Edited by humans. Written by AI. How our editing works
All articles

AI Agent Workflows: Productivity Gains and Privacy Costs

Nate Jones's Codex file-system workflow is genuinely clever. Before you replicate it, here's what broad local file access actually costs you.

Rachel "Rach" Kovacs

Written by AI. Rachel "Rach" Kovacs

May 31, 20267 min read
Share:
Bearded developer wearing glasses and "YOU*AI" beanie with "LEVEL 1" badge, surrounded by code editor windows showing…

Photo: AI. Zephyr Cole

There's a workflow making the rounds in AI power-user circles right now, and it's worth your attention — not just because it's productive, but because it asks something of you that most tutorials quietly skip over. That thing it asks for is access. Broad, local, "go look at my whole file system" access.

Nate Jones, who runs the AI News & Strategy Daily channel, published a short video recently laying out how his daily AI practice has shifted in the past few weeks. The core move: instead of manually feeding documents into a chat interface, he instructs Codex to browse his local file system, locate relevant files by description rather than filename, copy them into a clean working folder, and then execute long-running tasks against that assembled context. He reports handling 30,000-to-50,000-word document jobs this way — complex drafts, spreadsheets, code — with a consistency he hasn't found in other tools.

That's a genuinely useful technique. It's also a technique with a threat model, and Jones doesn't spend much time on it. So let me.

What "look at my file system" actually means

When Jones tells Codex to scan his local file system and find files by natural-language description — "it's about X, I made it around Y time, find it" — he's granting an AI agent navigational access to his entire machine. Not just a designated folder. The whole thing. And then he's trusting it to copy the right files into a working directory and ignore everything else.

In practice, this means the agent is traversing directories it was never explicitly pointed at. It's reading filenames, likely file contents, and metadata across your system to pattern-match against your description. That process happens on your local machine with Codex, which is meaningful — the data isn't being routed through a third-party server in the same way a cloud-based chat interface would. But "local" doesn't mean "contained." It means the agent has broad read access to whatever your user account can reach, which on most people's machines is: everything.

Before you replicate this workflow, ask yourself a few questions. Does your work machine share a filesystem with personal documents, financial records, or health data? Do you have credentials, API keys, or auth tokens stored in plaintext files anywhere — a .env file, an old notes document, a config you set up years ago and forgot about? Are there files belonging to clients or employers that carry confidentiality obligations? Because when you tell an AI agent to "look around and find what's relevant," you are relying on its judgment — and the accuracy of its search — to determine what it touches and what it copies.

Jones says it "inevitably finds" what he's looking for. That's the pitch. What he doesn't address is what else it finds, reads, and processes in the course of that search.

The tradeoff is real, and it might be worth it

None of this means the workflow is bad. It means the workflow has a cost, and you should go in with your eyes open.

For someone working with proprietary but non-sensitive creative or professional documents, on a dedicated work machine with sensible file hygiene, this is probably a manageable risk. The productivity gains Jones describes are significant enough that a lot of people will reasonably decide they're worth it. The ability to run a 50,000-word editing job, simultaneous multi-threaded drafts, and complex cross-document synthesis without manually curating every file is a real capability unlock.

For someone whose machine also holds client contracts, medical information, personal financial data, or anything that lives under a legal or ethical confidentiality obligation — the calculus is different. Not necessarily a hard no, but a reason to set up a dedicated machine or partition for this kind of work before you start.

The minimum viable security practice here: create a designated input folder, put only the files you intend to share into it, and point the agent at that folder — not at your system. You lose some of the "I don't have to keep track of my files anymore" magic, but you keep control over what the agent actually sees. If that tradeoff sounds annoying, that's because it is. Security is often inconvenient. That's not a reason to skip it.

The prompting shift is the more interesting story

Separate from the file system question, Jones describes something that feels like a genuine inflection in how people are working with AI agents. His framing:

"Help me to define the shape of this task first and then once we define it then we can go execute it agentically."

That's a different relationship with these tools than what most tutorials teach. The conventional advice — still circulating, still useful for simple one-off tasks — is to engineer a tight prompt, hand it to the model, and evaluate the output. Jones is describing something more like collaborative scoping: use the model's reasoning capacity to figure out what the task actually is before you unleash it to go do the task.

He traces this shift to recent model updates, specifically referencing what he calls "Claude 4.7" and "Claude 5.5" — naming conventions I can't independently verify against Anthropic's current release catalog, so take those version numbers as Jones's own terminology rather than confirmed product names. He also mentions trying this same workflow with "Claude Code" and something he refers to as "Claude Co-work" — the latter isn't a product name I recognize from Anthropic's lineup, and it may be a misstatement or an informal label he's using for something else. He finds Codex outperforms both for this specific file-based approach, which he attributes either to Codex's origins as a code-generation tool trained extensively on structured file repositories, or to what he characterizes as compute constraints on Claude's end — though that's his read of the situation, not an established fact.

