OpenAI just published the receipts. 5 million weekly Codex users. 20% are non-developers. Non-dev usage is growing 3x faster than developer usage. The "everyone is a builder" thesis is no longer a prediction - it's a reported metric from the world's largest AI company.
The six new role-specific plugins are a roadmap of your future builders. Data Analytics, Creative Production, Sales, Product Design, Public Equity Investing, Investment Banking - with more coming for Corporate Finance, Legal, and Strategy Consulting. Every department in your company is on that list.
What's missing from the announcement: where do Codex Sites live? Who approves what gets published? What happens when an analyst's dashboard queries production Snowflake? OpenAI built the builder layer. Nobody built the governance layer.
The platform team's scope just expanded from engineers to the entire company. The answer is the same as 2016: make the governed path faster than the workaround.
We Wrote About This 8 Days Ago. Now OpenAI Published the Receipts.
Eight days ago, I published Your Company Has 10x More Developers Than You Think. The thesis: AI coding tools have turned non-technical employees - nurses, recruiters, finance analysts, marketers - into people who ship production software. I made the case using Lovable's $100M ARR in eight months, Replit's 50 million users (75% never write code), Bolt.new's 130,000-person hackathon, and the fact that 25% of Y Combinator's Winter 2025 batch had codebases 95% AI-generated.
5 million people now use OpenAI Codex every week. Not monthly active users. Weekly. Non-developers - analysts, marketers, operators, designers, researchers, investors, bankers - make up about 20% of all Codex users. And they're growing more than 3x as fast as developers.
When the signal shows up in both the builder tools (Lovable, Replit, Bolt.new) and the AI model providers (OpenAI Codex), it's not a trend anymore. It's the new baseline.
OpenAI isn't speculating about what might happen. They're reporting what already happened on their platform. And they're doubling down on it.
The Plugin List Is a Roadmap of Your Future Builders
The most important part of today's announcement isn't the headline. It's the six new role-specific plugins. Each one maps to a department that is already building software - or will be within months.
Plugin
Who it's for
Tools it connects
Data Analytics
Finance, BI teams
Snowflake, Databricks Genie, Hex, Tableau
Creative Production
Marketing, design
Figma, Canva, Shutterstock, Picsart, Fal
Sales
Revenue ops, account management
Salesforce, HubSpot, Slack, Outreach, Clay
Product Design
Product, UX
Figma, Canva
Public Equity Investing
Investment teams
Moody's, FactSet, S&P, PitchBook, Hebbia
Investment Banking
Banking, M&A
Daloopa, Datasite, LSEG
That's 62 apps and 110 skills bundled across six plugins. And OpenAI already announced more coming: Corporate Finance, Private Equity, Marketing Strategy, Strategy Consulting, and Legal.
Read that list again. Every department in your company is on it.
OpenAI is telling analysts they can query Snowflake. Telling marketing they can generate campaign assets. Telling sales they can build pipeline dashboards connected to Salesforce. Telling product teams they can prototype from a live URL. These aren't toy integrations. These are connections to the production tools your teams already use.
The message from OpenAI is explicit: you can build now. And they will.
What OpenAI Didn't Say About Enterprise Governance
The other half of today's announcement is OpenAI Codex Sites - a new feature that lets Codex create interactive, hosted web apps shareable via URL within a workspace. Dashboards, planners, project boards, review workspaces. A product manager asks Codex to build a launch hub. A sales rep asks for an account review page. A finance analyst asks for a scenario planner. One prompt, one hosted app, one URL to share with the team.
This is genuinely useful. I mean that. For individual productivity and small-team collaboration, Sites solve a real problem.
But here's the paragraph that's missing from the announcement.
Where does the data live?
When a finance analyst creates a Site that connects to Snowflake through OpenAI's Data Analytics plugin - where does the query result land? On OpenAI's infrastructure. When a sales rep builds an account dashboard pulling from Salesforce via the Sales plugin - where is that customer data rendered? On OpenAI's infrastructure.
Who approves what gets published? A builder creates a Site and shares it via URL with their workspace. There's no mention of an approval workflow. No staging environment. No admin review before it goes live. In an enterprise where change management exists for reasons that were paid for in incidents - this is a gap.
What happens when someone leaves the company? Do their Sites get deprovisioned? Are the connected data sources revoked? Is there SCIM integration to handle offboarding automatically?
The announcement mentions none of these: SSO, RBAC, audit trails, data residency, deployment approvals, cost controls, agent governance.
