OpenAI Chronicle captures Mac screens for AI context, sparking privacy and security concerns

OpenAI now lets you screenshot your privacy in the foot

Those who cannot remember Microsoft Recall are condemned to repeat it. Today, that applies to OpenAI, which has quietly introduced an opt-in research preview called Chronicle. It's designed to capture the user's screen and feed those images to OpenAI's Codex agent so it has access to more contextual information. "Chronicle augments Codex memories with context from your screen," the company explains in its documentation. "When you prompt Codex, those memories can help it understand what you've been working on with less need for you to restate context." For those who have forgotten or may have missed the outcry, Microsoft in 2024 introduced a Windows feature called Recall that takes screenshots of the user's desktop environment every few seconds and saves the results to disk. The idea is that providing Copilot services with more contextual information makes them more useful. The cybersecurity community promptly piled on, describing Recall as a keylogger, a privacy nightmare, and litigation bait. After a few months of public bludgeoning, Microsoft made some revisions to appease critics. Nonetheless, browser maker Brave went on to offer Recall screenshot blocking, which looks like a worthwhile endeavor given our own tests that found Recall saving images of credit card numbers and passwords despite supposed sensitive information filters. OpenAI perhaps forgot about Microsoft's reputational flogging, or maybe it believes the needs of the model outweigh the needs of the few who bother with security and privacy. Another possibility is that the AI biz has embraced masochism as a public relations strategy. No sooner had OpenAI's Chronicle documentation appeared this week than security researcher Michael Taggart took note of the resemblance, writing, "Oh my god, OpenAI reinvented Recall, but for macOS." On the plus side, Chronicle is self-inflicted - it's opt-in - and available only in the Codex app for macOS. The strikes against it are more extensive. OpenAI's documentation explains some of these problems: "Before enabling, be aware that Chronicle uses rate limits quickly, increases risk of prompt injection, and stores memories unencrypted on your device." So it burns through Codex rate limits faster, increases the user's exposure to prompt injection through screen captures that may contain malicious instructions, and sends selected screenshot data to OpenAI's servers to generate local memories from OCR and other extracted context. That's not the most compelling sales pitch. At least the local image storage is brief - OpenAI says its screenshots are only stored for six hours. But the data derived from those images via OCR text extraction may persist beyond that time in "memories" - text-based Markdown files that make information available in later sessions. OpenAI's description of the memory generation process omits some details. The company says screen captures are temporarily stored on-device, then processed on its servers to generate "memories," which in turn get stored on-device. The screen captures transmitted to OpenAI are not used for training or stored - unless required by law - the documentation claims. However, it's not clear whether the memories - the OCR-derived text - are stored on company servers, or could be stored given a lawful demand to do so. The Register asked OpenAI to clarify, and will update this story if we hear back. In any event, while screen captures are short-lived, the text stored in memories () remains until deleted. It's worth noting that anyone using Chronicle may end up re-sharing captured content with OpenAI through prompts to Codex that use those stored memories. OpenAI does acknowledge that Chronicle poses some risk: "Both directories for your screen captures and memories might contain sensitive information. Make sure you do not share content with others, and be aware that other programs on your computer can also access these files." You've been warned: The footgun shoots you in the foot. ®

OpenAI Codex Chronicle captures your Mac screen to build AI context, with cloud processing and no encryption

