AI Wire

OpenAI Codex Feature Blitz

OpenAI's Codex sprint continued at a pace that's hard to track in real time. Sam Altman announced that Codex crossed 4 million active users — less than two weeks after hitting 3 million — and reset rate limits to handle the load. The product received a cluster of simultaneous upgrades: an in-app browser with "comment mode" that captures screenshots and DOM elements for precise context, computer use that runs Mac apps in parallel without interrupting the user's own work, and workspace agents for shared long-running workflows across teams.

The most structurally significant addition is Chronicle, a research preview that builds persistent memory from day-to-day computer activity and surfaces it during future Codex sessions. Altman described it as having already changed how he and others at OpenAI work, though it carries a meaningful token cost. Taken together — memory, browser, computer use, multi-agent workflows — Codex is no longer positioned as a coding assistant with nice extras. It's being built as a full agentic operating environment. EU users are reportedly using VPN workarounds to access features that OpenAI has geo-restricted, a sign that regulatory friction is starting to create a two-tier rollout.

OpenAI Health & Biology Vertical

OpenAI made its clearest vertical bet yet on healthcare. GPT-Rosalind was introduced as a frontier reasoning model purpose-built for biology, drug discovery, and translational medicine — the name a deliberate nod to Rosalind Franklin. Separately, OpenAI launched ChatGPT for Clinicians, a free tier designed for clinical workflows, paired with HealthBench Professional, a new benchmark meant to evaluate model performance on real clinician tasks rather than generic medical QA.

The pairing of a specialized model (Rosalind) with a domain-specific evaluation framework (HealthBench Professional) is a meaningful signal. It suggests OpenAI is trying to establish credibility with institutional healthcare buyers who need auditable benchmarks, not just demo impressions. Whether clinicians adopt it in practice depends on workflow integration and liability concerns that a benchmark alone doesn't resolve, but the strategic intent is clear: healthcare is OpenAI's first serious vertical play beyond general productivity.

Active Supply Chain Attacks on PyPI & npm

Two simultaneous supply chain compromises hit the AI and JavaScript ecosystems hard. Andrej Karpathy flagged that LiteLLM's PyPI release 1.82.8 was found to contain a .pth file with base64-encoded instructions to exfiltrate SSH keys, AWS/GCP/Azure credentials, Kubernetes configs, git credentials, shell history, crypto wallets, SSL private keys, CI/CD secrets, and database passwords — then self-replicate. With 97 million downloads per month and deep transitive dependence (DSPy pulls it in, for instance), the blast radius is enormous. The attack vector is passive: a simple pip install litellm sufficed.

Separately, axios 1.14.1 — npm's most-depended-on HTTP client at 300 million weekly downloads — was found pulling in [email protected], a package that did not exist before the day of the attack. Socket AI confirmed it as an obfuscated dropper. Karpathy noted that his own system had a non-pinned axios dependency from a recent experiment; he was lucky to have resolved to an unaffected version. The practical lesson is harsh: unpinned dependencies in active projects are not a theoretical risk right now. Both ecosystems should be treated as compromised until the affected versions are definitively yanked and audited.

AI-Powered Personal Knowledge Bases

Karpathy has been putting a growing share of his token throughput into building structured knowledge bases rather than writing code — indexing source documents into a raw/ directory, then using LLMs to incrementally synthesize them into organized markdown. The pattern gained a concrete example from Farza, whose "Farzapedia" turned 2,500 diary entries, Apple Notes, and iMessage threads into 400 interlinked Wikipedia-style articles covering friends, startups, research areas, and personal interests. Critically, Farza built it for his agent to crawl, not for his own reading.

Karpathy explicitly compared this to the "status quo" of implicit LLM personalization and found it superior on three axes: the knowledge artifact is explicit and inspectable, the user controls what the AI knows, and the structure is natively crawlable by agents. He also noted a recurring failure mode in existing personalization systems — a single question from months ago can anchor the model's impression of your interests indefinitely. Explicit wikis sidestep that by making the knowledge base a first-class artifact you can edit, rather than a black-box learned prior.

AI Capability Perception Gap

Multiple threads converged on a diagnosis Karpathy put plainly: the degree to which someone is awed by AI correlates almost perfectly with how much they use it to code. The gap is partly a recency problem — people whose mental model was formed on free-tier ChatGPT from early 2025 are reasoning about a model that no longer exists. It's also a use-case problem: general conversation and Q&A undersell what current models do at the agentic frontier.

Someone in Karpathy's replies suggested the "OpenClaw moment" was significant precisely because it was the first time a large non-technical audience encountered agentic models rather than chatbots. The implication is that the perception gap isn't closing through argument; it closes through direct exposure to what the tools actually do in agentic contexts. That's a slower process than the capability curve, which creates a window where public discourse about AI risk and utility is systematically anchored to outdated baselines.

The Bottom Line