Here's the gap at a glance:
Capability
OpenAI Codex Sites
Governed Builder Platform
One-click builder experience
Yes
Yes
Data residency
OpenAI's infrastructure
Your Kubernetes cluster
SSO / RBAC / SCIM
Not mentioned
Yes
Audit trail
Not mentioned
Full - every action logged
Publish approval workflow
No - shared via URL
Admin-controlled review
Agent governance
No
Monitor, enforce, kill switch
Cost controls
No
Per-team, per-blueprint + LLM token tracking
LLM provider choice
OpenAI only
Anthropic, OpenAI, or your own local models
Compliance posture
Vendor-dependent
Inherits your cluster (SOC 2, HIPAA, GDPR, DORA)
I'm not criticizing OpenAI. They built Codex for 5 million individual users, and they're doing it well. Enterprise governance is a different product, solving a different problem, for a different buyer.
But if you're a CTO at a regulated company - financial services, healthcare, insurance - and you just read that your finance team can now query Snowflake through Codex and publish the result as a hosted web app, you have a question to answer. And OpenAI's announcement doesn't answer it.
Your builders are already using Codex. Give them guardrails.
The AI Builder Portal runs on your Kubernetes cluster with SSO, audit trails, and publish approvals. Same builder experience. Your infrastructure.
The Three-Layer Stack That Every Enterprise Will Need
Here's how I think about what's emerging. There are three layers, and today most companies are missing the most important one.
Layer 1: The AI Engine. The model that generates code. Codex, Claude Code, Cursor, OpenCode, Gemini CLI. This is commoditizing fast. Most companies already have access to at least one.
Layer 2: The Role Adapter. Plugins, skills, and integrations that make AI useful for specific jobs. This is what OpenAI shipped today - 6 role-specific plugins, 62 app integrations, 110 skills. It turns a general-purpose coding agent into a finance analyst's tool, a marketer's tool, a sales ops tool. This layer is what makes non-developers productive.
Layer 3: The Governed Runtime. Where builders' work actually runs, gets reviewed, and gets published. Blueprint environments, approval workflows, RBAC, audit trails, data residency, agent governance, cost controls. This is the layer that lets an enterprise say "yes" instead of "no."
Most companies have Layer 1. OpenAI just shipped Layer 2. Almost nobody has Layer 3.
Put simply: the enterprise AI builder stack has three layers - the AI engine (OpenAI Codex, Claude Code, Cursor), the role adapter (plugins and skills that make AI useful for specific jobs), and the governed runtime (where builders' work runs, gets reviewed, and gets published on infrastructure the enterprise controls). OpenAI owns the first two. The third is the one your platform team has to build.
And Layer 3 is where the risk actually lives. Not in the model. Not in the plugins. In the gap between "an employee built something" and "someone reviewed, approved, and deployed it on infrastructure we control."
This Is the Platform Engineering Moment
If you run a platform team, your scope just changed.
For the last decade, platform engineering meant serving developers. Build the CI/CD pipelines. Manage the Kubernetes clusters. Create the service catalog. Your users were the 200 engineers who shipped code through your system.
OpenAI's plugin list tells you what's coming. Finance teams will need governed environments with Snowflake access. Sales teams will need environments with Salesforce credentials pre-configured. Marketing will need environments with Figma and content APIs. Product will need prototyping environments. Legal will need secure document processing environments.
Each of these teams needs: cloud environments, database access, API credentials, deployment targets, and approval workflows. That's platform engineering work. The user base just went from 200 engineers to 2,000 employees across every department.
This is exactly the problem we built the AI Builder Portal to solve. Platform engineers define governed blueprint environments per team. Builders pick a blueprint, click Create, and get a fully configured workspace with built-in AI coding tools - running on the company's own Kubernetes cluster. SSO, RBAC, audit trails, publish approvals, agent governance, cost controls. The full governance stack, with a builder experience that's as fast as the ungoverned alternative.
The point is: OpenAI built the engine and the adapters. Your platform team builds the guardrails. That's the stack. And the platform teams that move first will define how their entire company builds for the next decade - the same way the teams that built internal developer platforms in 2016 defined how their companies used the cloud.
What to Do This Week
If you're a CTO reading this, here are four things you can do before your next leadership meeting.
1. Audit what's already happening
According to OpenAI's June 2, 2026 announcement, 20% of their 5 million weekly users aren't developers. Some of them work for you. Find out which teams are already using OpenAI Codex, Lovable, Bolt.new, or Replit. Talk to your sales ops lead. Talk to your finance team. Ask marketing. You will be surprised.
