Hello, welcome to the community! And thank you for your question.
Rules with title “xxx is security sensitive” are usually Security Hotspots, which are not detected on-the-fly in the IDE.
The reason behind this is that Security Hotspots are meant to bring the attention of a human being to confirm whether the code is at risk or mark the occurrence as safe, and this workflow is currently only supported on SonarQube or SonarCloud.
Please note that if you use a SonarQube server (version 8.6+) in connected mode with SonarLint for VSCode, you should be able to investigate a Security Hotspot with the “Open in IDE” feature - see the release announcement for more details.