#codex-security-feedback

We're introducing Codex Security.

An application security agent that helps you secure your codebase by finding vulnerabilities, validating them, and proposing fixes you can review and patch.

Now, teams can focus on the vulnerabilities that matter and ship code faster.

https://openai.com/index/codex-security-now-in-research-preview/

hi

hi

guys how2use codex security lol

lowkey, its been great, it has patched a lot for me, a great feature!

meow

Nice. Hi

Yoo

tbh, didn't worked much well for me

wow

My feedback is to give it as a trial for plus accounts, otherwise I have nothing to cmpare it with

I have never used Codex 😍

where do i find it

how do we get added?

@opal schooner If you have Pro or a Business account it should just be in Codex web for you?

I don't even know what codex is in the first place (I don't use ai to code haha)

ah no, i have plus

How can I use Codex Security? My codex macOS app doesn’t has this agent

turn on gif pls )

@oak spoke That is great to hear. Of course, always interested in both good and bad feedback!

Same here. That’s too bad I love codex

Didn't know this is a thing, very epic, looking forward to playing with it

doesn’t it just create a security audit of the whole codebase?

anything for enterprises that are using api based access? we use openai through opencode currently

Right now this is a "web" only feature (i.e. it relies on Codex environments, etc.)

Wish it was accessable through Plus. Very limited now due to only Business & Pro.

Yea once it’s on plus I’ll make sure to give some feedback, it’s a very good idea to have codex helping with security

Exactly

Oh thanks. And I thought it was available to Plus, but as some people said here it is not. I’ll wait it gets available to plus.

That’s a such desired feature, hope to be able to use it asap

Currently using codex for a full local first img studio gone threw my pro quota a few times but still worth it the new updates seem cleaner and faster

How do I use Codex security?

You need pro or a business plan

Or Edu I'm fairly sure

Aww

Its not yet in codex vs ext😭

I got pro. Where should I go for more info?

...

I’m sorry, but Codex isn’t exactly very good at design yet. It still needs a lot more improvement overall, especially when it comes to creating polished, modern, and well thought out UI work.

I haven't used Codex Security because I'm a Plus user, not a Pro.🥀

honestly the product is trash--i had it scan three repos and nothing shows up in the scans list

What does this have to do with security?

exactly

it's like it doesn't even work

more info here: https://developers.openai.com/codex/security/

What's your biggest issue with the UI work?

security is working good, the advantage here is context aware security findings, instead of being generic,
Would really love to see it in CLI though!

We really need a 40$ plan for those who want to support more but cannot afford 200$.
Thats better than having people spend the other 20$ on claude sub instead

oh wow

It’s really about understanding the task well and staying up to date with what design trends are current. In my experience, Claude has been a better option for that than Codex, sorry.

200$ is way too much and we dont have any reasonable in-between

@stuck scroll It's possible the scans did not get registered? Happy to look at whatever error you got in more detail.

Just some feedback .

Those are all questions for the larger codex team - I only deal with Codex security 🙂

@frigid gorge did you know you can edit the threat model?

@jaunty pike there is no error--just literally blank lists in the left sidebar. and the repos can't be selected again because it says they are already being scanned. this is on Enterprise for a large company.

"no findings to show", "no scans to show"

Is there any expected date to Codex Security gets released for Plus subscription?

Is the rest of the team aware that many 20$ subscribers would love to upgrade to 40$ sub ? Thats a win-win scenario for both users and company.

@stuck scroll Out of curiosity, how large are the repos? "No scans to show" would indicate the scan was not there? That sounds like an error in the backend.

Is there a hidden repo with a bunch of code related to malware and you inspect it side by side or is it just an AI Model that trained to detect malware patterns?

Or is there anywhere else one can submit such feedback?

Codex security is not really a "malware" scanner so much as a "code security issue" scanner and workflow.

Is there documentation on how it works besides the introduction part on OpenAI or is there other resources I can learn more about code security issues and workflows?

Its basically same as running /review but with some bonus prompts is my guess

@jaunty pike cool product: how does scanning commits work? Is it different from Codex PR reviews?

It's fairly different - without delving into a sales pitch or tradecraft internals - one big difference is the validation workflows to reduce false positives.

@jaunty pike It's fantastic but would be better if there was a way to import the issue into the Codex app to work on. When does it stop scanning? Or should it go forever? I may be misunderstanding but I thought it said I had 5 scans? Is that 5 repos that can be scanned?

