MalakaToken Compute · Malacca
EN / Book a Demo

Agents · Architecture 6

Codex Now Controls Your Desktop. That Desktop Had Better Be Legally Yours.

OpenAI's April 16 Codex upgrade lets an AI operate your mouse and keyboard across any application. Anthropic's Computer Use has been doing it for over a year. The interesting question is no longer what the model can do — it's whose name the machine is signed under.

Agents arrive, and so does the jurisdictional problem

On April 16, 2026, OpenAI announced an upgraded Codex that can open applications, control a cursor, and type — a clear answer to Anthropic’s Computer Use, which has operated in this regime since late 2024. Gartner now expects that 40% of enterprise applications will include task-specific agents by end of year. The industry has moved from chat to agent. It has also moved, quietly, from “questions to a model” to “software operating inside your accounts under your legal identity.”

That second shift is where the interesting problem lives.

What an agent actually does, from a compliance perspective

When an agent posts a reply in your CRM, sends an email from your Gmail, drops a lead into your HubSpot, or clicks the “submit bid” button on Alibaba International, a sequence of legal attributions is activated:

  • The account belongs to someone.
  • The IP address the action originates from belongs to someone.
  • The billing card attached to the tool being operated belongs to someone.
  • If the action touches a regulated vertical — financial trading, advertising on Meta, publishing on X — the regulated-entity identity doing the action belongs to someone.

The agent isn’t the entity. The agent is a wrench. The entity is the legal wrapper that picks up the wrench.

For Chinese exporters running overseas lead-gen and marketing ops, this is where the architecture typically breaks. The common setup — residential VPN, personal Gmail, a mainland-billed Stripe card, a shared cloud VM, an agent looped over all of it — creates a stack where every layer is a different flavor of grey. Any one of them will, eventually, get the whole operation flagged: a Google Ads suspension, a Stripe freeze, a Meta business-manager ban, a LinkedIn account shutdown. The cost isn’t the agent. It’s the relaunch, one locked-out platform at a time.

What a “real” agent stack looks like

The model-layer news from Codex is real, but it isn’t the bottleneck. The bottleneck is the layers below:

  • A legal entity — an Sdn Bhd, not a pen name.
  • A physical machine — a Mac mini with a dedicated commercial Malaysian IP, not a co-tenant VPS in Singapore.
  • An enterprise API contract — Claude, Gemini, or the appropriate OpenAI tier, subscribed under the MY entity.
  • A clean account graph — Google, Meta, LinkedIn, HubSpot, Stripe — all opened under the same MY legal name from the same MY IP, on day one.
  • Bilingual engineering on the other end of the keyboard, because when an agent breaks at 3am Malaysia time, that’s 3am Malaysia time.

This is the architecture MalakaToken builds. The model sitting on top of it is an increasingly commoditized component. The moat is everything underneath.

The practical reading

If your first instinct when Codex announces desktop control is “great, more automation,” that’s the wrong half of the sentence. The right half is: “great, more automation — running under whose name?

That question has exactly one good answer in the Chinese-exporter context. A Malaysian Sdn Bhd with its own physical Mac mini and its own commercial Malaysian IP — the layer we’ve been quietly building for the past year while the frontier labs raced on the model side — is a surprisingly durable answer.

Sources: OpenAI Codex announcement reporting (TechCrunch, April 16 2026); OutSystems agentic-AI enterprise survey (PR Newswire APAC). MalakaToken is not affiliated with OpenAI or Anthropic.