Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Risk Management and Strategy In the normal course of business, we may collect and store personal information and other sensitive information, including proprietary and confidential business information, trade secrets, intellectual property, sensitive third-party information and employee information. We assess and identify cybersecurity risk to such information by maintaining cybersecurity policies that require continuous monitoring and detection programs and network security precautions. Our cybersecurity risk management program incorporates industry-standard frameworks, policies and practices designed to protect the confidentiality, integrity, and availability of our sensitive information. This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use NIST Cybersecurity Framework as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. Key elements of our cybersecurity risk management program include but are not limited to the following elements. We have a security team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents. We manage cybersecurity risks by maintaining various protections designed to safeguard against cyberattacks, including firewalls and virus detection software, and periodic training on common cybersecurity threats (e.g. phishing exercises and interactive trainings) including for incident response personnel and senior management. We have established a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents. In addition, we periodically conduct risk assessments designed to help identify material risks from cybersecurity threats to our critical systems and information, including scans of our environment for any vulnerabilities and penetration testing. With respect to key third party service providers affecting critical business management systems, we collect and maintain SOC2 or SOC1 type II reports (attestation of controls at a service organization over a minimum six-month period) based on their respective risk profile. For other third-party service providers, cybersecurity risk is addressed as appropriate. We also engage third parties to assess effectiveness of our data security practices. A third party security service provider and consultant conducts regular network security reviews, scans and audits, and we may consult with other external experts as warranted by a particular cybersecurity incident or threat. In addition, we maintain insurance that includes cybersecurity coverage. Areas of cybersecurity risk are assessed every two years, and updates are reported by our Chief Financial Officer to the Board’s Audit Committee and senior management annually. Where our bi-annual cybersecurity risk assessment identifies areas for improvement, we document and track our remediation activities, which are also reported to the Audit Committee and senior management annually. In this way, our program to manage cybersecurity risk integrates with our overall risk management processes. As of the date of this report, we are not aware of any risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations and financial condition. Despite the implementation of our cybersecurity program, our security measures cannot guarantee that a cyberattack will not occur. A cyberattack on our information technology systems could have significant consequences to the business. While we devote resources to our security measures to protect our systems and information, these measures cannot provide absolute security. See “Risk Factors – General Risk Factors” for additional information about the risks to our business associated with a breach or compromise to our information technology systems.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	In the normal course of business, we may collect and store personal information and other sensitive information, including proprietary and confidential business information, trade secrets, intellectual property, sensitive third-party information and employee information. We assess and identify cybersecurity risk to such information by maintaining cybersecurity policies that require continuous monitoring and detection programs and network security precautions. Our cybersecurity risk management program incorporates industry-standard frameworks, policies and practices designed to protect the confidentiality, integrity, and availability of our sensitive information. This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use NIST Cybersecurity Framework as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. Key elements of our cybersecurity risk management program include but are not limited to the following elements.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Governance The Company’s Board of Directors has visibility into cybersecurity risks through its Audit Committee and through the process described below. The Audit Committee has oversight of the Company’s cybersecurity risk management programs and the design and operating effectiveness thereof, and reviews reports from Company management on cybersecurity, data privacy and other risks relevant to the Company’s computerized information system controls and security. Further, the Audit Committee generally reports to the full Board of Directors regarding its activities, including those related to cybersecurity. The Board of Directors also periodically receives briefings from management on our cyber risk management program. Board members receive presentations on cybersecurity topics from management, internal security staff or external experts as part of the Board of Director’s continuing education on topics that impact public companies]. Senior management has appointed a Cybersecurity Council that is responsible for identifying, escalating, and facilitating the assessment and determination of the materiality of cybersecurity incidents and threats. The Cybersecurity Council is made up of representatives of IT, Legal and Finance, as well as ad hoc additional members depending on the circumstances of the incident or threat. The members of the Cybersecurity Council do not have specific expertise in cybersecurity risk other than the Vice President of Information Technology (“VP of IT”) who has more than 20 years of experience and engages with trusted third-party experts for support and guidance when additional expertise is required. The Company’s cybersecurity capability continues to utilize an external cybersecurity specialist with extensive experience managing cybersecurity functions, including overseeing cybersecurity strategy and operations, incident response, threat intelligence, security awareness training programs, risk assessments and remediation, and regulatory and compliance matters. Our IT Security team takes steps to stay informed about and monitor efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include: briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in our IT environment. In an event that an actual or suspected cybersecurity incident that jeopardizes the confidentiality, integrity, or availability of Codexis' information systems or any information residing therein is identified (or threat that presents significant risk to our information systems as identified by IT) it is reported to the Cybersecurity Council by our VP of IT. The focus of the Cybersecurity Council is on the investigation and facilitation of senior management’s assessment and determination of materiality of an incident or threat, and such investigation is separate but contemporaneous with the investigation(s) done under other applicable programs, policies, and plans regarding cybersecurity. The Cybersecurity Council will liaise directly with other investigation(s) and share information and assessments. Along with assistance from the Cybersecurity Council as necessary, senior management reports its materiality determination and analysis, including necessary facts to support its determination, to the Audit Committee of the Board of Directors. Pursuant to its charter, the Audit Committee may, along with senior management, report such determination to the Board of Directors.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Audit Committee has oversight of the Company’s cybersecurity risk management programs and the design and operating effectiveness thereof, and reviews reports from Company management on cybersecurity, data privacy and other risks relevant to the Company’s computerized information system controls and security. Further, the Audit Committee generally reports to the full Board of Directors regarding its activities, including those related to cybersecurity. The Board of Directors also periodically receives briefings from management on our cyber risk management program. Board members receive presentations on cybersecurity topics from management, internal security staff or external experts as part of the Board of Director’s continuing education on topics that impact public companies].
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Audit Committee has oversight of the Company’s cybersecurity risk management programs and the design and operating effectiveness thereof, and reviews reports from Company management on cybersecurity, data privacy and other risks relevant to the Company’s computerized information system controls and security. Further, the Audit Committee generally reports to the full Board of Directors regarding its activities, including those related to cybersecurity. The Board of Directors also periodically receives briefings from management on our cyber risk management program. Board members receive presentations on cybersecurity topics from management, internal security staff or external experts as part of the Board of Director’s continuing education on topics that impact public companies].
Cybersecurity Risk Role of Management [Text Block]	The Company’s Board of Directors has visibility into cybersecurity risks through its Audit Committee and through the process described below. The Audit Committee has oversight of the Company’s cybersecurity risk management programs and the design and operating effectiveness thereof, and reviews reports from Company management on cybersecurity, data privacy and other risks relevant to the Company’s computerized information system controls and security. Further, the Audit Committee generally reports to the full Board of Directors regarding its activities, including those related to cybersecurity. The Board of Directors also periodically receives briefings from management on our cyber risk management program. Board members receive presentations on cybersecurity topics from management, internal security staff or external experts as part of the Board of Director’s continuing education on topics that impact public companies].
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	Senior management has appointed a Cybersecurity Council that is responsible for identifying, escalating, and facilitating the assessment and determination of the materiality of cybersecurity incidents and threats. The Cybersecurity Council is made up of representatives of IT, Legal and Finance, as well as ad hoc additional members depending on the circumstances of the incident or threat.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	The members of the Cybersecurity Council do not have specific expertise in cybersecurity risk other than the Vice President of Information Technology (“VP of IT”) who has more than 20 years of experience and engages with trusted third-party experts for support and guidance when additional expertise is required. The Company’s cybersecurity capability continues to utilize an external cybersecurity specialist with extensive experience managing cybersecurity functions, including overseeing cybersecurity strategy and operations, incident response, threat intelligence, security awareness training programs, risk assessments and remediation, and regulatory and compliance matters. Our IT Security team takes steps to stay informed about and monitor efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include: briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in our IT environment.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	an actual or suspected cybersecurity incident that jeopardizes the confidentiality, integrity, or availability of Codexis' information systems or any information residing therein is identified (or threat that presents significant risk to our information systems as identified by IT) it is reported to the Cybersecurity Council by our VP of IT. The focus of the Cybersecurity Council is on the investigation and facilitation of senior management’s assessment and determination of materiality of an incident or threat, and such investigation is separate but contemporaneous with the investigation(s) done under other applicable programs, policies, and plans regarding cybersecurity. The Cybersecurity Council will liaise directly with other investigation(s) and share information and assessments. Along with assistance from the Cybersecurity Council as necessary, senior management reports its materiality determination and analysis, including necessary facts to support its determination, to the Audit Committee of the Board of Directors. Pursuant to its charter, the Audit Committee may, along with senior management, report such determination to the Board of Directors.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2025

