OpenAI has entered into an agreement to acquire Ona, a company that builds secure cloud environments for developers and AI agents. The plan is to bring Ona's execution and orchestration technology into Codex, giving the agent a persistent place to work after the laptop where a task began has closed or the original session has ended.
This is not a completed acquisition yet. The transaction remains subject to customary closing conditions and required regulatory approvals. Until it closes, OpenAI and Ona will continue operating as separate companies. Financial terms were not disclosed.
Even with that caveat, the direction is clear. OpenAI is trying to move Codex from a capable agent that works during an active interaction toward an operating layer for sustained software and knowledge work. That requires more than a stronger model. It requires a controlled computer, durable context, access to the right tools, and a trustworthy way to keep work moving over hours or days.
The laptop is becoming the handoff point
Most coding agents still inherit the boundaries of the machine and session where they were started. They can inspect a repository, edit files, run tests, or prepare a pull request, but the work often depends on the local computer remaining available and correctly configured.
Ona's model moves that environment into the cloud. A prepared workspace can contain the repository, dependencies, build tools, database access, internal services, and policies an agent needs. The task can continue there while the user moves to another device, checks progress later, provides direction, or reviews the result.
OpenAI says more than five million people now use Codex each week, up 400% from earlier in 2026. At that scale, even a modest shift from short interactive tasks to longer delegated work changes the infrastructure problem. Millions of agents need places to execute safely, not just models that can decide what to do next.
Persistence needs boundaries
An always-available workspace is useful only if it does not become an always-available security problem. Long-running agents need access to code, services, credentials, networks, and internal context. Giving them broad permanent access would make persistence convenient at the cost of control.
Ona's environments are designed around isolation and policy. Each agent can receive its own prepared environment, scoped credentials, command and network restrictions, and audit logging. Work can run inside the customer's cloud boundary rather than in an opaque shared environment controlled entirely by the agent provider.
That architecture gives security teams concrete questions they can answer: Where did the task run? Which repository and services could it reach? Which credentials were injected? What commands did it execute? What changed? Who reviewed the result? Production agents need those answers because their output can affect systems long after the prompt that started the job has disappeared from view.
A real workspace is more than a sandbox
Simple agent sandboxes are good at executing isolated commands. Real development work is messier. It may require a language server, test infrastructure, private packages, cloud services, databases, build caches, debuggers, and project-specific configuration.
Ona's approach gives an agent a fuller development environment rather than treating execution as a remote function call. Environments can be reproduced, prepared in advance, scaled across parallel tasks, and discarded after use. That matters for reliability: an agent is less likely to fail because a dependency is missing, a local configuration drifted, or a machine was no longer online.
The same foundation can support work beyond coding. Ona describes workflows that carry state across software and knowledge work, including diagrams, presentations, investigations, and other tasks that require tools, context, and review over time. The common requirement is not a particular output format. It is continuity inside an environment the organization controls.
Infrastructure is becoming the competitive layer
AI companies have spent years competing on benchmark scores, reasoning quality, context windows, speed, and price. Those differences still matter, but production agents expose another layer of competition: whether the model can operate reliably inside real systems.
A better model does not solve environment setup, credential scope, auditability, network policy, state management, or human review. Those are infrastructure and product-design problems. The Ona agreement gives OpenAI a more direct way to own that layer for Codex instead of leaving every customer to assemble it independently.
Ona says its weekly production agent sessions have grown 13 times since the beginning of the year. That growth is a useful signal because it reflects agents being placed into active institutional workflows, where the cost of an uncontrolled change or exposed secret is much higher than in a personal experiment.
This also extends the direction OpenAI established with Codex as an always-on software teammate and its recent move to make Codex easier to deploy through AWS governance. Models, tools, memory, automations, cloud distribution, and persistent workspaces are converging into one agent platform.
What changes for software teams
Persistent cloud agents make delegation more practical. A developer could assign a test repair, dependency upgrade, security investigation, application modernization task, or issue triage job without keeping a laptop awake until it finishes. Multiple tasks could run in parallel in separate environments and return for review.
But the management surface becomes as important as the prompt. Teams will need task ownership, time and budget limits, approval checkpoints, clear cancellation, environment policies, and records that explain what happened. A long-running agent should be easy to supervise without requiring constant attention.
The best experience will feel less like leaving a chat window open and more like handing work to a capable teammate: the task has a defined scope, the workspace is ready, progress is visible, questions can be answered, and the final result arrives with evidence that it was tested and reviewed.
What this means for SunMarc
For SunMarc App Labs, the immediate lesson is to separate an agent's intelligence from its operating environment. Any future automation that edits content, processes files, analyzes product data, or maintains a web property should run with the smallest useful set of tools and permissions, inside a reproducible workspace with visible logs.
Persistence should also be tied to a clear job. A content agent might be allowed to research and draft inside a working directory but require human approval before publishing. A maintenance agent might run tests and propose a patch but have no authority to deploy it. A product-analytics agent might read approved metrics while remaining unable to access unrelated customer or account data.
That structure preserves the value of longer-running automation without turning convenience into uncontrolled authority. The agent can keep working after the initial session ends, but the organization still controls where it runs, what it can reach, and when its output becomes a real-world action.
The deal is a statement about where Codex is going
If the acquisition closes, the Ona team will join OpenAI's Codex organization and work on secure, persistent enterprise execution. The companies are describing a future in which people can start substantial work from one device, let an agent carry it forward inside a controlled cloud environment, and return from another device to guide or review the result.
That is a larger product shift than simply making code generation better. It turns the workspace itself into part of the AI system. The next generation of agents will be judged not only by what they know, but by whether they can stay on the job without losing context, crossing security boundaries, or leaving people unable to understand what happened.