OpenAI has announced a deal to acquire Ona, the company formerly known as Gitpod, to bring secure cloud execution and orchestration into Codex. Here is what is confirmed, what remains unclear, and what enterprises should evaluate before giving long-running AI agents production access.
Last checked: June 11, 2026. This article uses OpenAI's June 11 announcement as the primary source. It also checks Ona's public website and documentation, OpenAI's Codex materials, InfoQ's earlier coverage of Gitpod's rebrand to Ona, Speedinvest's portfolio profile, and Bloomberg-reported details republished by Investing.com. Financial terms were not disclosed by OpenAI.
Quick answer
OpenAI announced on June 11, 2026 that it will acquire Ona, a cloud development and AI-agent infrastructure company, to expand the Codex ecosystem with secure, persistent execution environments for long-running agents.
The acquisition is not closed yet. OpenAI says it remains subject to customary closing conditions, including required regulatory approvals. Until then, OpenAI and Ona remain separate and independent companies.
The core idea is simple: Codex is becoming less like a short chat session and more like a delegated worker that may need hours or days to finish software and knowledge-work tasks. Ona gives agents a persistent, customer-controlled cloud workspace where they can access the right tools, repos, credentials and logs without depending on the user's laptop staying open.
The deal matters most for enterprises adopting AI agents in production. OpenAI says Codex now has more than 5 million weekly users, up 400% from earlier this year, while Ona says its platform is designed for background agents, scoped credentials, audit trails, VPC deployment and kernel-level controls.
What OpenAI announced
OpenAI said it will acquire Ona and bring Ona's secure cloud execution and orchestration technology into Codex. The company framed the deal around a shift in how people use agents: not only for quick code suggestions, but for sustained work that continues beyond a single device or active session.
OpenAI's announcement says Ona will help Codex:
- Continue work over hours or days.
- Run beyond the device where a task started.
- Operate in secure, persistent environments.
- Access the tools, systems and context needed to make progress.
- Support enterprise deployment with stronger security, governance and operational controls.
OpenAI also said the Ona team will join OpenAI after the deal closes and work with the Codex team on secure, persistent enterprise execution capabilities.
The company did not disclose the purchase price, consideration mix, expected closing date, revenue impact or customer migration plan.
Who is Ona?
Ona is the company formerly known as Gitpod, a developer-infrastructure company best known for cloud development environments. In 2025, Gitpod rebranded to Ona and repositioned itself around AI software engineering agents and secure runtime infrastructure.
Ona's public site describes the product as a platform for background agents that can run software-engineering work in the cloud. Its stated product areas include:
| Ona capability | What it means for agent workflows |
|---|---|
| Background agents | Agents can take a task, work in the background and return a pull request or result. |
| Automations | Agent fleets can be triggered from pull requests, schedules, webhooks and repeatable workflows. |
| Connected environments | Each agent gets a cloud environment with tools, dependencies, network access and permissions. |
| Runtime AI security | Enterprise controls such as VPC deployment, audit trails, scoped credentials and policy enforcement. |
| Guardrails | Ona's documentation describes kernel-level controls meant to reduce unauthorized execution and data exfiltration risk. |
OpenAI says Ona has helped 2 million developers work in secure, reproducible cloud environments and supports multiple shared customers. Ona's own public messaging emphasizes use cases such as code modernization, CVE remediation, pull-request review, CI failure triage and backlog work.
Why this acquisition matters
The deal shows where OpenAI wants Codex to go next. The first phase of AI coding tools was autocomplete. The second phase was chat-based pair programming. The current phase is autonomous or semi-autonomous agents that can inspect a repo, run commands, make changes, test results and ask for review.
That next phase needs more than a strong model. It needs infrastructure.
Long-running agents require:
- A workspace that persists after the user's device disconnects.
- Safe access to source code, package registries, test systems and deployment tools.
- Credential scoping so an agent gets only the access it needs.
- Network controls to prevent unnecessary or risky external access.
- Logs that show what happened, when, why and with which permissions.
- Human approval gates before changes reach production.
- Clear ownership when an agent task fails or produces risky changes.
Ona directly targets that infrastructure layer. That makes the acquisition strategically different from buying a model lab. OpenAI is buying execution and governance capability around agents.
What changes for Codex users
Nothing changes immediately for most Codex users because the acquisition has not closed. OpenAI has not announced new pricing, feature availability, migration deadlines or bundle changes tied to Ona.
