacker group TeamPCP has triggered one of the largest open source code poisoning campaigns ever seen, targeting repositories on GitHub and undermining the trust at the foundation of modern software development. Two sides of the same technological coin, where artificial intelligence and security intertwine in increasingly dangerous ways.
OpenAI Codex: Remote Access to a Locked Mac
OpenAI's latest update has shaken developers' habits. The Computer Use plugin for Codex now allows users to send commands from a smartphone and watch the agent perform operations on Mac applications even when the computer is locked and the screen is off. An overlay message warns that Codex is using the Mac, but otherwise the user can delegate complex tasks such as reproducing GUI bugs, changing system settings, or running workflows in desktop apps unreachable from the command line. The feature requires screen recording and accessibility permissions, and Codex asks for authorization before operating on each new app. For the bold there is an 'Always allow' option, but OpenAI has excluded Terminal apps, Codex itself, and system-level admin prompts. Initial rollout is limited to the United States and select countries, with the European Union, the United Kingdom and Switzerland excluded for regulatory reasons. This step marks another chapter in the spread of ubiquitous AI, a theme we explored in the article AI Everywhere: From HMD to ChatGPT and Anker.
TeamPCP: Mass Poisoning of Open Source Code
In parallel, the group known as TeamPCP has conducted an unprecedented series of software supply chain attacks. According to a report from Ars Technica, the hackers injected malicious code into hundreds of repositories on GitHub, exploiting vulnerabilities in continuous integration systems and compromised developer accounts. The contaminated libraries include widely used Python, JavaScript and Rust packages, and the potential damage is enormous because open source code underpins the vast majority of modern applications. The technique used is sophisticated: the malware activates only in production environments, evading security checks during development. TeamPCP appears to aim at creating persistent backdoors for future ransomware attacks or data theft. The episode highlights the need for stricter verification tools, precisely as AI like Codex gains ever deeper access to operating systems.
The Dangerous Link Between Automation and Trust
The combination of these two stories raises urgent questions. If an AI agent can control our computer in our absence, and meanwhile the code we run every day is being poisoned by criminals, the attack surface expands exponentially. Developers using Codex to automate testing on open source code could inadvertently execute compromised libraries, while the locked computer becomes a silent infection vector. OpenAI has stated that Codex cannot automate Terminal apps or system prompts precisely to limit risks, but the ultimate responsibility falls on users, who must verify the trustworthiness of every dependency. Meanwhile, the debate on AI regulation continues to face delays, as shown by the recent decision of the Trump administration to postpone the executive order on AI oversight under pressure from big tech. A regulatory vacuum that leaves room for both innovation and danger.
For further reading on supply chain attack dynamics, visit the Wikipedia page on supply chain attacks. The 2026 digital ecosystem demands a new balance between computational power, automation and security. Codex and TeamPCP, in different ways, remind us that trust cannot be taken for granted.
Sponsored Protocol
