You’re reading an issue of “The AI Economy,” my newsletter exploring the forces shaping the AI era—tracking how AI is rewriting business, work, technology, and culture. Subscribe to get expert insights and curated updates delivered straight to your inbox.
OpenAI wants to give its Codex coding agent a better memory. On Tuesday, the company rolled out an “experiment” feature called Chronicle that runs background agents to capture your screen, extract context from those images, and build persistent memories so Codex understands what you’re working on without you having to re-explain it every session. OpenAI says the screen captures are stored temporarily on your device and deleted after six hours—though those captures are also processed through OpenAI’s servers to generate memories, which are then saved locally as unencrypted markdown files. The company also warns that Chronicle increases your exposure to prompt injection attacks, since it reads whatever is on your screen at any given moment, including websites.
The feature is opt-in, available only to ChatGPT Pro subscribers on macOS, and not yet permitted in the EU, UK, or Switzerland—a geographic carve-out that itself signals awareness of the regulatory sensitivity here. It’s a meaningful improvement in capability for Codex. It also looks a great deal like Microsoft’s Recall. The question worth asking is whether Chronicle will attract the same level of scrutiny.
Nearly two years ago, Microsoft announced Recall, an AI-powered feature within Windows 11 that helped you remember and find information on your PC by taking periodic screenshots of your desktop. Sound familiar? Recall was initially supposed to be one of the major selling points for the Copilot+ PCs, but immediately faced tremendous backlash, with Signal President Meredith Whittaker criticizing Microsoft’s feature as “a dangerous honeypot for hackers.”
Facing tremendous privacy and security headwinds, Microsoft delayed Recall’s rollout for another year. But it doesn’t appear to be fully secure—a security researcher claims he was able to extract data from Microsoft’s tool. It’s a claim the company denies, saying it’s not a bug and doesn’t plan to address the alleged vulnerability.
The use cases are also worth distinguishing. Microsoft built Recall as an AI-powered search engine for your entire PC—a way to find anything you had ever seen on your screen. Chronicle has a narrower, more practical ambition: to reduce the context tax that developers pay every time they start a new Codex session. Instead of re-explaining what project you’re working on, which tools you’re using, or where a relevant file lives, Chronicle builds that understanding in the background so the conversation can start where you actually are. For developers juggling multiple codebases and workflows, that’s a genuinely useful problem to solve.
Are the tradeoffs worth it?
Both Recall and Chronicle share a common architecture: running silently in the background, capturing your screen at regular intervals, and letting you query that history through natural language. But there is one significant difference: Microsoft Recall processes everything locally using the device’s NPU, while Chronicle sends selected frames to OpenAI’s servers for processing. That distinction matters. Local processing keeps sensitive data off the network; cloud processing introduces a potential target. It also raises harder legal questions—about data custody, subpoena exposure, and compliance with privacy regulations across jurisdictions—that OpenAI has not yet fully answered.
The Codex maker is upfront about this risk. Because Chronicle reads your screen continuously, it is exposed to everything on it—including content you may not have scrutinized closely. If you visit a webpage or open a document containing hidden or disguised instructions, Chronicle could surface that content into Codex’s memory and act on it. This class of vulnerability, known as a prompt injection attack, tricks an AI into following commands embedded in the content it is processing rather than the user’s commands. It is one of the better-documented risks in agentic AI systems, and notable enough that OpenAI explicitly flags it in Chronicle’s own documentation, recommending that users pause the feature before visiting untrusted websites or handling sensitive material.
That said, OpenAI has built in some guardrails. Screen captures are stored temporarily and deleted after six hours, and users can pause or disable Chronicle at any time from the menu bar. It claims that files transmitted to its servers are used only to generate memories and aren’t stored for post-processing unless required by law. They also aren’t being used to train OpenAI’s models.
Chronicle shouldn’t have access to your microphone or system audio—it is limited to what is visible on screen. That said, the company advises against using the feature to surreptitiously record meetings or communications with third parties. Instead, pause Chronicle.
OpenAI also emphasizes that memory files generated by Chronicle are not exclusively accessible to Codex. Other applications on your device could potentially read them too.
Since its announcement, Chronicle appears to have drawn far less alarm than Recall did at a comparable stage. Part of that may come down to scope. Recall was positioned as a flagship feature for an entirely new class of Windows PCs, immediately placing it in front of hundreds of millions of potential users. Chronicle, by contrast, is an opt-in research preview tucked inside a coding agent used by a fraction of OpenAI’s more than 900 million weekly active users. Not every developer using Codex will enable it. Not every user will even notice it exists. That narrower surface area may explain the quieter reception—but it doesn’t make the underlying questions about screen capture, cloud processing, and data custody any less worth asking.
Featured Image: Microsoft's Consumer Chief Marketing Officer, Yusef Mehdi, speaks at the company's Copilot+ PC announcement event on May 20, 2024. Credit: Ken Yeung