The likely direction is clearer than the near-term product plan:
| User group | Likely impact if integration succeeds |
|---|---|
| Individual developers | More reliable long-running Codex tasks that can continue away from the local machine. |
| Engineering teams | Better support for parallel agents, review workflows, CI-aware changes and recurring automation. |
| Enterprise platform teams | More deployment control over where agents run, what they can access and how work is logged. |
| Security teams | More focus on credential scope, audit trails, runtime isolation and network policy for AI agents. |
| Compliance teams | More evidence around agent activity, review gates and customer-controlled infrastructure. |
The key word is "if." OpenAI still has to close the deal, integrate the teams, combine product surfaces, migrate shared customers where appropriate and prove that the combined system works under enterprise constraints.
Why persistent agents are different from normal chatbots
A normal chatbot can answer a question and end the session. A persistent agent may:
- Clone a repository.
- Install dependencies.
- Read internal documentation.
- Run tests.
- Modify files.
- Open a pull request.
- Retry after failures.
- Coordinate with ticket systems.
- Continue after a user goes offline.
- Produce logs and artifacts for later review.
That is more useful, but it is also riskier. The agent has more time, more tools and more access. A weakly governed agent can create bad code, leak secrets, consume expensive resources, modify the wrong branch or follow malicious instructions hidden in issues, docs or dependencies.
This is why OpenAI's announcement repeatedly emphasizes secure environments, customer control, governance and review. The infrastructure question is no longer optional. It is central to whether enterprises can deploy coding agents beyond experiments.
What is confirmed
Here is what is confirmed by OpenAI and Ona's public materials as of June 11, 2026:
| Question | Current answer |
|---|---|
| Did OpenAI announce an Ona acquisition? | Yes. OpenAI announced the deal on June 11, 2026. |
| Has the acquisition closed? | No. OpenAI says it is subject to customary closing conditions and regulatory approvals. |
| Will the companies stay separate before closing? | Yes. OpenAI says OpenAI and Ona remain separate and independent until closing. |
| Will Ona's team join OpenAI? | OpenAI says the team will join OpenAI after closing. |
| Which OpenAI product is most directly affected? | Codex. OpenAI says Ona will join the Codex ecosystem. |
| What does Ona contribute? | Secure cloud execution, orchestration and persistent environments for agents. |
| How many weekly Codex users did OpenAI report? | More than 5 million, up 400% from earlier in 2026. |
| How many developers did OpenAI say Ona has helped? | 2 million developers in secure, reproducible cloud environments. |
| Were financial terms disclosed? | No. |
What is not confirmed
Several important questions remain unanswered:
- Purchase price.
- Deal structure.
- Closing timeline.
- Whether any regulator will review the deal closely.
- Whether Ona customers will be moved onto OpenAI contracts.
- Whether Ona will keep a standalone product after closing.
- Whether current Ona pricing will change.
- How Codex plans will change after integration.
- Whether Ona's existing integrations, cloud runners and deployment options will remain unchanged.
- How data handling, retention and support terms will work for customers using both platforms.
For readers, this matters because acquisition announcements can sound final even when they are still conditional. The correct status today is announced, not closed.
The enterprise security angle
The most important buyer question is not "can the model code?" It is "can the agent safely work inside our environment?"
Ona's public positioning directly addresses that concern. Its site describes customer-controlled execution, VPC deployment, network control, audit trails, scoped credentials and kernel-level policy enforcement. Ona's documentation also describes Veto, a kernel-level enforcement engine designed to operate below the agent and userspace.
Those claims are relevant because agent security is not the same as normal SaaS security. AI agents can read untrusted input, generate commands, use tools, write files and act with delegated authority. If a malicious issue, dependency, document or prompt steers an agent, traditional controls may not be enough.
Enterprises evaluating the combined OpenAI-Ona direction should focus on three practical layers.
1. Identity and access
Agents should not inherit broad human permissions by default. Buyers should ask:
- Can each agent run with scoped credentials?
- Can access expire automatically?
- Can identity provider controls apply to agents and humans?
- Can teams restrict repos, environments, tools and network paths?
- Are secrets injected safely, rotated and excluded from logs?
2. Runtime control
Agents need a place to run, but the runtime must be bounded. Buyers should ask:
- Where does execution happen?
- Can it run inside the customer's cloud or VPC?
- What network access is allowed by default?
- Can risky commands, binaries or destinations be blocked?
- Are workspaces isolated from each other?
