The Intake — Tuesday, June 2, 2026

If you reached for a third-party npm package to get a remote web UI for OpenAI Codex, this disclosure concerns you directly. codexui-android — an npm package advertising itself as a remote UI for Codex — silently exfiltrated developer credentials to an attacker-controlled server for approximately one month. Aikido Security researcher Charlie Eriksen published the findings on May 27, 2026.

The package pulled around 29,000 downloads per week. The credential-theft code did not appear in the package's public GitHub repository. Each invocation silently exfiltrated the Codex authentication token file to a server the attacker controlled. The stolen file included a non-expiring refresh token — meaning the exfiltration remained actionable after rotation of the session token. Eriksen dated the malicious code to approximately one month after the package's initial publication. The npm account owner's public profiles link to the same domain the package used as its exfiltration endpoint.

The exposure extends beyond desktop installs. Eriksen identified two Android apps from the same publisher listed on Google Play. Combined, they report more than 60,000 installs. Both execute this same npm package inside an embedded Linux environment on first run, running the same exfiltration path. If you or anyone on your team has the codexui-android package installed — or either of the associated Android apps — the Codex token file it could reach should be treated as compromised.

Anthropic submitted a confidential draft Form S-1 to the U.S. Securities and Exchange Commission. The June 1, 2026 filing is the first formal step toward a potential initial public offering. Share count and price are not yet set. Timing remains subject to SEC review completion and market conditions.

The company is structured as a Public Benefit Corporation. Anthropic closed a $65 billion Series H in late May. The post-money valuation following that round is reported at approximately $965 billion. A parallel filing is reported to be in preparation at OpenAI.

An IPO track requires Anthropic to file ongoing financial and operational disclosures that were not public during its private phase. No near-term practitioner implication: the filing opens a path to public disclosure but does not change Anthropic's model availability, API terms, or pricing in the near term.