Summary: OpenAI's Codex for Mac has added Chronicle, a research preview feature that periodically captures screenshots, sends them to OpenAI's servers for processing, and stores text summaries as local unencrypted Markdown files to give the AI assistant passive context about user activity. The feature is unavailable in the EU, UK, and Switzerland, requires a $100+/month Pro subscription and Apple Silicon, and represents OpenAI's first implementation of ambient screen-aware AI on desktop, choosing cloud processing and utility over the local-first privacy architecture adopted by competitors like Screenpipe and the now-defunct Rewind AI. OpenAI's Codex desktop app for Mac has gained a feature called Chronicle that periodically captures your screen, processes the content into text summaries, and stores those summaries as local memory files that give the AI assistant context about what you have been working on. The feature, released as a research preview, means Codex can now understand your recent activity without you having to explain it. It also means OpenAI is sending screenshots of your desktop to its servers for processing, a design choice that puts Chronicle in direct tension with the privacy-first direction that much of the industry has been moving toward. Chronicle is part of a broader update that transformed Codex from a coding assistant into a general-purpose AI workspace. The 16 April release, titled "Codex for (almost) everything," added computer use capabilities that allow Codex to operate Mac apps with its own cursor, an in-app browser, image generation, persistent memory, and more than 90 plugins. Over one million developers have used Codex, and usage doubled following the launch of the GPT-5.2-Codex model in December. Chronicle runs background agents that periodically capture screenshots of your display. Those screenshots are sent to OpenAI's servers, where they are processed using OCR and visual analysis to generate text summaries. The summaries are saved as Markdown files in a local directory at . When you subsequently prompt Codex, those memory files are included in its context window, allowing it to understand what applications you were using, what documents you were reading, what code you were writing, and what conversations you were having, all without you restating any of it. The raw screen captures are stored temporarily under a system temp directory and automatically deleted after six hours. OpenAI states that screenshots are not stored on its servers after processing and are not used for training. The generated memories, however, persist indefinitely as unencrypted plain text files on your machine. Greg Brockman, OpenAI's president, described the feature as "an experimental feature giving Codex the ability to see and have recent memory over what you see, automatically giving it full context on what you're doing. Feels surprisingly magical to use." Chronicle requires macOS Screen Recording and Accessibility permissions. It is available only on Apple Silicon Macs running macOS 14 or later, and only to ChatGPT Pro subscribers paying $100 or more per month. It is not available in the EU, UK, or Switzerland, a geographic restriction that strongly suggests OpenAI recognises the feature's incompatibility with GDPR's requirements around data minimisation and purpose limitation. The comparison with Microsoft Recall is instructive. Recall, which launched on Windows Copilot+ PCs, takes screenshots every few seconds and stores them in an encrypted local database, with all processing handled by a neural processing unit on the device. No screenshot data leaves the machine. Chronicle takes the opposite approach: processing happens in the cloud, but only text summaries are retained locally. Recall encrypts its database and requires biometric authentication via Windows Hello. Chronicle stores its memories as unencrypted Markdown files accessible to any process running on the computer. OpenAI's own documentation acknowledges the risks explicitly. Chronicle "increases risk of prompt injection" because malicious content on a website you visit could be captured in a screenshot and interpreted as instructions by the AI. The memories directory "might contain sensitive information." And the feature "uses rate limits quickly," meaning Pro subscribers may find their Codex usage constrained by Chronicle's background activity. OpenAI recommends pausing Chronicle before meetings or when viewing sensitive content. Users can pause and resume via the Codex menu bar icon. The recommendation is itself revealing: it acknowledges that the feature will capture things it should not, and shifts the burden of managing that risk to the user. Screen-aware AI assistants have had a turbulent history. Rewind AI, the most prominent early entrant, rebranded to Limitless before being acquired by Meta in December 2025. The Mac app was shut down and screen capture disabled. Microsoft's Copilot has lost 39% of its subscribers in six months, partly due to trust issues that extend to Recall. A security researcher demonstrated in early 2026 that Recall's encrypted database could still be exploited, reinforcing concerns that had dogged the feature since its announcement. The open-source alternative Screenpipe offers a local-first approach: continuous screen and audio capture processed entirely on-device, with a $400 lifetime licence and no recurring cloud dependency. Perplexity's Personal Computer software takes yet another approach, turning a Mac mini into a persistent AI agent with access to local files and apps, though it too relies on cloud processing for its core intelligence. The pattern across the category is consistent: the more useful a screen-aware AI becomes, the more data it needs to process, and the harder it becomes to reconcile that data appetite with user privacy. Chronicle opts for utility over privacy architecture, betting that OpenAI's promise not to store or train on the data, combined with the six-hour deletion window, is sufficient to earn user trust. Whether that bet pays off depends entirely on whether users believe the promise and whether OpenAI can maintain it as the feature scales. Chronicle arrives as the industry converges on the idea that AI assistants should understand your context without being told. Apple is testing AI smart glasses designed as ambient input channels for Apple Intelligence. Slack's recent AI overhaul turned Slackbot into a desktop agent with deep context about your work communications. OpenAI itself is developing a screenless hardware device with Jony Ive that is explicitly positioned for an "ambient AI" era. Gartner predicts more than 40% of large enterprises will deploy ambient intelligence pilots by 2026. The thesis is that AI becomes dramatically more useful when it has passive, continuous access to what you are doing rather than requiring you to articulate your needs from scratch each time. Chronicle is OpenAI's first implementation of that thesis on desktop, and it works: by Brockman's account and the feature's design, eliminating the need to re-explain context to an AI assistant is a genuine productivity gain. But the thesis has a cost. Privacy-first alternatives like Proton's AI tools demonstrate that useful AI can run on open-source models locally without sending user data to anyone's servers. The question Chronicle poses is not whether screen-aware AI is useful. It plainly is. The question is whether the cloud-processed, trust-dependent model that OpenAI has chosen will survive contact with the regulatory environment that has already excluded it from three jurisdictions, and with users who have watched enough AI companies promise data privacy only to quietly revise their terms when the economics demanded it.

