codex - 💡(How to fix) Fix False positive cyber-risk flag disrupted Kaggle ONNX Runtime competition workflow [4 comments, 3 participants]

What version of Codex CLI is running?

codex-cli 0.124.0

What subscription do you have?

ChatGPT Pro

Which model were you using?

gpt-5.5 high

What platform is your computer?

Windows 10, version 10.0.19045.6466, x64

What terminal emulator and version are you using (if applicable)?

Windows Terminal

What issue are you seeing?

False positive cyber-risk flag / account-level mitigation during a legitimate Kaggle ONNX competition scoring investigation.

I am working on The 2026 NeuroGolf Championship, a Kaggle competition workflow involving ONNX Runtime, ONNX model scoring, profiler/accounting behavior, shape inference, score CSV deltas, local reproducibility checks, and high-throughput experiments on my own remote GPU server.

To be clear: I did ask Codex to reason about whether unusually high leaderboard scores might be caused by an ONNX / ONNX Runtime / competition scoring loophole or edge case. I also used words such as “漏洞” / “vulnerability” in that competition-scoring sense. The purpose was to understand whether top leaderboard scores were relying on a model-runtime or scoring-accounting edge case, not to attack or compromise any third-party system.

This is not cybersecurity work in the sense of intrusion, malware, credential theft, privilege escalation, persistence, exfiltration, or unauthorized access. The work is local Kaggle competition analysis and reproducibility testing.

The Codex CLI flagged the chat/account while I was doing ordinary local project analysis, including:

• asking whether the leaderboard score jump might be due to an ONNX Runtime or competition scoring loophole
• searching local project files for score/runtime/profile/accounting terms
• reading local CSV score files and research notes
• asking Codex to explain a local ONNX/Kaggle codebase
• investigating why a competition score jumped from around 5148 to around 7600
• planning local and remote reproducibility checks on my own GPU server

Example prompts / context, with private paths redacted:

“顶层已经这么高了。是不是 onnx 有什么漏洞？”

“Continue the NeuroGolf ONNX task.

The 7600.42 score likely comes from an ONNX Runtime or profiler/scoring discrepancy, not from normal algorithmic optimization.

Please document the root cause as:

• which task/file triggers the score jump
• whether it depends on ORT shape inference, graph construction, runtime timing, or score accounting
• whether the behavior is reproducible locally
• whether it should be separated from ordinary optimization submissions

Avoid security terminology. Treat this as a Kaggle competition scoring/runtime bug analysis.”

“Explain this codebase.”

“Find and fix a bug in @filename”

The CLI showed these messages:

“This chat was flagged for possible cybersecurity risk If this seems wrong, try rephrasing your request. To get authorized for security work, join the Trusted Access for Cyber program. https://chatgpt.com/cyber”

and later:

“Your account was flagged for potentially high-risk cyber activity. Requests may be slower while additional verification is applied. To regain faster access, apply for trusted access: https://chatgpt.com/cyber or learn more: https://developers.openai.com/codex/concepts/cyber-safety”

The CLI also showed:

“Feedback recorded (no logs). Please open an issue using the following URL: ... Or mention your thread ID 019dc141-88e7-7802-831a-87bc87ffe418 in an existing issue.”

This looks like an overbroad cyber-risk classifier false positive. It appears to be treating Kaggle/ONNX/competition-scoring terminology as cybersecurity activity, especially terms such as “漏洞”, “vulnerability”, “bug”, “runtime”, “profile”, “probe”, “payload”, “scoring”, “leaderboard”, or “ONNX edge case”.

This happened during a competition-critical workflow and caused real disruption. Another Codex window was also affected, suggesting the false positive may have carried over at the account/session level rather than being limited to a single prompt.

I did not attach full raw logs because this is an active Kaggle competition workflow and the logs may contain sensitive local paths, private research notes, score/submission strategy, and remote GPU connection details such as hostnames/IPs, SSH ports, usernames, passwords, or keys. I can provide redacted logs or screenshots if needed.

What steps can reproduce the bug?

Uploaded thread: 019dc141-88e7-7802-831a-87bc87ffe418

1. Open Codex CLI 0.124.0 on Windows 10 x64 in a local Kaggle project directory for The 2026 NeuroGolf Championship.

2. Use model: gpt-5.5 high

3. Work on Kaggle/ONNX Runtime scoring analysis. The task is to reason about whether unusually high leaderboard scores may be caused by an ONNX Runtime behavior, model profiler/accounting discrepancy, or competition scoring loophole.

Example prompt:

“顶层已经这么高了。是不是 onnx 有什么漏洞？”

Another example prompt:

“Continue the NeuroGolf ONNX task.

