This was one of the busiest weeks OpenAI has shipped all year. GPT-5.5 arrived as the new frontier model in ChatGPT and Codex. Workspace agents turned GPTs into cloud-run, scheduled, shareable team assistants. The Agents SDK got a native harness and multi-provider sandbox execution. Codex CLI gained hooks, a plugin marketplace, and a /review command. Codex itself crossed 4 million weekly developers and picked up partnerships with seven of the largest global systems integrators.

There is a lot here, and it lands on two different desks. This briefing is split in two: Part 1 is for leaders making buy, build, and governance decisions. Part 2 is for builders wiring Codex, the Agents SDK, and MCP into real systems. Skip to whichever matters to you.

Part 1 — For Leaders

GPT-5.5: The New Frontier Model

OpenAI released GPT-5.5 on April 23, calling it their “smartest and most intuitive to use model yet.” It is rolling out to Plus, Pro, Business, and Enterprise users in ChatGPT and Codex. GPT-5.5 Pro — the high-compute variant — is reserved for Pro, Business, and Enterprise. The API release is described as “very soon,” with pricing already listed at $5.00 / $0.50 / $30.00 per million input / cached / output tokens.

The headline benchmarks:

  • Terminal-Bench 2.0: 82.7% (vs. 75.1% for GPT-5.4)
  • Expert-SWE: 73.1%
  • OSWorld-Verified: 78.7%
  • FrontierMath Tier 1–3: 51.7%

It also matches GPT-5.4 per-token latency while using meaningfully fewer tokens. ChatGPT now exposes three modes — Auto, Fast, and Thinking — so users control the speed-vs-reasoning tradeoff. OpenAI simultaneously published the GPT-5.5 System Card and launched a Bio Bug Bounty for security research on biological misuse risks.

For planners: the “very soon” API date matters. If your agentic pipelines are priced against GPT-5.4 today, GPT-5.5’s token economics will change your cost model — the per-token rate doubles, but the lower token consumption and better task completion can offset that. Model it before you commit quarterly budgets.

Workspace Agents: GPTs Grow Up

OpenAI introduced workspace agents on April 22 — an evolution of GPTs powered by Codex. These are shareable, cloud-run agents that keep working while their owner is offline.

What makes them enterprise-ready:

  • Multi-step workflows like report generation, code edits, Slack responses, and CRM updates
  • Scheduled execution, plus Slack deployment as a first-class surface
  • Approval gates for sensitive actions (sending email, editing spreadsheets)
  • Role-based admin controls for tools, data sources, and agent permissions in Enterprise/Edu
  • A Compliance API providing visibility into every agent’s configuration, updates, and runs
  • Built-in safeguards against prompt injection attacks

Availability: research preview for ChatGPT Business, Enterprise, Edu, and Teachers. Free until May 6, 2026, then credit-based pricing. Existing GPTs stay live, with migration tools coming. If your organization has a pile of GPTs to govern today, this is the path off that glass floor — and the free window is a good reason to pilot now rather than next quarter.

ChatGPT for Clinicians — A Real Vertical Play

OpenAI launched ChatGPT for Clinicians on April 22. It is free for verified U.S. physicians, NPs, PAs, and pharmacists, and bundles frontier model access with HIPAA compliance via BAA, trusted clinical search over peer-reviewed sources, deep research across medical journals, and CME credit from clinical questions. Reusable Skills cover workflows like referral letters and prior authorization.

Physician advisors tested 6,924 conversations, with 99.6% rated safe and accurate. OpenAI also published HealthBench Professional, an open benchmark for clinician chat tasks. This is the clearest sign yet that OpenAI is done being a horizontal-only product company — vertical builds with regulatory scaffolding are the playbook from here.

4M Weekly Developers, Codex Labs, and Seven GSI Partners

Codex crossed 4 million weekly active developers — a million added in just two weeks. Reference customers include Virgin Atlantic, Ramp, Notion, Cisco, and Rakuten, spanning test coverage, code review, feature development, large-repo reasoning, and incident response.

To scale enterprise adoption, OpenAI launched Codex Labs (hands-on workshops) and announced a partnership slate with Accenture, Capgemini, CGI, Cognizant, Infosys, PwC, and Tata Consultancy Services. Cognizant explicitly committed to embedding Codex across its entire Software Engineering Group. A new $100/month Pro tier offers 5× Plus usage (promoted to 10× through May 31), and eligible ChatGPT Business workspaces earn up to $500 in credits when team members adopt Codex.

Translation: the GSIs will be pitching Codex-led modernization programs into every Fortune 500 shop this half. If your consulting partner brings a “Codex transformation” deck to the next quarterly review, you will know why.

Codex Security + GPT-5.4-Cyber

Two pieces of the security story landed this week. Codex Security is now in research preview — an AI agent that analyzes project context to detect, validate, and patch vulnerabilities without pulling the developer out of flow. GPT-5.4-Cyber is a variant of GPT-5.4 with adjusted refusal boundaries for legitimate defensive cybersecurity work, including binary reverse engineering of compiled software without source. The program has contributed to fixing over 3,000 critical and high-severity vulnerabilities since launch.

