What happened
OpenAI’s Codex for Mac now includes Chronicle, a research preview feature that periodically captures user screenshots, sends them to OpenAI’s servers for processing, and stores text summaries locally as unencrypted Markdown files. This provides the AI assistant passive context about user activity. The feature requires a $100+/month Pro subscription and Apple Silicon, but is unavailable in the EU, UK, and Switzerland, indicating a recognition of incompatibility with regional data protection regulations.
Why it matters
Sending continuous screen captures to external servers for processing introduces significant data exfiltration and prompt injection risks for security architects and compliance teams. Unlike Microsoft Recall, which processes screenshots locally on-device, Chronicle's cloud-based approach and local storage of unencrypted summaries create new attack surfaces. Procurement teams must account for increased rate limit consumption, impacting operational costs. This design choice prioritises utility over the local-first privacy architecture adopted by competitors, shifting the burden of managing sensitive data exposure to the user.