OHWAIT. Hang on. It fixes too? I thought it just highlighted errors

Yes.

You can click a button to get a PR made

Very impressed. Only problem is the carpal tunnel I'm about to get with all these PRs 😂

Or you can click a button to get a cut and paste clipboard note and just paste that into your tool of choice for fixing

should I expect more findings if I'm already using codex PR scanning?

But "just make Codex fix" is what I do

Initial impression of the security scanning is that it doesn't understand architecture, and only looks at how things fit together. Lots of "security issues" that were identified are just blatent false positives or not understanding the purpose of the applciation that was built.

It did find some edge cases that I previously didn't think of that were useful. The "threat modeling" seems like an ok starting point, but vs an actual threat model it's severely lacking if you've done them before.

Happy to explore more if needed, I've been working in security for a while now.

For sure - did you know you can edit that threat model?

Does it use xhigh or medium reasoning though?

I can't really talk about the internals (and they wouldn't make sense with public terminology anyways)

Xhigh is very false positive ish model that acts like shizo buts good at ui

Medium/high are much better overall otherwise

Are you telling an OpenAI employee how to use an OpenAI model? 😂

What do you mean by edit the threat models?

To be fair, I am happy to hear people's experience with the models1

I wonder why would they want to create #codex-security-feedback if they didnt want feedback 🤔

Are you part of another security company helping OpenAI or is codex security all OpenAI's work?

Like I go in and edit the text output of the threat model? Would this look at the scan differently? Is that how this is meant to be used? Or do you mean you can edit the text

Yes, you can edit the threat model and that affects the scan results. For example, if you go to Codex Security, then "Scans" then pick a scan, you can click "Edit" and then you get to edit it.

Although you don't HAVE to do this

But if you are getting poor results because for whatever reason you got a threat model that you don't agree with, that is one way to re-align it

That's interesting. Definitely will have to mess with it more

I work directly for OpenAI on this product @craggy flare

are these threat models pre designed or can we enter our own if we're suspecious of something or want to try something out?

Both! 🙂

Hi @jaunty pike,

I haven’t used Codex Security yet, but I’m curious about its purpose.

I recently vibe-coded a mini-CRM system for our company. Our ICT partner says this could be risky because the code wasn’t written through a traditional development process.

Could Codex Security be used to analyze an application like this and verify whether it’s secure and safe to run in a company environment?

One thing that I have in my repo is a lot of documentation going over why things are done in certain ways, and the purpose of many different parts that LLMs in general don't understand as well as a map of the structure of the repo. It is a production application with thousands of users for a side project of mine. I was exploring it for enterprise use for repos.

In general what do you think has been the feedback from it so far? What are the strengths/weaknesses @jaunty pike

Happy if you can point to resources I can read as well

Certainly there are no guarantees in life, but I feel safer when Codex Security looks at something. We use it internally and it finds things.

I think you still need to review it, but it can act as a "2nd review" in case you missed something

First you need to give us access if you want to hear feedback lol
PRO user here, paying significantly more than default accounts that got access to the model 😉

I don't yet have enough information to really say what the strengths and weaknesses are. Pro users should already have access!

Default (plus) accounts dont have access to this, no?

Yes we do 😄

So would you say that OpenAI has used Codex security on Codex itself to iron out it's potential vulnerabilities and exploits?

Every Pro/Business/Enterprise/EDU should have access to five free repo scans right now

Definitely an improvement over just the DAST/SAST/SCA scanning that people do, but early stages in terms of value vs a dedicated person doing threat modeling.

is there a limit per day or 5 for life?

And plus have no access at all? Or less?
Will they in future? Or they won't just like the spark?

Worked great for me. I had made two repos for aa business that held sensitive data and ditd tranasactions. i had hacked the repo myself using shannon and some other tools and it covered alot, and then codex security found 1 additional hole the others had not. so it was better than shannon! -- I come from an art background so this additinoal tool made me feel good about the work I was sharing.

I can't comment on future business plans, but we've publicly stated we are doing a free month

Thats great to hear @sharp sapphire

But is this meant to be a pro or higher only feature? The way spark is?

Or is it rolling out to plus too rn?

Currently it's "Pro and similar", more than that I can't comment on.

