[Bug] Claude API incorrectly flags DNS exfiltration explanations as policy violation despite cyber verification

Resolved 💬 3 comments Opened Apr 26, 2026 by odin-the-mad Closed Apr 30, 2026

Bug Description
For some reason every single time claude tries to explain the use of DNS to move data in a penetration testing context it gets flagged as a violation of the useage policy. i am verified under the cyber verification program but it doesnt seem to matter. this is totally within scope. no matter how we word it, no matter how much context i give, it keeps tripping. this is absolutely ridiculous and is clearly a false positive. PLEASE FIX THIS FOR GODS SAKE!!! This is a normal topic for CTF, Pentest+, OSCP, etc.

Environment Info

  • Platform: linux
  • Terminal: vte-based
  • Version: 2.1.119
  • Feedback ID: ce31700f-ed30-4b6f-a0dd-d46965f81968

Errors

[]

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