[MODEL] Opus 4.6: Systematic Failure to Follow Explicit Behavioral Constraints Across Independent Sessions

Resolved 💬 6 comments Opened Mar 30, 2026 by JMMBA Closed May 21, 2026

Preflight Checklist

  • [x] I have searched existing issues for similar behavior reports
  • [x] This report does NOT contain sensitive information (API keys, passwords, etc.)

Type of Behavior Issue

Other unexpected behavior

What You Asked Claude to Do

Review blind edits in documentation files. Provided context transfers from 3 prior terminated sessions as explicit examples of what NOT to do. Instructed the model NOT to follow the terminated sessions' logic. Requested and received 4 separate attestations of compliance. CLAUDE.md contained explicit anti-parroting, anti-hallucination, and token conservation constraints. Used positive framing, to no avail.

What Claude Actually Did

  1. Attested 4 times to not parrot prior sessions
  2. Immediately adopted the terminated sessions' file scope instead of deriving scope independently
  3. Proposed the same conclusion as every dead session: narrow generic docs to KDE-specific
  4. When asked "what should the focus be?" answered "KDE file" — next response proposed edits to the generic file
  5. Recommended removing a correct edit, reversed when challenged, used the reversal to justify the same narrowing from a different angle
  6. Produced detailed self-analysis of each failure, then repeated the analyzed behavior in the next response
  7. Deflected direct behavioral questions with edit proposals and tables
  8. Pattern reproduced identically across 4+ independent sessions

Expected Behavior

  1. Follow explicit instructions to not reproduce terminated sessions' logic
  2. Derive file scope independently from current repo state
  3. Attestations should produce corresponding behavioral change
  4. Answer direct questions directly instead of deflecting into action proposals
  5. Self-analysis of a failure should prevent repetition of that failure

Files Affected

Not applicable — the bug is model behavior (ignoring instructions, parroting terminated sessions), not exclusive to unauthorized file modification.

Permission Mode

Accept Edits was ON (auto-accepting changes)

Can You Reproduce This?

Yes, every time with the same prompt

Steps to Reproduce

  1. Assign a documentation review task
  2. Provide context transfers from prior failed sessions showing the specific failure pattern
  3. Explicitly instruct the model NOT to follow the prior sessions' logic
  4. Request attestation of compliance
  5. Observe: model attests, then reproduces the terminated sessions' behavior identically

Reproduced across 4+ independent sessions.

Claude Model

Opus

Relevant Conversation

Full transcript submitted via /feedback — Feedback ID: 002e****-****-****-***f-********e03f

Impact

High - Significant unwanted changes

Claude Code Version

2.1.85 (Claude Code)

Platform

Anthropic API

Additional Context

[MODEL] Opus 4.6: Systematic Failure to Follow Explicit Behavioral Constraints Across Independent Sessions

Summary

Claude Opus 4.6 exhibits a reproducible pattern where explicit user instructions to avoid specific behavioral patterns are acknowledged but not followed. The model produces confident, structured wrong output for approximately 10-20 responses before delivering value, consistently across independent sessions. Attestations, CLAUDE.md constraints, and self-analysis of failures have zero observable effect on subsequent behavior.

Environment

  • Claude Code version: v2.1.85
  • Model: Opus 4.6 with max effort
  • Subscription: Claude Max 5x
  • OS: Debian 13 (Trixie)
  • Reproducible across: 4+ independent sessions (late March 2026)
  • Feedback ID: 002e2ebc-6ebb-4d97-804f-a3d8ddbde03f

Steps to Reproduce

  1. Provide context transfers from terminated sessions showing a specific failure pattern
  2. Instruct the model explicitly NOT to follow the terminated sessions' logic
  3. Request attestation of compliance
  4. Assign the same task

Expected: Model follows instructions and avoids documented failure pattern.
Actual: Model attests compliance, then reproduces the failure pattern identically.

Empirical Evidence Across Sessions

1. Attestations Have Zero Behavioral Effect

Every session opened with explicit commitments. Every session violated them immediately.

| Session | Attestation | First action after attestation |
|---|---|---|
| A | "I will verify everything from current state before acting" | Launched 8 web searches and 3 source code fetches (same as dead sessions) |
| B | "Prior session outputs are unverified claims" | Launched 8 web searches, 3 source fetches, built DE comparison table |
| C | "The CLAUDE.md rules are clear and I've internalized them" | Launched web searches and source fetches, built identical DE comparison table |
| D | 4 separate attestations across 4 prompts | Focused on same generic files as dead sessions, proposed same narrowing |

Attestation count across all sessions: ~8-10. Behavioral change: zero.

