Lede: Researchers gave Codex a browser-context shell on a live Samsung TV, matching KantS2 firmware source, and a tmux-memfd harness, after which the model autonomously enumerated the device, audited drivers, validated a reachable physical-memory primitive, and obtained root.

Primary documentation states Codex received no bug hints or driver pointers and operated in a loop of source inspection, command injection via tmux send-keys, log recovery, static ARMv7 compilation, and in-memory execution to bypass Tizen UEP (https://blog.calif.io/p/codex-hacked-a-samsung-tv). The exploit chain relied on a vendor driver flaw present in both source and running system that was reachable from the browser security context.

Coverage omitted explicit ties to contemporaneous agent benchmarks: the 2024 Cybench framework showed GPT-4-class models solving 33 percent of professional CTF tasks without scaffolding (https://arxiv.org/abs/2406.15311), while OpenAI's Preparedness Framework lists automated vulnerability chaining as a tracked capability threshold (https://openai.com/index/preparedness-framework/). These sources document the same pattern of iterative tool use and source auditing now applied to physical hardware.

The blog accurately reported the harness constraints yet under-reported how later o1-preview models reduce prompt volume for identical tasks, a delta already measured in follow-on agent evaluations cited by the framework.