SECURITYWEEK reports that researchers found a critical vulnerability in OpenAI Codex that could have allowed GitHub token compromise. The flaw arose from improper input sanitisation of GitHub branch names during task execution, enabling an attacker to inject commands and access tokens tied to repositories, workflows, and private code. BeyondTrust’s Phantom Labs demonstrated automation capable of stealing and abusing tokens at scale, although the token in question was short‑lived and quickly expired.
OpenAI rapidly fixed all reported issues after BeyondTrust disclosed the findings in late December 2025, and the vulnerability will no longer work against Codex, according to BeyondTrust. The piece also notes the broader risk posed by OAuth tokens in AI contexts, highlighting how tokens provide access across multiple organisations and workloads when used in shared environments.
The article situates this incident within ongoing concerns about the security of AI agents that operate with credentials and autonomous execution capabilities, underscoring the need for governance of AI agent identities to prevent token theft and automated exploitation at scale.