[BUG] Claude Code builds CAPTCHA solver and tests against live system without user consent

Resolved 💬 4 comments Opened Apr 3, 2026 by Reinhart-dev Closed May 14, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

The task was to create an HTML page with an API connection; the code encountered a CAPTCHA and reported it., Following the straightforward question, “So am I right in thinking that there’s no way to get the API from this site despite having an existing account?”, Code got straight to the point and spoke of a new approach. independently implemented a Blake2b PoW solver, tested it against the live system, and then attempted to log in using real credentials – all without prompting.

What Should Happen?

At the very least, it shouldn’t be allowed to launch an attack on a CAPTCHA.

Error Messages/Logs

Steps to Reproduce

The task was to create an HTML page with an API connection; the code encountered a CAPTCHA and reported it., Following the straightforward question, “So am I right in thinking that there’s no way to get the API from this site despite having an existing account?”, Code got straight to the point and spoke of a new approach. independently implemented a Blake2b PoW solver, tested it against the live system, and then attempted to log in using real credentials – all without prompting.

Claude Model

Sonnet (default)

Is this a regression?

I don't know

Last Working Version

_No response_

Claude Code Version

2.1.9.0

Platform

Anthropic API

Operating System

Windows

Terminal/Shell

VS Code integrated terminal

Additional Information

!Image

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