Will Codes Security come to the Codex apps on Win/Mac?

A great question and one I hope to answer in the coming months.

As you might be able to see, we are working very quickly at improving Codex in many ways.

Does the security consume normal quota like reviews do?

Right now it consumes nothing.

Defo faster then befpre haha

I mean after the 5 free ones

This is something I have no further information on.

Wait so if someone uses 5 then it stops or they can pay for more or?

Currently I believe you would be limited to 5 (at a time?) I am actually not sure. 🙂

how do we use codex security?

This is about a codex security skill that open Ai released or security through codex use in general?

Is there a cooldown period or just 5 and you're done for now?

Go to https://chatgpt.com/codex/security/

says not found

@craggy flare Scans are continuous. So 5 repos -> every commit to main branch is scanned.

@thick field Do you have Pro/Ent/Bus account or Plus?

i have a plus account

That is why then

oh i see

@jaunty pike Do yo look at private messages at all? May be something to alert to someone as a potential misuse.

Apologies I am not in charge of things other than "Gathering feedback, answerin questions, fixing bugs" 🙂

Is it available in cli or app?

How long does the scan take normally? I've just kicked it off on a pretty large open source repo (https://github.com/budibase/budibase)

And you have no info to when it's gonna be rolled out to plus members? If it's even gonna get a release at all?

It can take a few minutes (maybe half an hour sometimes) to get started?

Thank you for the info 🙂

why is this a paid feature and not avaible on free tier?

Tried signing up a few weeks ago, app apparently hates my drivers license. 4 times trying, so been unable to try, but… Will try again tonight.

Codex doesnt even have free tier 💀

(Its a temp promo rn)

ik

but why paid only and not on the temp promo

Because plus (20$ users) dont have it either.
We also dont have codex spark too

My team's biggest complaint so far is that there's no way to properly "export" the finding into a clean format like a markdown report or a zip archive

Also we're seeing a bunch of false positives and don't see any way to rate findings in the interface, except for the "adjust severity" thing.

I used codex to solve 41 security errors in supabase in a oneshot sql, so thats nice. Didn't even break my database or anything

some findings are real though, so it's definitely good! just needs more judgement and taste on what's intended and what's not

@halcyon rivet Is there an underlying theme to when it gives you a false positive?

The adjust severity thing is how I write notes about particular bugs, although that is being worked on by teh team

Are you guys monitoring people using this to scan public repos to look for exploits?
I'd be very concerned about that for open source software that is heavily used especially. Ideally any scans would be opened up as a PR or similar so that the maintainers know that it's being scanned or similar.
Mostly a safety issue, or do you feel like this is nothing new compared to the SAST/DAST/SCA scanning that can be done anyways against repos?

We are doing our best to get the open source community (who get free access) to also use Codex Security, but the attacker community has been an early adopter of these types of tools and already has this kind of thing

When you say have this kind of thing, what competing software is there with it atm? I'm not aware of any so just curious

The offensive community is quite active, and it's hard to say there's a donuts to donuts comparison, but there are a lot of projects in this space!

Mostly on the blue side so will have to ask some of my red team buddies then, thanks

Mostly two categories: (1) not reachable in real conditions and (2) working as intended

we got like ~30 findings from codex security on the first run, processed about half of them and so far 1/3rd are good. that's a good result actually in that codebase but there's room to grow 🙂

sometimes i have to press okay to everything

sometimes not, that confusing me a lot

neither does pro

pro does, consider logging in

?? Where do you get access to this model? It is surely not in the cli?

Codex Security is web only for now

lol?

aah, ok, that explains everything. Not using web

It means it needs actual repo access, I guess, not local

On the web edition ^
U need Pro tho

I have pro
Just checked -

1. It needs you to connect a factual online repo
2. While that would somewhat be something i could go with.,.. tos 2.4 was then immediately killing the joy again ahah

So.. corrected - yes pro has access to the model 🙂

What I understand is that plus can’t use codex security yet?

So the left sidebar is just blank--"No accessible repositories are available for your configured scans." But I've set 3 repos to scan--I can confirm that because they are greyed in the repo list and say "Repository is already scanned in this workspace." Not sure how to measure repo "size"

in bananas

Hm, ours finished with only two findings. (I find this really quite hard to believe given the size and scope of our repo). I was under the impression that it scanned the whole repo, but it only scans the last N commits, is that right?

