OpenAI Codex Has No Way to Exclude Sensitive Files , and Still Doesn't
An unresolved Codex issue blocking sensitive-file exclusion exposes a real security gap for teams running AI coding agents in production.
3. OpenAI Codex Has No Way to Exclude Sensitive Files , and Still Doesn't
GitHub issue #2847 on the openai/codex repository, opened and still unresolved as of June 26 2026, documents a missing feature: there is no supported mechanism to tell Codex which files it should never read or transmit. The issue has accumulated 132 upvotes on Hacker News, signaling that this is not an edge-case complaint from one team. Engineers running Codex in production environments with secrets, credentials, or proprietary configuration files have no first-party way to enforce exclusions at the agent level.
The gap matters most in the context of agentic coding tools, where the competitive pressure is now squarely between OpenAI Codex, GitHub Copilot Workspace, Cursor, and Sourcegraph Cody. All four are pushing into enterprise accounts where security review is a gating requirement, not a nice-to-have. Cursor and Copilot Workspace both offer some form of file-ignore configuration. The absence of this in Codex gives enterprise security teams a concrete, documented reason to pause or block adoption. That is not a theoretical risk. It is a procurement blocker, and it is sitting open in a public issue tracker with no assigned milestone.
The broader pattern here is that agentic tools are outrunning their own permission models. Codex can now execute multi-step tasks autonomously across a codebase, but the access controls have not kept pace with the capability surface. Watch for whether OpenAI addresses this before its next enterprise push, and whether competitors start citing issue #2847 directly in sales cycles. A missing .codexignore file is a small engineering task. Leaving it unresolved while chasing enterprise contracts is a different kind of choice.
Source: A way to exclude sensitive files issue still open for OpenAI Codex