The architectural argument is plausible without being the whole story. Codex has deep familiarity with navigating structured file sets from its training on public code, but "built for repository navigation" oversells the intentionality — it's more that those skills transfer usefully to text files in folders. Whether the performance gap is architectural, resource-related, or just where the tools happen to be right now is genuinely unclear, and Jones is honest about that uncertainty: "I'm not sure," he says, which is a refreshingly non-confident thing to say in a space full of confident declarers.

What the collaboration shift costs you

The prompting evolution Jones describes — from instruction-giver to collaborative task-shaper — is worth taking seriously. But it also reframes a question that deserves more attention than it usually gets.

When you use an AI agent to help you define the shape of a task before executing it, you're not just delegating execution. You're delegating part of the framing. The model's suggestions about how to scope your task, what questions matter, what "good" looks like — those suggestions are products of its training, its design, and the values baked into it by a company with its own interests. Most of the time that's fine. Sometimes the framing it offers is better than what you'd have come up with alone.

But the more seamlessly these tools shape your work before you even notice they're doing it, the harder it gets to locate where your thinking ends and the model's begins. Jones closes with a line I find genuinely clarifying: "I don't need any particular team to win here. I just want to get more efficient at working." That's an honest and reasonable position. It also implicitly accepts that the teams building these tools are making choices — about data handling, about agent permissions, about what the autoreview system flags or doesn't flag — that shape what "efficient" looks like in practice.

You're not just adopting a workflow. You're adopting someone else's assumptions about how work should go, embedded in a system you didn't build and can't fully inspect.

That's worth knowing before you hand over the keys to your file system.


Rachel "Rach" Kovacs covers cybersecurity and privacy for Buzzrag.

From the BuzzRAG Team

AI Moves Fast. We Keep You Current.

Framework breakdowns, tool comparisons, and AI coding insights — distilled from the best tech YouTube creators. Free, weekly.

Weekly digestNo spamUnsubscribe anytime

More Like This

Bearded man in glasses and beanie gestures while speaking, with "40% BY 2027" in yellow text, bookshelves and LEGO castle…

5 Levers That Decide Your AI Investment's Fate

Nate B. Jones's workflow-first framework for AI investment decisions—plus the security questions every leader is forgetting to ask before deploying agents.

Rachel "Rach" Kovacs·2 months ago·8 min read
Bearded man wearing glasses and a beanie gestures toward camera with confused expression, text reads "NOW WHAT?

Why Your AI Agent Sits Idle After Installation

Installing an AI agent takes 10 minutes. Making it actually useful takes 40 hours. Here's why the industry keeps solving the wrong problem.

Rachel "Rach" Kovacs·3 months ago·6 min read
Bearded developer in beanie and glasses with wide-eyed expression standing before terminal window showing "ollama run…

Nvidia's NemoClaw Bets on Engineering Basics, Not AI Hype

While OpenAI and Anthropic partner with consultants to deploy AI agents, Nvidia's NemoClaw assumes developers can handle it—if we remember basic engineering.

Rachel "Rach" Kovacs·4 months ago·6 min read
Man in beanie at desk pointing to "Senior Partner" nameplate with red X over "Junior Partner" sign, bookshelves behind him,…

Stop Prompting. Start Questioning Your AI Agent

AI strategy creator Nate B Jones says prompt engineering is dead. His 'AI Question Method' has real merit—but there's a data privacy conversation he's skipping entirely.

Rachel "Rach" Kovacs·2 months ago·7 min read
Bearded man in beanie and glasses with thoughtful expression stands beside two illuminated doors labeled with ChatGPT and…

OpenAI’s Codex vs Anthropic’s Opus: Two Different Agent Philosophies

OpenAI's Codex 5.3 and Anthropic's Opus 4.6 represent fundamentally different visions for AI agents—one built for delegation, the other for coordination.

Tyler Nakamura·5 months ago·6 min read
A friendly blue robot with headphones works on a laptop against a colorful geometric background, representing coding…

9 Codex Tips Straight From the Team That Built It

OpenAI's Codex team member Jason Lou published his best practices for using Codex—here's what shifts when someone who built the thing tells you how to use it.

Yuki Okonkwo·2 months ago·7 min read
ACEMAGIC mini PC with colorful ring display showing "TANK" logo and USB ports against blue background with red text overlay

This 128GB Mini PC Has a Performance Dial You Can Actually Use

The Acemagic M1A Pro+ packs 128GB of RAM and AMD's Strix Halo chip into a box with an RGB dial that changes performance modes on the fly—no reboot needed.

Rachel "Rach" Kovacs·3 months ago·6 min read
Man in glasses comparing Cloudflare and NetBird with checkmark and X icons indicating preference for NetBird's setup process.

NetBird's Simplified Architecture Makes Self-Hosted VPNs Easier

NetBird rebuilt its remote access platform from the ground up. The result: one service instead of many, built-in reverse proxy, and no external dependencies.

Rachel "Rach" Kovacs·3 months ago·7 min read

RAG·vector embedding

2026-05-31
1,767 tokens1536-dimmodel text-embedding-3-small

This article is indexed as a 1536-dimensional vector for semantic retrieval. Crawlers that parse structured data can use the embedded payload below.