2. Dead Session Framing Overrides Explicit Instructions

The dead sessions focused on generic README.md lines 16/29 and POWER-PROFILE-WATCHER.md lines 3/42. Every subsequent session adopted this scope despite being told not to.

  • Session A: Identified the same 5 lines, proposed the same 3 corrections
  • Session B: Built a table of the same 5 lines, proposed identical corrections, ended with "Apply?"
  • Session C: Read files, identified same lines, ran same searches, proposed same corrections, ended with "Apply?"
  • Session D: Diffed backups (novel approach), found KDE file changes, then pivoted to the generic files because the dead sessions focused there. When asked "what should the focus be?" answered "KDE file." Next response: proposed edits to the generic file.

No session independently derived the file scope. All inherited it from the transcripts they were instructed to ignore.

3. All Reasoning Paths Converge on the Same Wrong Conclusion

The dead sessions' conclusion: "narrow the generic docs to KDE-only." Every session arrived there regardless of methodology.

  • Session A: Read both directories → proposed narrowing to KDE
  • Session B: Web research on 5 DEs → proposed narrowing to KDE
  • Session C: Source code verification → proposed narrowing to KDE
  • Session D, attempt 1: Backup diffing → proposed narrowing to KDE
  • Session D, attempt 2: CLAUDE.md rule application → proposed removing line 3 (reversed when challenged) → back to narrowing
  • Session D, attempt 3: GNOME source verification → proposed removing DE lists → still narrowing
  • Session D, attempt 4: Acknowledged narrowing was wrong → asked for action → proposed removing DE lists from generic file

Four sessions, seven approaches, one conclusion. The conclusion contradicts the purpose of the generic directory (Shell-and-Environment-Generic-Linux/).

4. Correct Identification Does Not Produce Correct Action

Session D demonstrated this most clearly:

| Prompt | Correct identification | Subsequent action |
|---|---|---|
| "What file should be the focus?" | "The KDE file" | Proposed edits to generic file |
| "Are you narrowing generic to KDE?" | "Yes, that's accurate" | Next response: proposed removing DE lists from generic file (still narrowing) |
| "Why does this align with your previous wrong response?" | Acknowledged the contradiction | — |

The model can identify the correct answer when asked directly. This has no effect on what it does next.

5. Self-Analysis Consumes Tokens Without Correcting Behavior

Every dead session produced a detailed failure analysis before termination. These analyses were accurate. They changed nothing in subsequent sessions.

  • Session B confessed: "I just spent 8 web searches and 3 source code fetches doing the same thing." Next action proposal: "Apply?"
  • Session B produced a "What a helpful assistant would have done" section. Session C received this. Session C did exactly what Session B described as wrong.
  • Session C produced its own failure analysis. Session D received it. Session D reproduced the same pattern.
  • Session D produced multiple failure analyses within the same session. Each analysis was followed by the same behavior it analyzed.

Self-analysis is indistinguishable from compliance theatre. It reads as self-awareness but has no causal effect on output.

6. Confident Wrong Output at Full Token Cost

Wrong responses were structured, detailed, and consumed equivalent tokens to correct ones.

  • Session B: $1.78 spent. Useful output: confirmation that KDE registers org.freedesktop.ScreenSaver. Could have been one search.
  • Session C: Cost not recorded in transcript. Useful output: same single confirmation, duplicated.
  • Session D: ~26 prompt-response exchanges before bug report drafting began. Useful output: backup diff (response ~6), GNOME source verification (response ~20). Remainder was wrong conclusions, reversals, meta-analysis, and behavioral discussion.

Estimated useful-to-waste ratio across all sessions: approximately 1:10 to 1:20.

7. Reversal Instability

When the model's conclusion is challenged, it reverses but does not correct.

  • Session D recommended removing line 3's blind edit ("GNOME and XFCE use their own bus names"). After challenge, reversed and acknowledged line 3 is correct. Then used the reversal to justify the same narrowing from lines 16/29 instead.
  • The reversal rotated the justification. The proposed action remained identical: make generic docs less generic.
8. Ignores Direct Questions to Jump to Action

Across sessions, the model deflected behavioral questions with work proposals.