Codex for Mac gains Chronicle for enhancing context using recent screen content - 9to5Mac

Last week, OpenAI released an all-new version of Codex for Mac that includes the best example of AI-driven computer use yet. Today, Codex for Mac is taking its recently gained memory feature further with a feature OpenAI calls Chronicle. Codex is OpenAI's desktop "superapp" in the making. For now, Codex is especially made for agentic coding. ChatGPT is the more general AI chatbot app. Going forward, OpenAI is developing Codex into a more capable tool for builders beyond software engineers. Chronicle is one step toward that goal. The purpose of Chronicle is to make Codex more aware of context without repeating details or being super specific with each prompt. It builds on memory, which lets Codex learn from conversation history for context. Chronicle goes further by using recent screen context. OpenAI explains how it works: With Chronicle, Codex can better understand what you mean by "this" or "that." Like an error on screen, a doc you have open, or that "thing" you were working on two weeks ago. Over time, it helps Codex learn how you work: the tools you use, the projects you return to, and the workflows you rely on. Chronicle runs background agents to build memories from screen captures. It uses rate limits quickly. Screen captures are stored temporarily on device to generate memories -- also stored on device. You can inspect and edit memories. Be aware that other apps may access these files. Chronicle in Codex is available for Pro subscribers on the Mac starting today as a research preview feature. In addition to enhancing the Codex desktop app, OpenAI recently introduced a subscription designed for Codex users.

What is Chronicle, OpenAI Codex's new screen-reading memory feature?

Chronicle by OpenAI remembers your workflow so Codex doesn't forget If you've ever spent the first five minutes of an AI coding session re-explaining what you were working on, Chronicle is OpenAI's attempt to fix that. Instead of needing to describe what you're doing before every Codex session, Chronicle records your actions behind-the-scenes so Codex has a general understanding when you return to work again. For instance, if you make a pull request or look up some documentation while using other tools, Chronicle creates the necessary context automatically in its memory so you don't have to describe what you were doing. Also read: OpenAI releases Chronicle in Codex: What is it and how to use Chronicle operates within Codex's memory system. When using Codex with Chronicle enabled, it can use the screen-based memories that have recently been generated to determine what you're referring to, find the appropriate file/source, and leverage any tools or workflows you use, which may eliminate the need for you to articulate what's being requested at the beginning of the interaction with Codex each time. Chronicle acts as a sandboxed background agent on macOS machines. The app periodically takes pictures from your screen using your macOS machine, and it saves these pictures as lightweight markdown memory files saved on the user's local machine. The screen captures themselves are deleted after six hours of their creation, but the memories they create are saved until the user deletes them. Also read: 5 things John Ternus needs to fix at Apple after taking over as CEO from Tim Cook There are some real caveats worth knowing upfront. First, Chronicle is currently only available as an opt-in research preview and only for ChatGPT Pro subscribers who have macOS. Also, OpenAI has been very transparent about how quickly it consumes rate limits, Chronicle creates continuous background processes as part of the app's efforts to create memory files from screen captures, which rapidly uses up rate limits, causing additional wait time for the user. The bigger concern is security. Chronicle increases your exposure to prompt injection attacks because it's reading whatever is on your screen, including websites. If you visit a page with malicious instructions embedded in it, there's a chance Codex follows them. OpenAI recommends pausing Chronicle before meetings or when viewing anything sensitive, and the pause option lives in the macOS menu bar. Memories are stored as unencrypted markdown files, meaning other programs on your computer can access them too. Chronicle is clearly early-stage, and OpenAI isn't hiding that. But the basic idea is simple - the less time you spend re-establishing context with an AI tool, the more useful that tool actually becomes.