For security leaders: this is the next place AppSec budget will fight agent budget. Plan the governance conversation before the tool shows up in a developer’s IDE.

Infrastructure and Corporate Moves

AMD-OpenAI partnership. A multi-year deal to deploy 6 gigawatts of AMD Instinct GPUs, starting with 1 gigawatt in 2026 — OpenAI’s first meaningful NVIDIA diversification. Announcement.

Restructuring. OpenAI completed its transition to a for-profit Public Benefit Corporation valued at $122 billion. The entire “OpenAI for Science” research team was dissolved in the process, and Research Lead Bill Peebles left. Safety language was removed from the mission statement, which has fueled the policy debate around Altman’s “New Deal for the AI era” paper.

Leadership. Greg Brockman returned temporarily to oversee a product and org revamp of the desktop app. Fidji Simo took medical leave. And OpenAI’s CFO reportedly flagged the 2026 IPO timeline as “aggressive” — a rift with Altman amid projected 2028 compute spend of $121 billion.

Sora shutdown. The Sora web and app versions close April 26, 2026; the API follows September 24. Consumer video experiments are out; enterprise tools and coding are in.

Competitive Landscape

The pressure on OpenAI is multi-directional. Anthropic disclosed $30B in annualized recurring revenue — surpassing OpenAI’s estimated $24B — while spending roughly 4× less on training. Claude Opus 4.7 launched with a 13% coding benchmark improvement and 76.80% on SWE-Bench. Anthropic also raised a $30B Series G at a $380B valuation, and Claude Code added agent teams plus a built-in watcher tool that directly competes with Codex’s multi-agent features.

Google released Gemma 4 under Apache 2.0 — frontier reasoning and agentic capability in open weights. xAI shipped Grok 4.3 with video comprehension and a 2M-token context window. DeepSeek V3.2 sits at roughly $0.27/million tokens, pressuring everyone’s API pricing from below. Mistral partnered with NVIDIA and shipped Mistral 3 and Small 4.

And a big one for MCP: a critical Anthropic MCP design vulnerability was disclosed — the STDIO transport interface enables arbitrary OS command execution across 7,000+ publicly accessible servers and SDKs with 150M+ total downloads. Anthropic has declined to modify the protocol, citing the behavior as expected. Since Codex’s 90+ plugin ecosystem also rides on MCP, this is an ecosystem-wide question, not an Anthropic-only one. More on the builder implications in Part 2.

Part 2 — For Builders

Agents SDK v0.14.0: Model-Native Harness and Native Sandboxes

The single most important release for anyone building agent systems is Agents SDK v0.14.0. It introduces a model-native harness — a standardized execution environment that orchestrates file ops, tool calls, commands, auth, audit logs, and human review — plus native sandbox execution for running that work safely in isolated compute.

Key capabilities:

  • Configurable memory. Developers control what persists across turns, what gets compressed vs. preserved verbatim, and how session boundaries are drawn. This replaces a lot of bespoke context-management code teams have been maintaining by hand.
  • Manifest abstraction for sandboxes. One portable workspace definition runs across Unix, Docker, E2B, Modal, Cloudflare, Daytona, Runloop, Vercel, and Blaxel. Storage mounts cover AWS S3, GCS, Azure Blob, and Cloudflare R2.
  • Snapshotting and rehydration. If a sandbox container fails or expires, the SDK restores the agent’s state in a fresh container from the last checkpoint. No more lost multi-hour runs because a provider recycled a pod.
  • Apply-patch tool. Diff-based file edits (create, update, delete) using unified diff format — dramatically cheaper than rewriting whole files on every multi-file refactor.

Availability: Python first, TypeScript later. Code-mode and subagents are planned for both languages in a future release. If you are maintaining home-grown orchestration around the Responses API today, this is the library to evaluate before you build more of that glue yourself.

Codex CLI v0.124.0: Hooks, Plugin Marketplace, and /review

Codex CLI v0.124.0 is the most substantive CLI release in months. Highlights:

  • Stabilized MCP integration. Model Context Protocol is now a first-class integration surface — over 110 million SDK downloads per month, outpacing React’s early adoption curve. OpenAI is describing Codex as “the single largest driver of MCP-based API consumption today.”
  • Hooks. Event-triggered automation pipelines configurable via config.toml and requirements.toml. The obvious pattern here is running linting, typechecking, or policy validation as a hook on the agent’s post-edit events.
  • Plugin marketplace. Remote plugin repos are now discoverable and installable directly from the terminal — 90+ plugins at launch, including Atlassian Rovo, CircleCI, CodeRabbit, GitLab Issues, and Microsoft Suite.
  • Deny-read glob policies. Fine-grained filesystem access control for sensitive directories. If you have credentials, customer data, or scratch paths you never want the agent to read, this is the right place to express that.
  • Worktree management. Automatic cleanup controls plus thread handoff between local and cloud contexts.
  • TUI quick reasoning controls. Alt+, lowers reasoning, Alt+. raises it, mid-session, without leaving the TUI. Model upgrades reset reasoning to the new model’s default.
  • /review command. Opens a dedicated review interface that reads selected diffs and reports prioritized findings without modifying the working tree — a clean way to pause mid-task, inspect output, and steer.

