AI Agent Opacity Is Becoming a Real Fight
OpenAI quietly started encrypting sub-agent prompts inside Codex CLI. The HN thread (48905028) is a mess of confusion, with commenters initially praising the move, then realizing the title was misleading and reversing course. The actual complaint: encrypting prompts means users cannot inspect what instructions their agents are actually running on. One commenter asked the obvious question, 'Then why keep Codex open source?' If the prompts are hidden, the open-source label is doing less work than it appears.
In the same session, a separate thread (48905091) showed Codex being used to scrape the ICM website, where it discovered the 2026 Fields Medal winners were simply hidden behind an HTML 'hidden' tag, not actually secured. An AI agent found information that humans did not mean to expose. These two threads are mirror images: in one, the AI operator hides things from users; in the other, an AI agent reveals things the operator meant to hide.
The pattern is that the tooling layer is becoming a trust battleground. When agents run sub-agents, and those sub-agents have encrypted instructions, the user is operating on faith. The coding agents thread (48905764) adds another layer: analysis suggesting that coding agents 'think ahead of time' by predicting future tokens, meaning the model's internal reasoning is increasingly opaque even before you add deliberate encryption.
So what?
If you are building on top of AI agent frameworks, prompt transparency is no longer an academic concern. Your users will eventually ask what your agent is actually doing, and 'trust us' will not hold. Build audit trails and make prompt inspection a first-class feature before regulators or angry users force your hand.