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management and Strategy

In the normal course of business, we may collect and store personal information and other sensitive information, including proprietary and confidential business information, trade secrets, intellectual property, sensitive third-party information and employee information. We assess and identify cybersecurity risk to such information by maintaining cybersecurity policies that require continuous monitoring and detection programs and network security precautions. Our cybersecurity risk management program incorporates industry-standard frameworks, policies and practices designed to protect the confidentiality, integrity, and availability of our sensitive information. This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use NIST Cybersecurity Framework as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business.

Key elements of our cybersecurity risk management program include but are not limited to the following elements.

We have a security team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents. We manage cybersecurity risks by maintaining various protections designed to safeguard against cyberattacks, including firewalls and virus detection software, and periodic training on common cybersecurity threats (e.g. phishing exercises and interactive trainings) including for incident response personnel and senior management. We have established a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents. In addition, we periodically conduct risk assessments designed to help identify material risks from cybersecurity threats to our critical systems and information, including scans of our environment for any vulnerabilities and penetration testing. With respect to key third party service providers affecting critical business management systems, we collect and maintain SOC2 or SOC1 type II reports (attestation of controls at a service organization over a minimum six-month period) based on their respective risk profile. For other third-party service providers, cybersecurity risk is addressed as appropriate. We also engage third parties to assess effectiveness of our data security practices. A third party security service provider and consultant conducts regular network security reviews, scans and audits, and we may consult with other external experts as warranted by a particular cybersecurity incident or threat. In addition, we maintain insurance that includes cybersecurity coverage.

