You couldn't even ask Claude how CopyFail worked. Even more general questions around it kept getting rejected.

A couple of days ago, using codex at work, all of a sudden it said my session had been flagged for security reasons. I wasn’t doing anything cybersecurity related, nor testing any vulnerabilities or anything like that, just trying to build a pretty simple web app

It seems really dumb for the models to not due security related things. What if I want it to do a security audit of my own software that I'm building?

codex will actually help you look but it will refuse to actually try and exploit it.

it won't for example create a POC python script that you normally would use to prove the issue.