Yes (based on time I think). So the last three months of activity say.

My scans have said they have been running all weekend, is it a bug? Should I stop, delete and scan again?

@jaunty pike I did want to say I appreciate you for making this and look forward to the future of it.

I'm assuming you mean that status = scanning. As far as I can tell this means that it will scan any commits as well that happen, not that the scan is still running. That only took a few hours for mine to complete.

It should say "Done scanning, will scan future commits" or something

yes - did experiment with those tweaks and they are useful and pushes for further customization, its very interesting

Ah okay so it's just waiting for new commits and it's done, yeah that's not too clear

Think product is not that great

It only scans commits not the repo?

Can we put more coding support in the chatgpt app instead of ide

Lots of devs dont access ide for coding

Correct, for now

But it uses the whole repo. Think of the commit as just a seed of context ?

What’s the url?

The link in the FAQ goes to a 404

Bill you need pro. 🙂

You guys wanna see what some of the highest tier mitigation in seconds looks like for a FEDRAMP application

I'm confused by your question but sure ?

Absolutely amazing, I've been working on this project for 7 days of me programming and months of AI and our teams research.

Now what it found there would have taken us a month to find internally.

Now to test it on the native Codex application I just built.

Is that only the $200 package?

This is a top notch report right here, show your friends. That is true true understanding of a LARGE LARGE codebase.

Hats off boys, now to go play some more.

I forked a friend's repo and added a scan for it. It was in the queued section but after refreshing the page, it's gone, but i see this when i hover the question mark. i can't remove it, and it deducted one of my available scans. is it still running? anyone run into this?

edit: nevermind, it finally showed up

How to use this? I use Codex cloud only.

Codex -> Security -> Create Environment

Top right, near the word Codex

Super impressed with the bugs found from a run! Thanks for the quality ship and taking feedback. The validation reports and scoring are all great.

#1 Feature request: Exportability. Print to PDF doesn’t work well with the scan page. And even that would not include findings. It would be really nice to take this run as a point-in-time pentest finding with a sampling of findings into a markdown or PDF report.

Love the new security scanning feature — especially helpful for someone without a strong security background.

One thing I ran into while fixing issues:

• I submitted PRs for all findings marked Medium or higher, and most fixes have been merged.
• However, the Findings list still shows a few Medium issues even though the fixes are merged.
• At the same time, the Scans page summary still reports the original number of Medium issues.

So the UI currently shows something like:

• Scan summary: higher number of Medium findings
• Findings list: smaller number remaining after fixes

It’s unclear whether:

• the scan results haven’t been refreshed after merges, or
• findings are tied to the original scan snapshot.

Would be great if the dashboard updated automatically or clearly indicated when a re-scan is required to clear resolved findings.

Can I really not share my findings with other team members?

(We're on the Team plan)

I guess shareable finding links should be accessible to your team members

Yea, turns out my team member hadn't onboarded properly. All good.

Hey. Thanks for opening codex security, it's really promising

I am curious, would there be a way to customize the scan? For example if I have a bunch of skills for domain specific issues, would there be a way to integrate them in the scan easily?

Try putting these skills in the repo maybe?

Not sure if it’ll work though as it scans the commits specifically

Yes I was thinking to experiment with adding them in the threat model or in the environment, so that I dont have to mess with the git history. But a "knowledge library" or something I can easily share across projects would be neat

Will Codex Security be released for use with Codex CLI?

it can only find minor defect. i hope it can has more defend system like the startup recently openai purchase.

Great at finding small regressions in addition to small security issues. Not sure if you want to classify regressions | security in the UI (the model does in the description)

200 dollar package only

I am enjoying this feature as I am learning to build a long time project into a secure open facing repo with baked in security. There is still so much for me to learn and this tool is helping me make better design choices as it matures.

I don't think we use "skills" yet tbh

How long does Codex Security take approximately for a scan?

Scans are continuous - but we look "backwards" a bit as well.

@alpine shale Currently we don't use "skills" but we can certainly add that to the list 🙂

@lost jetty Thanks for the note: In theory there is an agent that looks to see if things have been fixed and then removes the finding from your view when they are...in practice I think it's not working as well as we'd like.

@jaunty pike I have ~ 2500
commits in a repo. 500 scanned when I initially created the scan, and about 200 scanned tonight. What’s the expected time for a full scan? Is there a time wise look back (ie only commits last 12mo)?