Areas of cybersecurity risk are assessed every two years, and updates are reported by our Chief Financial Officer to the Board’s Audit Committee and senior management annually. Where our bi-annual cybersecurity risk assessment identifies areas for improvement, we document and track our remediation activities, which are also reported to the Audit Committee and senior management annually. In this way, our program to manage cybersecurity risk integrates with our overall risk management processes.

As of the date of this report, we are not aware of any risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations and financial condition. Despite the implementation of our cybersecurity program, our security measures cannot guarantee that a cyberattack will not occur. A cyberattack on our information technology systems could have significant consequences to the business. While we devote resources to our security measures to protect our systems and information, these measures cannot provide absolute security. See “Risk Factors – General Risk Factors” for additional information about the risks to our business associated with a breach or compromise to our information technology systems.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Key elements of our cybersecurity risk management program include but are not limited to the following elements.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

The Company’s Board of Directors has visibility into cybersecurity risks through its Audit Committee and through the process described below. The Audit Committee has oversight of the Company’s cybersecurity risk management programs and the design and operating effectiveness thereof, and reviews reports from Company management on cybersecurity, data privacy and other risks relevant to the Company’s computerized information system controls and security.

Further, the Audit Committee generally reports to the full Board of Directors regarding its activities, including those related to cybersecurity. The Board of Directors also periodically receives briefings from management on our cyber risk management program. Board members receive presentations on cybersecurity topics from management, internal security staff or external experts as part of the Board of Director’s continuing education on topics that impact public companies].

Senior management has appointed a Cybersecurity Council that is responsible for identifying, escalating, and facilitating the assessment and determination of the materiality of cybersecurity incidents and threats. The Cybersecurity Council is made up of representatives of IT, Legal and Finance, as well as ad hoc additional members depending on the circumstances of the incident or threat. The members of the Cybersecurity Council do not have specific expertise in cybersecurity risk other than the Vice President of Information Technology (“VP of IT”) who has more than 20 years of experience and engages with trusted third-party experts for support and guidance when additional expertise is required. The Company’s cybersecurity capability continues to utilize an external cybersecurity specialist with extensive experience managing cybersecurity functions, including overseeing cybersecurity strategy and operations, incident response, threat intelligence, security awareness training programs, risk assessments and remediation, and regulatory and compliance matters.

Our IT Security team takes steps to stay informed about and monitor efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include: briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in our IT environment.

In an event that an actual or suspected cybersecurity incident that jeopardizes the confidentiality, integrity, or availability of Codexis' information systems or any information residing therein is identified (or threat that presents significant risk to our information systems as identified by IT) it is reported to the Cybersecurity Council by our VP of IT. The focus of the Cybersecurity Council is on the investigation and facilitation of senior management’s assessment and determination of materiality of an incident or threat, and such investigation is separate but contemporaneous with the investigation(s) done under other applicable programs, policies, and plans regarding cybersecurity. The Cybersecurity Council will liaise directly with other investigation(s) and share information and assessments. Along with assistance from the Cybersecurity Council as necessary, senior management reports its materiality determination and analysis, including necessary facts to support its determination, to the Audit Committee of the Board of Directors. Pursuant to its charter, the Audit Committee may, along with senior management, report such determination to the Board of Directors.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Audit Committee has oversight of the Company’s cybersecurity risk management programs and the design and operating effectiveness thereof, and reviews reports from Company management on cybersecurity, data privacy and other risks relevant to the Company’s computerized information system controls and security.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Role of Management [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

The members of the Cybersecurity Council do not have specific expertise in cybersecurity risk other than the Vice President of Information Technology (“VP of IT”) who has more than 20 years of experience and engages with trusted third-party experts for support and guidance when additional expertise is required. The Company’s cybersecurity capability continues to utilize an external cybersecurity specialist with extensive experience managing cybersecurity functions, including overseeing cybersecurity strategy and operations, incident response, threat intelligence, security awareness training programs, risk assessments and remediation, and regulatory and compliance matters.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

an actual or suspected cybersecurity incident that jeopardizes the confidentiality, integrity, or availability of Codexis' information systems or any information residing therein is identified (or threat that presents significant risk to our information systems as identified by IT) it is reported to the Cybersecurity Council by our VP of IT. The focus of the Cybersecurity Council is on the investigation and facilitation of senior management’s assessment and determination of materiality of an incident or threat, and such investigation is separate but contemporaneous with the investigation(s) done under other applicable programs, policies, and plans regarding cybersecurity. The Cybersecurity Council will liaise directly with other investigation(s) and share information and assessments. Along with assistance from the Cybersecurity Council as necessary, senior management reports its materiality determination and analysis, including necessary facts to support its determination, to the Audit Committee of the Board of Directors. Pursuant to its charter, the Audit Committee may, along with senior management, report such determination to the Board of Directors.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true