Skip to content

False positive cyber-abuse classification during personal job-application workflow #31032

Description

@jingyi-zhao-01

What version of the Codex App are you using (From “About Codex” dialog)?

codex-cli (vscode extension): 0.142.5
Date observed: 2026-07-03.

What subscription do you have?

Pro

What platform is your computer?

Linux 7.0.14-arch1-1 x86_64

What issue are you seeing?

I received a cyber-abuse-style account warning during a benign job-application workflow (scan job posts -> tailor docs -> draft outreach), and subsequent Codex actions were blocked.

Observed behavior:

  • Workflows include web page access and document/tool automation for personal job-referral preparation.
  • No harmful content was generated, and no policy-violating payloads were intentionally sent.
  • The session was interrupted with a warning and safety block.
  • The account-level block affected productivity and provided little actionable reason.

If available, paste full error text:

Image

What steps can reproduce the bug?

  1. Run a benign, benignly automated Codex workflow for public hosted jobs processing and draft creation.
  2. Open external job-related pages and generate outbound draft content using the same session.
  3. Repeat over multiple iterations in one session.
  4. Trigger: Codex indicates a cyber-abuse / safety block.

Please include if available:

  • Not Applicable

What is the expected behavior?

  • Benign developer workflows should either proceed or explicitly ask for escalation before strict enforcement.
  • The warning should include a concrete reason and minimal reproducible cause.
  • Block scope should be thread/session-scoped when possible, not account-wide.
  • Provide a clear recoverable path and a recovery/appeal hint without forcing user churn.

Additional information

Impact:

  • Blocks normal, non-malicious job-application automation in a recurring workflow.
  • Adds manual overhead and reduces conversion speed for time-sensitive referrals.

Suggested fix:

  • Improve safety observability so users can see why a warning is raised.
  • Add recoverable action path for verified false positives.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingcodex-webIssues related to Codex Websafety-checkIssues related to safety and abuse checks

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions