OpenAI tightens agent governance

OpenAI is adding tighter controls to the software companies use to build autonomous assistants, while widening access to its coding agent and narrowing access to its cyber model. (openai.com) On April 15, OpenAI said its Agents Software Development Kit now includes a “model-native harness” for multi-step work across files and tools, plus native sandbox execution for running code in isolation. The company said the kit is aimed at secure, long-running agents used in enterprise settings. (openai.com) OpenAI’s developer docs describe the Agents Software Development Kit as infrastructure for applications that can call tools, hand work to specialized agents, stream partial results, and keep a trace of what happened. The new release adds approvals, handoffs, tracing, and resume bookkeeping that OpenAI said mirror behavior used in Codex-style agents. (developers.openai.com) (community.openai.com) A sandbox is a sealed workspace for code, like a locked test room for a robot before it touches a live system. OpenAI said developers can separate the model layer from the sandbox layer to improve isolation, durability, and security. (openai.com) (community.openai.com) The product changes land as OpenAI pushes agents from demos into paid workplace tools. OpenAI’s help center says Codex, its coding agent, is included with ChatGPT Plus, Pro, Business, and Enterprise or Edu plans. (help.openai.com) OpenAI’s Business release notes say teams on flexible pricing can buy credits to raise task limits, and a separate promotion launched April 2 offers eligible Business workspaces up to $500 in credits for adding and activating new Codex seats. That ties the company’s agent push to seat sales and usage-based billing inside ChatGPT workspaces. (help.openai.com 1) (help.openai.com 2) At the same time, OpenAI is moving the most sensitive agent capabilities in the opposite direction. On April 14, the company said it was expanding Trusted Access for Cyber to thousands of verified individual defenders and hundreds of teams, while limiting GPT-5.4-Cyber to vetted defensive use cases. (openai.com) OpenAI said GPT-5.4-Cyber is a variant of GPT-5.4 fine-tuned to be “cyber-permissive” for defense work, and that applicants must go through identity and trust checks. Reuters reported the launch followed Anthropic’s announcement of its own restricted cybersecurity system, underscoring how frontier model makers are now competing on access controls as much as raw capability. (openai.com) (msn.com) This gated approach did not start this week. In February, OpenAI introduced Trusted Access for Cyber as a pilot and said it was committing $10 million in application programming interface credits to cyber defense, after updating its earlier cybersecurity grant program. (openai.com 1) (openai.com 2) CyberScoop reported that the expansion puts OpenAI in more direct competition with Anthropic and raises questions about who gets access to the strongest security-focused models. OpenAI’s answer, at least this week, is broader access for ordinary coding help and tighter governance for agents that can act, execute code, or probe software at scale. (cyberscoop.com)