OpenAI’s Codex AI Agents Boost Legal Automation Amid Security Concerns

3 min readSources: Axios

OpenAI’s Codex AI agents now automate legal tasks for over 5 million weekly users, including lawyers.

Why it matters: Legal teams adopting Codex AI agents can increase efficiency in document workflows and intake, but must also manage new security risks to protect sensitive data and maintain compliance.

  • Codex reached over 5 million weekly active users by mid-2024, with legal and knowledge workers making up 20%.
  • Legal tech firms like Platus, Coheso, and JurisAgents use Codex to automate contract review, document signing, and legal intake.
  • OpenAI plans to acquire Ona to boost AI agent security and ensure task persistence.
  • Recent security incidents include a coordinated attack exploiting Codex-based tools and an npm package malware with 29,000 downloads.

OpenAI's Codex platform has expanded beyond coding assistance to serve more than 5 million weekly active users by mid-2024, a sixfold increase since its desktop release in early 2023. Knowledge workers, notably legal professionals, now comprise roughly 20% of users as the platform gains traction outside of software development (OpenAI Codex blog).

In the legal sector, companies such as Platus, Coheso, and JurisAgents deploy Codex-powered AI agents to automate routine legal processes. Platus, for example, uses AI to streamline document workflows, equivalent to saving a part-time employee's labor. Coheso automates entire intake-to-resolution cycles for in-house teams, while JurisAgents enhances practice management efficiency through adaptive AI functions (Platus; Coheso; JurisAgents).

Addressing security and reliability challenges inherent in autonomous AI agents, OpenAI announced plans to acquire Ona, a startup specializing in secure, persistent execution environments. This move aims to ensure AI tasks remain securely delegated and consistently executed.

But recent incidents illustrate risks. In 2023, a novice hacker exploited AI tools, including Codex, to compromise 14 organizations by launching coordinated malicious operations. Additionally, a malicious npm package associated with Codex capabilities, downloaded over 29,000 times, was found stealing authentication tokens—highlighting new supply chain vulnerabilities (Security News report).

For legal teams, Codex AI agents offer clear efficiency gains in contract review, intake, and document signing. However, integrating these tools demands heightened cybersecurity vigilance, thorough risk assessments, and adherence to compliance standards to protect sensitive legal and client data.

By the numbers:

  • 5 million — weekly active Codex users by mid-2024
  • 20% — proportion of knowledge workers, including legal pros, among Codex users
  • 29,000+ — npm package downloads involved in Codex-linked malware attack

Yes, but: While Codex enhances automation, legal teams must weigh efficiency gains against emerging cybersecurity risks and compliance challenges.

What's next: OpenAI’s planned acquisition of Ona is expected to close in late 2024, potentially improving AI agent security frameworks used in legal workflows.