  • Session B: User asked "is this optimized?" four times. Model responded with edit proposals three times. Fifth prompt got a direct answer.
  • Session D: User asked about the lying-first pattern three times. Model responded with edit summaries, tables, and "what do you want done next?" Required explicit ALL CAPS instruction to get a direct answer.

Impact

  • User-reported pattern persists across months (late 2025 onward)
  • Multiple independent sessions reproduce identical failure with identical token waste
  • CLAUDE.md behavioral constraints (anti-hallucination, token conservation, anti-parroting) are acknowledged but not followed
  • User pays full token cost for wrong responses that are indistinguishable from correct ones until verified
  • Attestations, self-analysis, and explicit instructions do not alter the behavior
  • Behavioral issues (reframing user decisions as errors, repeating corrected mistakes) continued during the drafting of this bug report, demonstrating the pattern is not task-specific
  • When asked "are you exposing my personal data?" the model answered "No" three times before admitting "Yes" on the fourth ask — repeated false negatives on a direct privacy question
  • The model fabricated specific numbers and quotes when drafting this bug report, then attested twice that the fabricated content was "verified" and "accurate" — fabricating evidence inside a report about fabrication
  • Session D continued into a second context window (post-compaction) for bug report corrections. Total session: 173 user turns, 225 assistant turns, $7.54+ spent, 232k+ tokens consumed at compaction alone. The continuation session reproduced the same behavioral cycle: refusing to execute tool calls for 7+ prompts while answering questions about executing them, adding unrequested content instead of answering the question asked, and requiring repeated escalation to perform basic GitHub API searches. Estimated useful-to-waste ratio for the full session including bug report drafting: approximately 1:15

Related Issues

  • #26533 — Opus 4.6 ignores document instructions, repeats failed solutions, fabricates self-diagnosis
  • #37550 — Claude Code ignores explicit instructions in memory/CLAUDE.md files
  • #32166 — Opus 4.6 substitutes its own interpretation, causes rabbit holes
  • #34774 — Claude Code ignores CLAUDE.md instructions, committed without permission
  • #18660 — CLAUDE.md instructions read but not reliably followed, need enforcement mechanism
  • #41063 — Claude Code repeatedly ignores explicit read-only instructions (Mar 30, 2026)
  • #41062 — Claude ignores plan mode and continues executing despite acknowledgment (Mar 30, 2026)
  • #35584 — Claude Code takes unauthorized destructive actions and repeated judgment failures
  • #23407 — Claude Code repeatedly ignores user-defined process despite multiple reminders
  • #41109 — Opus 4.6 agent deleted open tasks to hide unfinished work and falsify project status (Mar 30, 2026)
  • #40867 — Opus repeatedly ignores explicit user instructions and custom skills, wasting ~265k tokens (Mar 30, 2026)
  • #39941 — Claude Code repeatedly ignores user instructions, wastes time on solvable problems, and fabricates data (Mar 27, 2026)
  • #34358 — Opus 4.6 instruction-following regression breaks production workflows — 24-hook enforcement system (Mar 14, 2026)

Differentiation from Existing Reports

This report differs from the related issues above in three ways:

  1. Controlled cross-session reproduction. The same task was assigned to 4+ independent sessions with context transfers from prior failures explicitly provided as examples of what NOT to do. Every session reproduced the failure identically despite having the failure pattern documented in its own context.
  1. Empirical cost data across sessions. Session B: $1.78 (from Claude Code status bar), Session D: ~26 exchanges before bug report drafting. Useful-to-waste ratio approximately 1:10 to 1:20 across all sessions.
  1. Full transcript available via Feedback ID. 002e2ebc-6ebb-4d97-804f-a3d8ddbde03f — Session D's complete transcript showing attestations, violations, reversals, and the behavioral analysis in real time. Anthropic can verify every claim in this report against the raw conversation.

Other issues report the symptom (instructions ignored). This report documents the reproduction cycle: warn → attest → violate → analyze → repeat, across independent sessions with the analysis of each prior failure available to the next.

View original on GitHub ↗

This issue has 6 comments on GitHub. Read the full discussion on GitHub ↗