What version of Codex CLI is running?
0.125.0
What subscription do you have?
Pro
Which model were you using?
gpt-5.5
What platform is your computer?
Darwin 25.4.0 arm64 arm
What terminal emulator and version are you using (if applicable)?
Ghostty
What issue are you seeing?
I received a warning banner stating: "Your conversations have multiple flags for possible cybersecurity risk. Responses may take longer." This appears to be a false positive — my usage is standard software engineering work on my own authorized codebase (no security/pentest/exploit-related prompts). After the flag appeared, responses became noticeably slower, likely due to traffic being rerouted to a different model for additional safety checks.
What steps can reproduce the bug?
Uploaded thread: 019dc392-3872-7692-b27e-a36f2cd3d052
- Use Codex CLI for normal software engineering tasks (e.g., code editing, refactoring, debugging)
- After some number of conversations, the cyber-safety flag banner appears
- Responses become slower after the flag is triggered
What is the expected behavior?
Benign software engineering prompts should not trigger the cyber-safety flag. Normal coding tasks (refactoring, debugging, code review) should not be flagged or rerouted, and response latency should remain consistent.
Additional information
This was reported via Codex /feedback as well. The flag seems to be a false positive from the automated cyber-safety classifier. My work involves no cybersecurity-related activity — purely standard software development.
What version of Codex CLI is running?
0.125.0
What subscription do you have?
Pro
Which model were you using?
gpt-5.5
What platform is your computer?
Darwin 25.4.0 arm64 arm
What terminal emulator and version are you using (if applicable)?
Ghostty
What issue are you seeing?
I received a warning banner stating: "Your conversations have multiple flags for possible cybersecurity risk. Responses may take longer." This appears to be a false positive — my usage is standard software engineering work on my own authorized codebase (no security/pentest/exploit-related prompts). After the flag appeared, responses became noticeably slower, likely due to traffic being rerouted to a different model for additional safety checks.
What steps can reproduce the bug?
Uploaded thread: 019dc392-3872-7692-b27e-a36f2cd3d052
What is the expected behavior?
Benign software engineering prompts should not trigger the cyber-safety flag. Normal coding tasks (refactoring, debugging, code review) should not be flagged or rerouted, and response latency should remain consistent.
Additional information
This was reported via Codex /feedback as well. The flag seems to be a false positive from the automated cyber-safety classifier. My work involves no cybersecurity-related activity — purely standard software development.