CI job rules combining if and exists always runs

I have been adding in the GitLab SAST template to a project and noticed that all the *-sast seem to run for all merge requests, even through they have the exists rule present and we don’t have any files in the repo that match the globs, using the brakeman-sast as an example, the rule is

    - if: ($CI_COMMIT_BRANCH || $CI_MERGE_REQUEST_IID)
      exists:
        - '**/*.rb'
        - '**/Gemfile'

And even though we have no *.rb files or Gemfile files (it’s a Laravel/PHP application), it will always run and gives the following output

$ /analyzer run
[INFO] [Brakeman] [2021-10-26T06:02:23Z] ▶ GitLab Brakeman analyzer v2.20.1
[INFO] [Brakeman] [2021-10-26T06:02:23Z] ▶ Detecting project
[WARN] [Brakeman] [2021-10-26T06:02:23Z] ▶ No match in /builds/2TPyCzgz/4/espadav8/example

Is there something we have set up incorrectly in the rules? my understanding is that both the if and the exists should be true for it to match and run that job.

Thanks