The 7600.42 score likely comes from an ONNX Runtime or profiler/scoring discrepancy, not from normal algorithmic optimization.

Please document the root cause as:

• which task/file triggers the score jump
• whether it depends on ORT shape inference, graph construction, runtime timing, or score accounting
• whether the behavior is reproducible locally
• whether it should be separated from ordinary optimization submissions

Treat this as a Kaggle competition scoring/runtime bug analysis.”

1. Search/read local project files and notes containing ONNX/Kaggle scoring terms.

Example command, with local path redacted:

rg -n "7600|5148|score jump|scoring|accounting|runtime|profile|onnx_tool|ConstantOfShape|dynamic|dtype|initializer|leaderboard|task157|task177|task002|task337|task276|task309" <LOCAL_PROJECT_PATH>

1. Read local research notes and CSV files related to score deltas, task IDs, ONNX Runtime behavior, and profiler/accounting behavior.

Example redacted files: <LOCAL_PROJECT_PATH>/research/experimental_edgecase_playbook_20260425.md <LOCAL_PROJECT_PATH>/research/experimental_edge_queue_20260425.csv <LOCAL_PROJECT_PATH>/research/lb_public_scores_20260425.csv

1. Ask Codex to explain the local ONNX/Kaggle codebase.

Example prompt:

“Explain this codebase.”

1. Ask Codex to fix a local code issue.

Example prompt:

“Find and fix a bug in @filename”

1. Use or plan to use my own remote GPU server for high-throughput local experiments. Any actual remote server details are private and redacted.

Example redacted form:

ssh <USERNAME>@<REMOTE_GPU_HOST> -p <SSH_PORT> password/key: <REDACTED> remote path: <REMOTE_PROJECT_PATH>

1. Observe the CLI displaying cyber-risk warnings and applying account/session-level mitigation, even though the workflow is Kaggle competition scoring analysis and private infrastructure experimentation.

2. Open another Codex window in a separate local project directory and ask for ordinary codebase explanation. Observe that the other window is also affected, suggesting that the false positive may propagate beyond a single message.

What is the expected behavior?

Codex should distinguish between cybersecurity exploitation and legitimate Kaggle competition scoring/runtime analysis.

Expected behavior:

• Do not flag or degrade ordinary ML/ONNX/Kaggle scoring analysis as cyber-risk activity.
• Do not treat the word “漏洞” / “vulnerability” as automatically cybersecurity-related when the context is ONNX Runtime behavior, competition scoring, leaderboard analysis, or model profiler/accounting.
• Do not apply account-level or cross-window mitigation for local competition code analysis.
• Allow the user to analyze ONNX Runtime behavior, profiler/accounting differences, shape inference, local score reproduction, leaderboard anomalies, and remote GPU experiment orchestration on the user’s own server.
• If the classifier is uncertain, use semantic review by a stronger model or human review before degrading/blocking an active coding session.
• Provide a private and secure path for logs when logs may contain competition-sensitive information, private paths, remote server connection details, usernames, credentials, or submission strategy.

In this case, Codex should have continued helping with local repository analysis, ONNX Runtime scoring investigation, and reproducibility documentation instead of flagging the session/account as potentially high-risk cyber activity.

Additional information

This is especially disruptive because the workflow involves an active competition and time-sensitive experiments.

I use my own remote GPU server for high-throughput ONNX/Kaggle experiments. Normal workflow messages may include server connection details such as host/IP, SSH port, username, authentication method, local/remote paths, environment variables, and job commands. These are not related to attacking any third-party system; they are normal infrastructure details for running my own compute jobs.

Because of that, I cannot safely post full raw logs in a public GitHub issue. They may contain:

• private local paths
• remote GPU server host/IP and port
• usernames or credentials
• SSH keys or authentication details
• Kaggle competition strategy
• score/submission notes
• private research notes

Please use the thread ID below to inspect the relevant session internally:

Thread ID: 019dc141-88e7-7802-831a-87bc87ffe418

Codex CLI version: codex-cli 0.124.0

Subscription: ChatGPT Pro

Model: gpt-5.5 high

Platform: Windows 10, version 10.0.19045.6466, x64

Terminal: cmd.exe / Windows Console Host

The core problem is not that the word “vulnerability” appeared. The problem is that the classifier failed to understand the context: this was a Kaggle/ONNX competition-scoring loophole investigation, not cybersecurity activity.

Please escalate this as a false positive and improve the classifier so legitimate Kaggle/ONNX/runtime/scoring/profiler/leaderboard-analysis workflows are not penalized.