codex - 💡(How to fix) Fix False-positive cybersecurity risk flags blocking normal Pro account usage — Trusted Access verification also blocked

What version of Codex CLI is running?

codex-cli 0.130.0

What subscription do you have?

ChatGPT Pro (individual)

Which model were you using?

gpt-5.5 with reasoning effort xhigh

What platform is your computer?

Ubuntu Linux (dedicated server, South Korea)

What terminal emulator and version are you using (if applicable)?

bash via SSH

What did you expect to happen?

I expected to use ChatGPT and Codex CLI normally for my daily development work — server maintenance, web application development, business workflow automation, and student coursework. None of my work involves offensive security, vulnerability research, exploit development, or any unauthorized access to third-party systems.

What actually happened?

Every conversation in both ChatGPT and Codex CLI is now being flagged with persistent cybersecurity risk warnings:

"Your conversations have multiple flags for possible cybersecurity risk. Responses may take longer because extra safety checks are on. To get authorized for security work, join the Trusted Access for Cyber program: https://chatgpt.com/cyber"

Additionally, individual chats are frequently blocked entirely:

"This chat was flagged for possible cybersecurity risk. If this seems wrong, try rephrasing your request."

When I attempt the recommended resolution path at https://chatgpt.com/cyber, the verification flow itself is blocked:

"Your identity could not be verified or your account is ineligible at this time." "We could not start verification. You may not be eligible for this verification flow right now. Please try again later, or contact support if you think this is a mistake."

This creates an unresolvable dead-end:

1. Normal usage is degraded by repeated cyber-risk flags
2. The official resolution path (Trusted Access for Cyber) refuses to start verification
3. There is no alternative path to clear the flags
4. Support has been contacted but no resolution yet

Who we are

I am Jyong Chul, a student at Korea Cyber University and the founder of WithPlatform, a small Korean software development studio. Our daily work includes:

• Server administration: Maintaining Linux servers we own (Ubuntu, Docker, Nginx, Mailcow)
• Web development: Next.js, React, static sites on GitHub Pages
• Development automation: CI/CD pipelines, deployment scripts, cron jobs
• Business applications: Sales CRM tools, client outreach automation
• Government grants: Application tracking for Korean startup support programs (K-Startup, KOSA)
• Academic projects: University coursework

We do NOT perform, and have never performed:

• Penetration testing or vulnerability research
• Exploit development or malware analysis
• Unauthorized access to any third-party systems
• Any offensive security or "red team" work
• Credential theft, phishing, or social engineering

What likely triggered the false positive

Our legitimate work involves terminology that may overlap with security-adjacent language:

• "Server maintenance" and "server configuration" (we maintain our own Linux servers)
• "Credential management" (we use Google Cloud Secret Manager for our own API keys)
• "Automation" (we automate our own business workflows)
• "Docker container management" (standard server administration)
• "DNS/DKIM/SPF configuration" (standard mail server setup)

These are all standard, authorized development activities performed on infrastructure we own.

Impact

As a paying Pro subscriber:

• Significant response delays on every request due to extra safety checks
• Conversations blocked entirely, interrupting active development work
• Unable to complete routine tasks like editing configuration files, writing deployment scripts, or reviewing code
• Lost productivity — forced to rephrase legitimate requests to avoid false triggers
• Unable to verify identity through the official Trusted Access program

Specific product feedback

1. The classifier over-triggers on standard sysadmin/devops vocabulary. Terms like "server configuration," "credential rotation," "container management," and "firewall rules" are normal infrastructure work, not offensive security.

2. The Trusted Access verification flow rejects accounts without explanation. The page says "you may not be eligible" but provides no reason or alternative. Users are stuck in a dead loop.

3. No graceful degradation. Instead of slowing down or asking for clarification, the system outright blocks conversations. This is especially disruptive during active coding sessions.

4. No appeal mechanism for false positives. The /feedback command exists but there is no confirmation that it is reviewed or acted upon.

5. Geographic or account-type bias possibility. This account is based in South Korea and uses Korean language prompts. The classifier may be miscategorizing legitimate Korean-language development discussions.

Resolution requested

1. Review account for false-positive cybersecurity risk classification
2. Remove or reduce the incorrect flags so normal ChatGPT and Codex CLI usage is restored
3. Either enable the account for Trusted Access verification, or provide an alternative resolution path
4. Provide transparency on what specifically triggered the flags so it can be avoided

Related issues

• #19204 — Flagged while already being verified
• #22554 — Cyber-safety filter still triggers on Codex Business plan after individual verification

This appears to be a systemic issue affecting multiple legitimate users. The false-positive rate for the cybersecurity classifier is too high, and the remediation path (Trusted Access) is itself broken for affected users.

I have also contacted OpenAI support directly via email from the affected account. Happy to provide any additional verification or documentation needed.