- How are failed, abandoned or long-running environments cleaned up?
3. Review and evidence
Autonomy still needs accountability. Buyers should ask:
- Are full logs available?
- Can the system show command history, file changes and test output?
- Can approvals be required before pull requests, merges or deployments?
- Can security teams export evidence for audits or incidents?
- Can policies differ between development, staging and production?
If the acquisition improves those layers inside Codex, it could make OpenAI more credible with large engineering organizations that want agents but cannot accept unmanaged execution.
Competitive context
OpenAI is competing in a market where coding agents are becoming a central enterprise AI battleground. Anthropic has pushed Claude Code and Claude model families for software engineering. Microsoft continues to develop GitHub Copilot. Cursor, Windsurf, Replit, Devin-style agents and other tools are trying to own the developer workflow.
OpenAI's Codex strategy appears to be broader than code completion. The company wants Codex to become an agentic work system that can handle research, analysis, software development and automation across production workflows.
That explains why Ona is attractive:
- It gives OpenAI cloud execution infrastructure rather than only IDE features.
- It helps Codex work across longer time horizons.
- It strengthens enterprise deployment controls.
- It gives OpenAI a clearer answer to the question "where does the agent safely run?"
- It may help OpenAI sell Codex into larger organizations where governance is mandatory.
The acquisition also follows a broader pattern in AI: model providers are moving down the stack into workflow, runtime and enterprise-control layers. A powerful model alone is not enough if customers cannot safely connect it to their systems.
Timeline
| Date | Event | Why it matters |
|---|---|---|
| 2025 | Gitpod rebranded as Ona, according to InfoQ's coverage. | The company shifted from cloud development environments toward AI software engineering agents. |
| Earlier in 2026 | OpenAI said Codex usage grew sharply. | The June 11 post says more than 5 million people use Codex weekly, up 400% from earlier in the year. |
| June 9, 2026 | OpenAI's Codex changelog listed recent app, mobile and CLI updates. | Codex was already expanding across surfaces before the acquisition announcement. |
| June 11, 2026 | OpenAI announced its plan to acquire Ona. | The deal is intended to add secure, persistent cloud execution to Codex. |
| After closing | Ona's team is expected to join OpenAI and work with Codex. | Product integration depends on closing conditions and regulatory approvals. |
What developers should watch
Developers should watch for product changes in four areas.
First, task durability. Codex may become better at continuing work across devices and sessions. That matters for large refactors, migrations and bug investigations.
Second, environment setup. If Ona's reproducible environments become part of Codex, teams may spend less time teaching each agent how to install dependencies, run tests and access local services.
Third, review flow. Better persistent work is only useful if developers can inspect diffs, logs, tests and reasoning without becoming bottlenecks.
Fourth, policy controls. Developers will need clear rules for which tasks agents can do autonomously and which require approval.
Good early pilot tasks include:
- Updating dependencies across non-critical services.
- Fixing low-risk test failures.
- Drafting pull requests for small bugs.
- Refactoring internal tooling.
- Summarizing CI failures.
- Preparing migration plans before code changes.
High-risk tasks such as production deployment, payment logic, authentication changes, security controls and data deletion should remain tightly reviewed.
What CIOs and CISOs should ask OpenAI
The acquisition will matter to enterprise buyers only if OpenAI can turn the story into concrete controls. CIOs and CISOs should ask:
| Question | Why it matters |
|---|---|
| Will Codex agents run in our cloud, OpenAI's cloud or both? | Determines data boundary, network exposure and incident ownership. |
| How are credentials scoped, rotated and logged? | Agents should not become uncontrolled privileged identities. |
| Can we restrict internet access and private network access separately? | Reduces exfiltration and supply-chain risk. |
| What audit logs are available and how long are they retained? | Compliance and incident response require evidence. |
| Can approvals be enforced by policy? | Prevents agents from bypassing human review. |
| How are prompt injection and malicious repo content handled? | Agents will read untrusted text inside issues, docs and code. |
| What happens to existing Ona customer contracts? | Buyers need continuity on support, pricing and commitments. |
| Are there data residency options? | Regulated customers may need regional controls. |
User impact: what changes today?
For everyday ChatGPT or Codex users, there is no immediate action required. The acquisition has been announced, not completed, and OpenAI has not said that consumer Codex pricing, access or limits are changing today.
For teams already using Ona, the main action is contract and roadmap diligence:
- Ask Ona or OpenAI how support will work before and after closing.