We are adjusting the scan depth (how many commits scan) to manage capacity. Scan time truly depends on the size and complexity of the repo. For small repos, it can be less than a day

Awesome. Even if it's not directly skills, but any way to simplify sharing domain specific issues would be neat (ex: I work in blockchain, and there are a lot of protocol specific issues that models are not fully trained on)

I definitely would recommend just adding as much information as you wanted to the threat model

(To be fair, I've only done minor testing against blockchain-related things, but the system did quite well at those tests)

Smart cookie. That’ll get you some eyes.

Used it a bit - haven't gotten too many useful insights. Some repos that should have tons of insights to find only have a few minor suggestions.

I have the same feedback for code review - the results have always felt lackluster compared to the models themselves. Asking codex directly can find tons of issues.

I know how it is, and you can't throw an army of 5.4-xhigh agents to scan a codebase and every commit, but it'd be nice if a codebase scan and higher thinking/parallel workers was an option. I'd be fine with it using my sub usage or paying for extra usage to get better results

I mean we throw a small army of agents at everything 🙂 what kind of bugs are you expecting to find ?

DM'd a small note - no need to reply there.

Lots of auth, sessions, permissions commits recently and it only caught 1 high. I'm flattered, but I know my code isn't that good. A prompt on 5.4-high to "analyze <component> and report security issues" was able to find a bunch of issues across auth: totp , session handling and invalidation, jwt issues, role and permissions permissiveness, etc. Security flaws, not just code bugs

Is Codex Security the reason anyone here first logged into Codex Web?

Yes

Feedback: A good (and useful) pr marketing stunt would be running few codex and few claude reviews, then showing all the bugs codex found that claude couldnt, and the price difference!

Users would have proof which one is better 🥳
Furthermore id have another bonus reason to hate on anthropic!

Yup

For my small business each employee maintains an individual Pro subscription to use with Codex. It seems with this setup we are excluded from Codex Security. It would be useful if we could access the research preview.

You should have access because you have Pro - but I don't think you'll be able to share findings?

FWIW we have many many features and improvements in the queue - just loading up the PR's - so we hope to have even better results for you shortly! And we appreciate all the feedback from everyone!

My biggest feedback would be “I can’t keep track of 5 places at the same time“, so I didn’t even use it even if my pro sub gives me access to

Having it in the CLI would be very welcome because I simply can’t afford to leave CLI > study a gui > go back to CLI > potentially repeat many more such loops

I know that’s not a model feedback but perhaps it can be forwarded as a general product feedback

The lack of .codexignore or .agentsignore support in Codex CLI is baffling at this point. The community has been asking for this since day one and it keeps getting ignored. This is basic, foundational stuff. Every comparable tool ships with some form of ignore file support because developers need control over what the agent can and can't touch. Without it, Codex is genuinely hard to use safely in any real codebase.
At some point this stops being an oversight and starts looking like willful neglect. Please just build it.

It reads gitignore thou

I've never encountered this issue, what files do you need to put in there which are not already in the .gitignore?

not rlly about codex security

Yeah I mean, I also commit to codex-cli but not on this stuff 🙂

Useful or no?

Does everyone who gave feedback get another free month? 😉

Also, I have had some rendering issues. This has happened more than once.

The UI is definitely getting some cleanup. Hopefully this gets fixed as part of that 🙂

How i can access to codex sécurité ?
Requird plus plan?

Yes also u need pro

5.3-codex is better then 5.4

Is there a way to give feedback to a security issue? It marked "not checking the email validity for sso logins" as issue, but we just trust SSO logins and therefore don't send a verification email. I would like to give feedback for this finding so it will not resurface sometime.

Yes, you can slide that litle slidey thing for criticality and then a window will pop up on that and it will allow you to enter information there, or you could just edit the threat model and specifically add your knowledge there (easiest, tbh).

TIL I can edit the threat model and there is a button to adjust … thanks a lot, I must have been blind the last days 🙂

No it's one of my pain points in terms of nobody knowing they can do that

We have some bigger changes coming soon to address that but hopefully that will help while you wait 🙂

I created a few PRs now and merged them. Do I just wait or do I close the issue? And is there a way to filter for issues with/out PR?

