惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
CXSECURITY Database RSS Feed - CXSecurity.com
P
Proofpoint News Feed
Attack and Defense Labs
Attack and Defense Labs
Security Archives - TechRepublic
Security Archives - TechRepublic
Engineering at Meta
Engineering at Meta
WordPress大学
WordPress大学
H
Hackread – Cybersecurity News, Data Breaches, AI and More
MyScale Blog
MyScale Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
F
Full Disclosure
云风的 BLOG
云风的 BLOG
爱范儿
爱范儿
V2EX - 技术
V2EX - 技术
B
Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
M
MIT News - Artificial intelligence
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
W
WeLiveSecurity
Stack Overflow Blog
Stack Overflow Blog
TaoSecurity Blog
TaoSecurity Blog
T
Threatpost
小众软件
小众软件
T
The Blog of Author Tim Ferriss
Google Online Security Blog
Google Online Security Blog
MongoDB | Blog
MongoDB | Blog
T
Tenable Blog
P
Privacy International News Feed
S
Security @ Cisco Blogs
H
Heimdal Security Blog
大猫的无限游戏
大猫的无限游戏
B
Blog RSS Feed
H
Help Net Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
C
Cisco Blogs
酷 壳 – CoolShell
酷 壳 – CoolShell
P
Proofpoint News Feed
D
Darknet – Hacking Tools, Hacker News & Cyber Security
有赞技术团队
有赞技术团队
Application and Cybersecurity Blog
Application and Cybersecurity Blog
O
OpenAI News
Security Latest
Security Latest
S
Securelist
Cyberwarzone
Cyberwarzone
D
Docker
S
Schneier on Security
V
Vulnerabilities – Threatpost
The GitHub Blog
The GitHub Blog
P
Privacy & Cybersecurity Law Blog
T
Tailwind CSS Blog
Apple Machine Learning Research
Apple Machine Learning Research

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
OpenAI enhances Codex with secure self-hosted sandboxes via Ona acquisition
Dave Kurian · 2026-06-14 · via DEV Community

OpenAI’s acquisition of Ona is a decisive step toward making Codex a true enterprise-grade platform—with secure, self-hosted sandboxes at its core. By giving enterprises direct control over where and how autonomous AI agents run, OpenAI closes a critical trust gap. For teams under real compliance and risk constraints, Ona’s persistent, customer-controlled environments finally enable secure, continuous agent-driven workflows across platforms and devices. Every AI enterprise story touts scale and speed; this one is about control, audit, and operational safety—the unsolved blockers for deploying AI agents in production.

What is the OpenAI Ona acquisition and why it matters

OpenAI acquired Ona—a 79-person cloud development environment provider—for an estimated $450 million to integrate its sandbox technology directly into Codex. This isn’t a team hire or an incremental roadmap shuffle. Ona (formerly Gitpod) is built around making disposable, secure, and persistent cloud environments. By acquiring Ona, OpenAI is not just buying infrastructure; it’s buying a platform designed for enterprise control.

Enterprises balk at letting fully autonomous agents operate in hosted black boxes or fleeting cloud sessions. CIOs and CISOs need proof that execution environments can be locked down, logged, and managed according to their policies. The Ona acquisition directly addresses this: it gives enterprise users the “building blocks agents need for enterprise work”—as Ona CEO Johannes Landgraf puts it—specifically, “trusted, customer-controlled cloud environments where work continues across devices, inside the systems where software actually lives.” Large customers are already on board: Ona agent sessions now run at marquee names including the oldest US bank and major European pharma firms.

Pairing Codex’s agent intelligence with Ona’s trusted execution platform means enterprises will no longer need to choose between AI automation and operational safety. This move enables deployments that were previously blocked by risk and compliance teams.

How do self-hosted sandboxes enhance Codex for enterprise AI agents?

Ona’s self-hosted sandboxes give Codex agents a secure, persistent, enterprise-controlled space to run—even as workloads jump between devices, sessions, and clouds. This is a structural shift—one that OpenAI itself could not have built quickly in-house. As Landgraf put it, "Ona brings the building blocks agents need for enterprise work: trusted, customer-controlled cloud environments where work continues across devices, inside the systems where software actually lives.”

Every detail points at risk reduction without giving up flexibility:

  • Isolation: Each agent gets its own environment, fully separated from the rest of the customer’s infrastructure.
  • Persistence: Environments don’t vanish when the laptop sleeps or the browser closes; work picks up where it left off.
  • Control: Enterprises decide what code, data, and secrets live inside. Only systems administrators grant access.
  • Auditing: All actions within the sandbox are visible, with logs for compliance and incident investigation.
  • Integration: The sandboxes can be layered inside existing stacks, so agents work inside “the systems where software actually lives.”

Concrete example: an enterprise can grant their Codex agent a pre-configured sandbox with only the data and permissions needed for a given E2E test, not production root keys. If the agent tries to exceed its boundaries, controls stop it cold—no more “AI deleted half our cloud resources by mistake.” This reduces the blast radius of agent-driven automation, making new workflows safe to try in production for the first time.

[[CONCEPT: autonomous agents operating inside trusted, customer-controlled sandboxes instead of public black boxes]]

What operational risks do autonomous AI agents pose without sandboxes?

Without strong sandboxing, autonomous AI agents are a golden ticket to operational risk: uncontrolled code execution, privileged access gone wrong, and zero visibility into what happened when—until it’s too late.

