Forensic Summary

A new Python package, llm-openai-via-codex 0.1a0, explicitly 'hijacks' Codex CLI credentials to route API calls through an unofficial OpenAI endpoint, bypassing standard API billing and access controls. This represents a credential misuse pattern that could expose organisations to unauthorised API access and quota theft. The technique exploits an undocumented or semi-official API surface, raising supply chain and access control concerns for enterprise OpenAI deployments.

Read the full technical deep-dive on Grid the Grey: https://gridthegrey.com/posts/llm-openai-via-codex-0-1a0/