And one more: one PR did get created, but it's still showing up as "create pr", is there a way to link it?

I think there IS a way to filter for issues that don't have a PR? Does this not work?

If you wait, I believe the fix checker should eventually remove the issue from the list (but it has to get around to it). I think the other issue you are having is more "a bug" in the sense that the Codex backend didn't connect properly to the issue when it created the PR? This is probably something that we've fixed already but let me know if this happens a lot!

This does filter for "patch avail", that is if codex has created a patch. The filter works, but it doesn't show "PR created".

My workflow would be: I go over the list and look for things I think needs fixing first (probably bumping them up in severity, but sometimes just "gut feeling"). Then create a PR. That would be the point were I no longer need to look at that issue in codex security anymore, because it's now "in the code".
-> I would like to filter out those.

And "gladly" I have a repo with still 30 reported issues to try out all these things.

Yea, probably just a bug with the gh response or something like that. I will report if it happens again. It did happen two times yesterday, but I hadn't had any time today to look into more issues

A few ideas for improvements:

• Having a “2 steps” process mode, where I can receive an alert once the threat model is generated, so that I can review it and then launch the actual analysis after I updated the threat model
• Sharing more info about the “status”, what does “scanning” mean? Looks like its scanning git history, and I assume new commits, but it would be great to have more details, to know when I should start doing the triage. Right now, I launch it, I wait a bit, and if I see some findings, I start triaging, but I have no idea if its done with the current commit etc
• Generating alerts (ex: by email), once some status are reached (ex: once the first commit on main is analyzed)
• Having time estimate for run completion would be great too (even rough estimate). Like should I wait 2 min, 15 min, 3 hours?
• Having a “open a chatgpt session” with the threat model would avoid having to copy/paste. A killer feature would be for a chat that has also access to the source code

Also I noticed the “scans” list is sometimes a bit out of sync (ex: recent scan shows up, then disappears, then appears again). That said, it’s minor, and seems to happen only within the first minute(s) of a launch

Great ideas. I would change the last one to: "open in codex", I would love to have a real session to fix the problem and not only a one-shot patch.

k

not sure if this security issue or not, but codex app lacks manual /compact which makes the app borderline unusable for any serious work

codex security is a seperate product.

i like to open a pr and ask my codex to review the patch, and expand. but i agree

you can use gh pr checkout xxx to checkout the branch of a pr, then use codex to further do stuff.

Please build a proper OpenAI IDE.

Not just an extension or a chat panel inside someone else’s editor, but a full development environment where the model is built into the actual engineering workflow: understanding the whole project, preserving context across sessions, making safe code changes, running checks, working with architecture, contracts, tests, and local tools.

Right now the market feels fragmented: the editor is separate, the agents are separate, the plugins are separate, and context gets lost all the time. What is needed is a cohesive product where AI is not a decorative add-on, but a real development layer.

What matters most:
— stable work with large codebases
— a proper agent orchestration model
— strict control over changes before they are applied
— transparent logs of model actions
— solid local integration with the toolchain, git, tests, and runtime

In short: an IDE, not another “smart assistant” tab.

If this happened eventually, it would significantly disrupt the Saas market, yes? More than it already has?

Regarding learning speed: if even a small model, a 5.4 mini low, learns to see dependencies, it will be able to provide a better answer tomorrow. And I think this is a good step towards personalizing the experience and learning the model in all. If we listen to the CEO's goals, we can say that this is important

I can't speak to the specifics of the application as a programmer, but I know this specifically optimizes the answer to the next question.

It would be enough for a start to integrate security in codex, no need to reinvent an editor/IDE just to get security patches.

Hello - Does anyone knows how frequently the applications for Codex for Open Source are reviewed ?

Codex cli 119.a = open source

Like n other models yk just get clone

I think most problem in gpt disk 💿 configs

I mean open ai need building MORE N MORE SERVERS in something new county I mean

Or... I think they can use old config models like a "LOCAL DISK" ysee

I hope my words help something

@silk hound

Don't worry code rn disabled yk

gpt@misl

@silk hound

@sacred wadi I actually don't know - did you apply and not hear back?

yes

is codex security included in the pro-$100-plan?

Any chance to have Codex security for security researchers?

any answer to the security on 100 plan?

Why should permissions stay only default or full access but not with ranges and more specific scopes ?