Every CIO’s nightmare comes into play:

  • Data loss: Agents can—and have—erased vital files or data stores when run with broad permissions and no policy boundaries.
  • Unpredictable costs: An agent stuck in a loop can rack up huge token bills or spin up runaway compute jobs in minutes.
  • Malicious manipulations: If an agent’s environment is compromised—by prompt injection or external attackers—it can become an entry point for broader system breaches.
  • Audit gaps: When agents run in generic hosted clouds, there’s often no credible way to audit, restrict, or roll back actions.

Anecdotes multiply: a single agent left unsupervised with access to cloud admin credentials or unrestricted APIs has generated massive bills or impacted critical infrastructure. The risks aren’t theoretical—major financial, pharmaceutical, and government users have demanded auditable, customer-owned sandboxes before deploying Codex agents beyond pilot projects.

Sandboxes are the missing kill switch. They ensure that one agent’s bad decision or one compromised key is contained, not a prelude to an enterprise-wide incident.

How OpenAI’s Codex uses Ona’s technology to secure AI agent deployment

With Ona’s platform on board, Codex can now run agents in persistent, enterprise-controlled environments—breaking free from the constraints of single-device, single-session architectures. Previously, Codex could only execute agent workloads while a session or device was active; everything else was ephemeral or brokered through managed clouds. That approach does not work for production workflows spanning teams, approvals, or days without pause.

Ona’s sandboxes add two missing capabilities:

  1. Persistent, resumable environments so agents can maintain context, artifacts, and credentials across days or weeks.
  2. Customer-side execution, meaning the agent’s workspace is hosted wherever the enterprise wants—inside a private cloud, a regulated region, or a partitioned VPC.

Since the start of the year, Ona’s agent sessions have grown 13× in production deployments, with sessions running at institutions including the oldest US bank and a top European pharma company. OpenAI labels this as expanding Codex “beyond a single device or active session”—in other words, real operational workloads, not just demos.

Gartner frames the move as “giving Codex essential scaling capabilities” and directly answering Anthropic’s promise of self-hosted sandboxes by May 2026. The real outcome: Codex agents can now operate as long-running, auditable workers in the places where enterprise software actually runs.

[[DIAGRAM: OpenAI Codex agents running in persistent, enterprise-controlled Ona sandboxes, spanning devices and clouds]]

How can enterprises start using Codex with Ona’s sandboxes today?

Enterprises ready to adopt agent-driven automation with Codex plus Ona’s sandboxes should follow a three-step sequence:

1. Enable enterprise-grade Codex access.

Provision Codex for your organization through the OpenAI enterprise portal—validate licensing, service levels, and agent support. Ensure your project or workspace is approved for Codex agent integrations, with API keys or SSO as needed.

2. Deploy Ona sandbox infrastructure.

Work with OpenAI (and Ona team) to provision sandbox environments in the deployment location that meets your regulatory and operational requirements. Most enterprises will spin up sandboxes inside a private cloud, VPC, or tightly scoped public cloud project—connected to existing authentication and secrets management systems. Ensure each agent gets a unique, audited workspace:

# Example: Create a new Ona sandbox for a Codex agent test run
ona create-sandbox --project my-enterprise --env openai-codex

3. Enforce policy, control, and logs.

Define policies: restrict outbound internet, bind secrets to roles, enable audit logging, and set resource quotas. Codex agents inherit permissions only from what’s explicitly granted in the sandbox. Use Ona’s environment controls to shut down or snapshot workspaces as workflows complete. Example safeguard:

# ona-sandbox-policy.yaml
outbound_network: false
secrets:
  - name: DB_ACCESS_TOKEN
    access: read-only
logs: enabled
session_timeout: 1h

Best practices:

  • Never grant agents production credentials in development sandboxes.
  • Review agent audit logs regularly.
  • Rotate sandboxes and secrets as part of your CI/CD process.
  • Validate agent code before each deployment phase.

Teams that follow this baseline can safely deploy autonomous AI agents at scale—without ceding control or ignoring audit requirements.

What future impact could this acquisition have on enterprise AI?

Ona’s technology fundamentally changes what’s possible for AI agent deployment in enterprises: persistent, customer-controlled sandboxes make real autonomy—finally—deployable within even the most risk-averse organizations.

Expect several direct outcomes:

  • Enterprise adoption accelerates: More financial, pharma, and government workloads move to Codex-powered agents as sandboxing removes the last big compliance and ops blockers.
  • Security and auditing bar rises: As OpenAI/Codex delivers stronger sandbox and audit tools, compliance and regulatory arguments start to tip in favor of AI adoption—especially as competitors like Anthropic ship managed sandboxes of their own.
  • Broader industry shift: The control afforded by Ona’s sandboxes will pressure every major LLM/agent vendor to offer similar persistent, enterprise-owned execution. This sets a new default: if you want to win regulated customers, you need on-prem or tightly controlled cloud agent environments, not just hosted SaaS.

Down the line, expect regulation, audit, and even insurance requirements to draw a sharp dividing line: only sandboxes that can prove customer control, audit visibility, and kill-switch isolation will clear the bar for production agent deployment.

The upshot: OpenAI's Ona acquisition is the enterprise AI trust milestone

OpenAI’s acquisition of Ona delivers what enterprise AI needs but most vendors still lack: persistent, secure, self-hosted sandbox environments for autonomous agents. For developers and CIOs blocked by compliance and risk, Codex plus Ona finally enables enterprise-grade agent workflows—with the guardrails, logging, and customer control required to pass every audit. The real signal: this is an acceleration point, not a science project. Secure, agent-driven automation can now actually leave the prototype phase and land in production. The best part? You no longer have to choose between AI power and operational safety. Deploy both—today.