2. Don't ban it
I've written at length about why banning doesn't work. 80% of employees already use shadow IT. The AI builder wave is growing 3x faster than the developer wave. If you ban it, you don't stop it. You just lose visibility. And the next time you find out about an ungoverned app connected to your production database, it won't be because your platform team caught it. It'll be because an auditor did.
3. Stand up a governed builder environment
Give your teams the same one-click experience they get from Lovable - on your infrastructure, under your governance. Pre-configured blueprints with the right database connections, the right API credentials, the right network rules. Builders never touch infrastructure. They never see credentials. But everything runs on infrastructure you control. See how it works in practice in Build with Claude Code, Deploy with Qovery or explore the full Remote Dev Environments solution.
4. Start with one team
Don't boil the ocean. Pick the team where the need is most urgent - usually finance or sales ops. Stand up a blueprint. Let them build. Measure what they produce. Use that as the proof point for the rest of the org.
Key Takeaways
According to OpenAI's June 2, 2026 announcement, OpenAI Codex has 5 million weekly users; 20% are non-developers growing 3x faster than engineers
Six role-specific plugins now serve finance (Snowflake, Databricks), marketing (Figma, Canva), sales (Salesforce, HubSpot), product (Figma), and investment teams (Moody's, FactSet, S&P)
OpenAI Codex Sites let anyone create hosted web apps shareable via URL - with no enterprise governance layer for data residency, SSO, RBAC, audit trails, or deployment approvals
The missing piece is a governed runtime: blueprint environments, approval workflows, RBAC, audit trails, data residency - running on infrastructure the enterprise controls
Platform engineering teams that build this layer now will define how their organizations build for the next decade
Frequently asked questions
Is OpenAI Codex safe for enterprise use?
OpenAI Codex is a powerful AI coding tool used by 5 million people weekly. For individual productivity, it's excellent. For enterprise use in regulated industries - financial services, healthcare, insurance - the current feature set lacks SSO, RBAC, audit trails, data residency controls, and deployment approval workflows. Enterprises that need these capabilities should pair Codex with a governed builder platform that provides the missing governance layer on their own infrastructure.
What is OpenAI Codex Sites?
Codex Sites is a feature announced on June 2, 2026 that lets OpenAI Codex create interactive, hosted websites and apps shareable via URL within a workspace. Teams can create dashboards, planners, project boards, and lightweight tools. Sites are currently in preview for Business and Enterprise customers. The feature does not include data residency controls, publish approval workflows, or compliance certifications.
What are the enterprise risks of OpenAI Codex plugins?
The six role-specific Codex plugins (Data Analytics, Creative Production, Sales, Product Design, Public Equity Investing, Investment Banking) connect to production business tools like Snowflake, Salesforce, and HubSpot. The enterprise risk is that data from these systems flows through OpenAI's infrastructure without enterprise-grade governance - no RBAC scoping, no audit trail of what was queried, and no data residency guarantees for regulated industries subject to GDPR, HIPAA, or DORA.
What is a governed AI builder platform?
A governed AI builder platform is an enterprise layer that provides the same one-click builder experience as consumer tools (Lovable, Bolt.new, OpenAI Codex Sites) but on infrastructure the company controls. It includes governed blueprint environments per team, SSO and RBAC for access control, audit trails for every action, publish approval workflows, agent governance (monitor, enforce, kill switch), and cost controls. Qovery's AI Builder Portal is an example, running workspaces on the customer's own Kubernetes cluster.
How do platform teams govern AI builders across the organization?
Platform teams govern AI builders by creating pre-configured blueprint environments for each team - finance gets Snowflake access, sales gets Salesforce credentials, marketing gets content APIs - all secured with network rules, RBAC, and audit trails. Builders pick a blueprint and start working without touching infrastructure or seeing credentials. An approval workflow ensures nothing goes to production without admin review. The key principle: the governed path must be faster than the ungoverned workaround. Read more in Don't Ban the Builders - Govern Them.
Romaric founded Qovery to make Kubernetes accessible to every engineering team. He writes about platform strategy, developer experience, and the future of cloud infrastructure.
Next step
Your builders are already using Codex. Give them guardrails.
The AI Builder Portal runs on your Kubernetes cluster with SSO, audit trails, and publish approvals. Same builder experience. Your infrastructure.