- Review data-processing terms if your company uses Ona with sensitive code.
- Confirm whether your deployment model and cloud region will remain supported.
- Track any migration notices.
- Preserve internal documentation for current workflows in case product surfaces change.
For teams using Codex, the main action is to prepare governance. Persistent cloud agents are useful only when your repos, secrets, CI systems and review rules are ready for them.
Why the deal could succeed
The strategic fit is strong. OpenAI has the model and product distribution. Ona has infrastructure for cloud-based agent execution, reproducible environments and enterprise controls. Codex has growing usage and a clear need for more durable execution.
If integrated well, OpenAI could offer a more complete agent platform:
- Chat and delegation through Codex.
- Persistent execution through Ona.
- Enterprise controls around identity, logs and environments.
- Review workflows that connect to source control and CI.
- Support for software and broader knowledge work over longer timelines.
That would make Codex more than a coding assistant. It would become a managed execution layer for AI work.
Why the deal could be difficult
The risks are also real.
Integration is hard. OpenAI must combine systems, teams, product surfaces, support models and customer expectations. Enterprises will expect reliability, security documentation, migration clarity and legal certainty.
Agent infrastructure is also a sensitive security category. A coding agent can touch source code, secrets, customer data, deployment scripts and internal systems. Any weakness in scoping, logging or isolation can become a major incident.
Regulatory review could also matter. AI infrastructure acquisitions are drawing more attention because large model companies are racing to control adjacent layers of the stack. OpenAI did not identify specific jurisdictions or approval timelines in the announcement.
Finally, customer trust will depend on transparency. Buyers will want to know whether Ona remains multi-agent and multi-model friendly or becomes primarily an OpenAI/Codex execution layer.
Bottom line
OpenAI's planned acquisition of Ona is a bet that the next stage of Codex is not only smarter models, but safer places for those models to work.
The deal is important because it targets the practical bottleneck in enterprise AI agents: persistent execution, governed access and reviewable work. OpenAI has confirmed the acquisition plan, Codex's rapid usage growth and Ona's role in secure cloud environments. But the deal is not closed, terms are undisclosed and product changes are still ahead.
For users, the takeaway is straightforward: do not expect an immediate feature switch today. For enterprises, start preparing the governance questions now. Long-running agents can be powerful, but only if identity, runtime control, auditability and human review are built in from the start.
FAQ
Did OpenAI buy Ona?
OpenAI announced that it will acquire Ona on June 11, 2026. The deal has not closed yet and is subject to customary closing conditions, including regulatory approvals.
What is Ona?
Ona is the company formerly known as Gitpod. It builds cloud environments and infrastructure for background AI agents, including connected environments, automations, runtime security controls and enterprise deployment options.
Why does OpenAI want Ona?
OpenAI says Ona will help Codex support secure, persistent environments where agents can continue work over time, access tools and context, and operate within enterprise security and governance requirements.
Will Codex change immediately?
OpenAI has not announced immediate pricing or availability changes tied to the deal. Product integration is expected after closing.
Were financial terms disclosed?
No. OpenAI did not disclose the acquisition price or deal structure.
Is this only about coding?
Coding is the clearest near-term use case because the deal is tied to Codex. But OpenAI also describes Codex as expanding into research, analysis, automation and knowledge work, so the infrastructure could support broader agent workflows over time.
What should businesses do now?
Businesses should inventory which repos, tools and credentials an AI agent could access, define approval gates, confirm logging requirements, and prepare questions for OpenAI or Ona about cloud location, data handling, identity, network controls and support continuity.
Sources
- OpenAI: OpenAI to acquire Ona
- Ona: platform for background agents
- Ona documentation: llms-full.txt security and governance references
- OpenAI: Introducing the Codex app
- OpenAI Developers: Codex changelog
- InfoQ: Gitpod rebrands to Ona
- Speedinvest portfolio profile: Ona
- Investing.com: Bloomberg-reported acquisition coverage
Media credits
HacksByte created the editorial diagrams in this article for explanatory use. They are based on public statements from OpenAI and Ona and do not depict unreleased product screens.
Before you move on
Global AI workflow guidance. Use this short checklist to turn the article into action.
- Check whether the tool can access private files or account data.
- Verify factual claims against primary sources before publishing.
- Keep a human review step for work that affects money, school, or customers.
This guide is written for practical user safety. For account, platform, or legal decisions, confirm critical steps with the official help center or your service provider.