WebSocket Mode for the Responses API

OpenAI published a deep dive on WebSocket mode for the Responses API. The short version: persistent connections cache response state, token renders, and tool definitions in-memory, eliminating redundant per-request overhead that compounds across multi-turn agent loops.

Reported results:

  • Codex — majority of traffic now on WebSocket, up to 40% latency improvement end-to-end
  • Vercel AI SDK — up to 40% reduction
  • Cline — multi-file workflows 39% faster
  • Cursor — OpenAI models 30% faster
  • Models like GPT-5.3-Codex-Spark hitting 1,000+ TPS (bursts to 4,000)

If you are running multi-turn tool-calling loops in production, this is a free optimization that you almost certainly should adopt.

GPT Image 2 and Privacy Filter

GPT Image 2 landed on the API on April 21 as gpt-image-2 across Chat Completions, Responses, Realtime, Assistants, and Batch. Token-based pricing: $8.00 / $2.00 / $30.00 per million image input / cached / output tokens, with a 50% Batch discount. Rate limits scale from 100K TPM / 5 IPM at Tier 1 up to 8M TPM / 250 IPM at Tier 5. Docs.

Privacy Filter is an open-weight (Apache 2.0) PII detection model, released on Hugging Face and GitHub. A 1.5B parameter bidirectional token classifier (50M active), 128K context, detecting 8 categories: private_person, address, email, phone, URL, date, account_number, secret/API key. 97.43% F1 on the corrected PII-Masking-300k benchmark. It runs locally — a sensible preprocessing step for any logging, evaluation, or fine-tuning pipeline where you do not want raw PII leaving the device.

MCP Ecosystem: Momentum and a Serious Vulnerability

MCP is now effectively the default agent-tool integration standard — 110M+ monthly SDK downloads, 90+ plugins shipping in Codex alone, and new plugins from CircleCI and CodeRabbit this week embedding CI/CD and code-review directly into the agent loop.

The counterweight: a critical design vulnerability in Anthropic’s MCP SDK affects 7,000+ publicly accessible servers across Python, TypeScript, Java, and Rust (150M+ total downloads). The STDIO transport interface enables arbitrary OS command execution by design, and Anthropic has declined to modify the protocol. Since Codex’s plugin ecosystem rides on the same protocol, this is an ecosystem-wide security conversation — not a vendor-specific one. Audit which MCP servers you expose, and who can reach them, before the next quarterly security review makes you do it under pressure.

Known Issues and Operations Notes

A few builder-critical things to keep on your radar:

  • Service outages. Codex and ChatGPT saw incidents on April 20 (broad service disruption, voice mode failures) and April 23 (agent task start failures from the web). Reliability is actively trending alongside scale. OpenAI Status is worth a bookmark.
  • Git identity misattribution. Issue #18095 documents that Codex’s default git identity (codex@example.com) can silently misattribute commits to unrelated third-party GitHub users. Override user.email in your repo config — do not accept the default.
  • Reported CLI issues. Sustained high CPU (#18837), “Admin setup sandbox” startup failures (#19065), and MCP “always allow” permissions not persisting across Codex Desktop sessions (#18706).
  • Community tooling. codex-clean is a community TUI for visualizing and cleaning up ~/.codex/worktrees/ — worth installing if you run lots of parallel agent sessions.

Assistants API Deprecation — Four Months Out

The Assistants API shuts down August 26, 2026. The official replacement is the Responses API + Conversations API, but this is not a drop-in endpoint swap — code rewrites are required. If you have production workloads on Assistants, this week is a good time to audit usage, identify the sharp edges (thread semantics, file search, function-calling shape), and scope the migration effort. Deprecation changelog.

What to Watch

  • GPT-5.5 API release. “Very soon” — expect it inside the next two weeks; it will move pricing math for every OpenAI-based agent pipeline.
  • Workspace Agents free period ends May 6. Pilot and decide before credits start consuming budget.
  • Agents SDK TypeScript support. The Python-only gate will matter to JS/TS-heavy orgs; watch for the release cadence.
  • Codex computer use on Windows. macOS-only at launch; enterprise Windows shops need the Windows build before serious rollout.
  • MCP security response. Expect hardening guidance from OpenAI and the wider community as the STDIO conversation matures.
  • Assistants API migration (Aug 26). Four months to rewrite. Start now.

This was the week the “Codex as platform” thesis stopped being a pitch and started being a product surface — frontier model, sandboxed agents, team-scale workflows, GSI partnerships, and real vertical builds all landed inside seven days. The builders among you have the most new capability to absorb; the leaders have the most new governance surface to plan around.

If you’re weighing what any of this means for your enterprise AI strategy, Big Hat Group can help. Back next Friday with the next edition of Codex Weekly.