OpenAI expands Codex to ChatGPT mobile

OpenAI on May 14 expanded Codex to the ChatGPT mobile app in preview on iOS and Android, extending its coding assistant to users across all plans, including Free and Go, in supported regions. The company said the mobile version lets users connect to machines where Codex is already running and review active threads, approvals, plugins and project context from a phone. (openai.com) The rollout came as OpenAI also faced a new privacy lawsuit in California over alleged tracking on ChatGPT.com and disclosed the fallout from a separate software supply-chain attack that affected two employee devices. OpenAI has also been promoting Daybreak, a cybersecurity offering that combines its models with Codex-based defensive workflows. (openai.com) ### What does Codex on a phone actually let people do? Codex in the ChatGPT mobile app loads the live state from the machine where the coding agent is operating, OpenAI said in its May 14 product post. The company said users can work across threads, review outputs, approve commands, change models and start new tasks from a phone while files, credentials, permissions and local setup remain on the connected machine. OpenAI said updates flow back to the phone in real time, including screenshots, terminal output, diffs, test results and approvals. The company said users need to update the ChatGPT mobile app and the Codex app on macOS to try the preview. (openai.com) ### How big is Codex inside OpenAI’s product lineup? OpenAI said in the same announcement that more than 4 million people now use Codex every week. The company framed the mobile rollout as part of a broader shift toward longer-running agent work, where users may need to check progress, answer questions or approve next steps away from a desktop machine. (openai.com) A September 2025 OpenAI post described Codex as software that can write features, answer questions about codebases, fix bugs and propose pull requests for review, with each task running in its own cloud sandbox. That earlier description helps place the mobile release as an extension of an existing coding workflow rather than a separate app category. (openai.com) ### What is the California lawsuit alleging about ChatGPT tracking? A class-action complaint filed in the Southern District of California alleges OpenAI embedded Meta’s Facebook Pixel and Google Analytics in ChatGPT’s web interface, according to reporting published May 14 by Cyber Security News and May 15 by other outlets. (openai.com) The suit was filed by California resident Amargo Couture on behalf of U.S. users who entered queries into ChatGPT.com, the report said. The complaint alleges OpenAI disclosed chat topics, identifiers and contact details to Meta and Google without consent, in violation of the Electronic Communications Privacy Act, California’s Invasion of Privacy Act and state privacy protections, according to the report. (openai.com) OpenAI had not publicly posted a response to that specific lawsuit on its newsroom pages reviewed Friday. ### What happened in the separate code-security incident? OpenAI said on May 13 that two employee devices in its corporate environment were affected by the TanStack npm supply-chain attack known as “Mini Shai-Hulud.” The company said it found no evidence that user data was accessed, that production systems or intellectual property were compromised, or that its software was altered. (cybersecuritynews.com) TechCrunch reported on May 14 that OpenAI also found unauthorized access and theft of credentials in a limited subset of internal source-code repositories available to the two affected employees. (cybersecuritynews.com) OpenAI said the stolen material was limited and said it was rotating digital certificates tied to macOS app signing as a precaution. ### Where does Daybreak fit into this? Daybreak is presented by OpenAI as a cybersecurity program built around earlier risk detection, patching and resilient software design. The company said the offering combines OpenAI models, Codex as an agentic harness and external partners to support secure code review, threat modeling, patch validation, dependency risk analysis, detection and remediation guidance. (openai.com) OpenAI said on the Daybreak page that it is working with industry and government partners in the coming weeks as it prepares to deploy more cyber-capable models through an iterative approach. A separate OpenAI post on May 7 said its Trusted Access for Cyber program is designed to give vetted defenders broader use of GPT-5.5 cyber capabilities while maintaining safeguards against misuse. (techcrunch.com) June 12, 2026 is the next concrete date in the story. OpenAI said macOS users must update their apps by then as the company rotates security certificates in response to the TanStack attack, while Codex mobile remains in preview across supported regions and plans. (openai.com 1) (openai.com 2)