OpenAI is radically changing the game, turning AI from a passive chatbot into an invisible observer of your desktop. As reported by The Decoder, the new Chronicle feature for the Codex app on macOS records the user's screen in the background, forming a dynamic archive of context. Instead of explaining the essence of a project for the hundredth time, you simply work, and OpenAI agents transform the video stream into local Markdown summaries. According to the developers, this should free the user from "manual" data entry.
However, you will have to pay for seamless integration with security. OpenAI admits: accumulated "memories" are stored on the device in unencrypted form. This creates a gap in data protection accessible to anyone who gains physical or remote access to the system. Even more exotic is the risk of prompt injection through visual content. As OpenAI warns, malicious commands can be embedded directly into the layout of websites you visit. It is enough to open a page with hidden text, and the agent will "read" it from the screen as a direct guide to action, allowing attackers to intercept control over the AI's behavior.
From an operational standpoint, Chronicle is a power-hungry and capricious tool. According to OpenAI, the feature quickly burns through rate limits, so active users risk encountering access blocking much faster than with normal text communication. In addition, the system requires extended macOS permissions for screen recording and accessibility. It's no wonder that because of this risk profile, OpenAI is currently bypassing the EU, UK, and Switzerland, limiting preview access only to ChatGPT Pro subscribers in less regulated jurisdictions.
For business, this means a transition to the "AI as an operating system layer" model. On the one hand, we get a workflow without unnecessary words, where the neural network understands the context at a glance. On the other hand, company CTOs must realize: Chronicle in its current form is an unencrypted archive of corporate activity, vulnerable to new types of attacks. In our view, as long as the security architecture does not provide for local encryption, using Chronicle in the corporate perimeter looks like an unjustified risk for intellectual property.