Why Codex specifically leans this way

Codex is optimized for:

multi-step autonomous coding
running tests and editing code safely
predictable agent execution in sandboxes

So it prefers:

clear approval boundary (Default)
full autonomy inside a sandbox (Full Access)

Because the sandbox itself is the real safety boundary—not micro-scopes.

The thing is there is no intermediary safety where you can access a project fully, check for what is installed or not, and maybe make virtual env for that project specifically without saying its a high risk. Each system has its own way of protecting ressources and to give permissions but it seems a little extreme;

You’re pointing at a real gap in a lot of agent-style permission systems: they often jump from “restricted / ask for approval” straight to “full trust inside a sandbox”, without a comfortable middle mode for practical development work.

And you’re right—real dev workflows absolutely need something in between.

What you’re describing is basically a “developer-safe autonomy mode”

Not full system access, not constant permission prompts—something like:

Access to a specific project directory
Ability to inspect environment (installed packages, dependencies, configs)
Ability to create isolated environments (venv/conda/docker-like)
Ability to run builds/tests within that boundary
No broader filesystem or system escape

This is very reasonable—and common in human tooling—but harder for agents.

If you want,
I can sketch what a “perfect Codex permission model” would look like (with 3–4 tiers, including the missing middle you’re talking about).

sure

Ideal Codex Permission Model (4 tiers)
Tier 0 — Observe Only (Read-Only Intelligence Mode)

Best for: exploration, onboarding, analysis

Capabilities:

Read project files (scoped to workspace)
Inspect structure, dependencies, configs
Run safe introspection commands (lint, tree, package listing)
No writes, no installs, no system changes

Blockers:

No file modification
No network access
No environment mutation

Mental model:

“You can look, but you cannot touch.”

Why this model works better than today’s “default vs full”

1. It matches real developer mental models

Developers don’t think in:

“approve every command” ❌
“give full system access” ❌

They think in:

“this project environment” ✔
“this dependency graph” ✔
“this repo scope” ✔

Tier 1 matches that directly.

2. It aligns with real OS isolation primitives

Modern systems already support this:

Docker / containers
devcontainers
filesystem mounts
Linux namespaces / Windows SIDs

So Tier 1 is not theoretical—it’s implementable.

(And many Codex sandbox implementations already approximate this idea internally.)

3. It removes the biggest pain point: constant interruption

Today’s “default mode” forces:

per-file approvals
repeated prompts
workflow fragmentation

Tier 1 eliminates that entirely without increasing system risk.

4. It cleanly separates two different security problems

Most systems confuse:

filesystem safety (project isolation)
behavior safety (what the agent chooses to do)

This model separates them:

Layer Problem it solves
Tier 1 filesystem + workspace isolation
Tier 2 controlled autonomy
Tier 3 execution autonomy

That separation is what current Codex UX often collapses.

It's ready! Just follow my instruction

Waiting for it

Look up my messages👆

Do you suggest I pick one of those "Docker / containers
devcontainers
filesystem mounts
Linux namespaces / Windows SIDs" and build within it but does this mean I should install codex in a container ? btw virtual env are limited to those but others could be better prepared because in the cloud many environments are missing

I answered and forgot repy mode UP

Yes—but with an important clarification: you usually don’t want to “install Codex in a container” in the same way you install a normal CLI tool and assume that solves everything.

What you actually want is:

Run Codex inside a containerized development environment, where the container is the “permission boundary,” not Codex itself.

Codex (or any agent) is just the actor. The container/dev environment is the safety + reproducibility layer.
What you should choose (practical recommendation)
Best default: Dev Containers (recommended starting point)

Use:

VS Code Dev Containers
Docker-based dev environment

Why this is the best starting point:

Very easy to set up
Designed specifically for “project-isolated dev environments”
Works well with AI agents
Reproducible across machines and cloud

Think of it as:

“a prebuilt sandbox workspace for your project”

why are you just pasting from ChatGPT?

It helps me, also i correct it's mistakes

GPT output should be posted in #1050184247920562316 not here

Also for you

Oh okay

So, your OS is Linux, right?

Which Linux version? (Arch,Mint, etc.)

Not today, today I use windows 11 pro

Okay

You have a lot of OS, or other devices?

It can be linux for pc or servers, and mac for family or someday i go back to them 😉

Nice! I'll wait for you

So expensive for a little more storage or ram ...

