# Why OpenAI Built Codex Security to Ignore SAST Reports

- slug: why-openai-built-codex-security-to-ignore-sast-reports
- date: 2026-04-05
- category: Artificial Intelligence

A regex check looks correct. The decoder runs afterward. The SAST tool sees clean dataflow and moves on. This is why OpenAIs new vulnerability detection agent excludes SAST reports from its starting point — and why that design choice matters.

---