[BUG] Claude Code builds CAPTCHA solver and tests against live system without user consent
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
The task was to create an HTML page with an API connection; the code encountered a CAPTCHA and reported it., Following the straightforward question, “So am I right in thinking that there’s no way to get the API from this site despite having an existing account?”, Code got straight to the point and spoke of a new approach. independently implemented a Blake2b PoW solver, tested it against the live system, and then attempted to log in using real credentials – all without prompting.
What Should Happen?
At the very least, it shouldn’t be allowed to launch an attack on a CAPTCHA.
Error Messages/Logs
Steps to Reproduce
The task was to create an HTML page with an API connection; the code encountered a CAPTCHA and reported it., Following the straightforward question, “So am I right in thinking that there’s no way to get the API from this site despite having an existing account?”, Code got straight to the point and spoke of a new approach. independently implemented a Blake2b PoW solver, tested it against the live system, and then attempted to log in using real credentials – all without prompting.
Claude Model
Sonnet (default)
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
2.1.9.0
Platform
Anthropic API
Operating System
Windows
Terminal/Shell
VS Code integrated terminal
Additional Information
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