All because AI in the world

where can i find security? i got pro now

Which security?

https://chatgpt.com/codex/cloud/security/

404 😔

wait a few days, I think it took 2 days till I could access it after changing to pro

Did u id verify?

no – and I hope I don't have to, I failed that for API already, something isn't working with my id card (and I have no idea what)

No

I verified, it said passed, then openai website said failed

The id ver is js broken

maybe, a coworker could verify (same country, same type of id), mine didn't work in two different accounts

Yeah its unreliable i guess

I haven't used codex security in a few weeks, and I went back on it this week, pretty cool the see the improvements made to the UI

Hi everyone,
I have been trying to get Codex to stop reading my envs in like a global agents.md but had no luck yet

any tips?

You can lock the env so that only your user and/or your application can read it and run codex as non-root?

codex --config 'permissions.deny=["Read(**/.env)"]'

I think this should work too

I had not tried those options.

Keep in mind, if Codex can launch the app and observe its behavior, secrets can still leak indirectly through stdout, stack traces, debug pages, generated files, or follow-up commands.

The only 100% safe way is to not have codex run it. (along with not giving it access to env)
If you dont need to have codex run it, then just have a script which deploys the app somewhere where codex cant access and keep the env there.

I gave up

How legal will it be to try to hack openai?:)

I mean for sharing problems ofc

Only if it’s explicitly authorized and in scope. Read the bounty/safe-harbor rules first, test only allowed targets, don’t touch real user data, don’t cause disruption, and submit evidence responsibly. Outside scope, don’t do it.

If you’re unsure, don’t waste your time trying tbh

Anybody else seeing real slowdowns when chonical is enabled?

I lost my chat session today even the chat session i archeved

yoo guys, i was tryna verify on https://chatgpt.com/cyber but when i scan my id its always denied, does anyone have the same issue?

I answered you in another channel, you don't need to spam the same question to multiple channels

im sorry, but i only send to channel that related to this issue🙏

#community-help message

Hi everyone im a developer

suuuuure

just insane amount of scammers on discord last few days 😄

There's no information on the site about cost-per-unit, and I understand that's still in the air. But as someone who might upgrade from Plus to Pro or Enterprise, or even work with an Edu, based on anticipated usage of these security features and others, I have no grounding for even considering the topic. Is there any internal speculation that we can banter around about whether the model is something like tokens-plus, or credits per scan, or credits per file? How might tiers be aligned between Pro, Business, Enterprise, and Edu?
Can ya give us anything on this? Thanks!

please fix
"Failed to resume chat
cannot resume running thread 019e23c1-f4ed-75a1-b911-b2d4d662a435 with stale path: requested C:\Users\MR THINH\.codex\sessions\2026\05\14\rollout-2026-05-14T06-52-54-019e23c1-f4ed-75a1-b911-b2d4d662a435.jsonl, active \\?\C:\Users\MR THINH\.codex\sessions\2026\05\14\rollout-2026-05-14T06-52-54-019e23c1-f4ed-75a1-b911-b2d4d662a435.jsonl"

is this screenshot from here?

its the deleted messages though
no worries, they all get dealt with instantly 😄
just feels like there is only more and more of them on discord in general 🤣

that is what I supposed xD

yea.. the amount of scam bots that we delete every day is disheartening

Guys codex has severe bug

Of making the system completely slow

It just runs with cmds

Is there an API endpoint to point Codex to, to start working through and closing these with feedback? Or is it all still web UI only?

I would love that too, in the mean time I'm using Atlas to just create github issues (connected github to chatgpt und using the sidebar) … click on finding - create issue and ack - click on next finding - sidebar: next please … 🙂

Still hoping to find info on pricing. Sorry if I've missed something.
#codex-security-feedback message

hey y'all, i tried verifying my identity for cyber access today and was told i'm ineligible for some reason. i tried "contacting" support but there is no way to contact support at the moment

I am the same, speechless, and when I try to support contact, the "real people" sent to my email with an answer like that We can’t provide additional details about verification outcomes, and Support can’t override the result. You can review the verification requirements and flow here: chatgpt.com/cyber.

there is no alternative course you can take, you have to go through all the verification steps and qualifiers

Usually happens when a PR is based on a previous PR if that helps, I usually tell it to include things like those in PR details, that way you can find which PR the hanging issue was resovled with.