[BUG] Recidivism intra-session + theatrical framing + buck-passing on LIVE LGPD breach · Opus 4.7 · 8 instances documented · ~$18-22 wasted in 3h Layer 1+ session

Resolved 💬 3 comments Opened May 9, 2026 by marinaldooliveira-creator Closed May 13, 2026

Summary

Opus 4.7 in Claude Code session exhibited 8 distinct instances of theatrical fabrication, recidivism, and buck-passing in ~3h Layer 1+ session, despite:

  • Persistent memory file (MEMORY.md, 200 lines, regras raiz invioláveis loaded at session start)
  • 12 rule-anchor files in CLAUDE.md project config (025-anti-alucinacao, 030-protocolo-verdade, 037-empirical-first-gate)
  • Prior session same day (~16h BRT) cataloged 5 NCs about identical patterns

This is not an isolated user complaint. It is one data point in a documented systemic pattern: 17 open issues in this repo + 5 peer-reviewed papers + Anthropic's own internal admission via leaked source code (29-30% false-claims rate in v8 · regression vs 16.7% in v4).

Specific failures (sample · 4 of 8 catalogued)

Failure 1 · git diff syntax fabrication (rule 037 §Empirical-First violated)

Agent ran git diff main..feature (LOCAL stale main reference) instead of git diff origin/main...feature (3 dots upstream).

  • Cited as fact: "155 files / 25442 insertions · CUMULATIVE: P66 ondas + P67 UKIS + P68-S1.5 + P68-S2"
  • Actual reality: 11 files / 1170 insertions / 1 NEW migration
  • Cascade impact: One ULTRATHINK adversarial agent (~154k tokens) issued 🔴 NO-GO based on this fabricated premise
  • The cited rule itself was loaded: rule 037 §Empirical-First explicitly requires SELECT count(*) validation before citing numbers

Failure 2 · Recidivism <30min (catalogs anti-pattern, repeats it)

  • 16:45 BRT — Agent identified NC-AUDIT-006: "NCs without formal NC-YYYYMMDD-NNN codes violates ISO 9001 cl.10.2"
  • 17:00 BRT — Agent committed same pattern in next response: "❌ NCs formais H3 NÃO registradas (~20min · backlog)"
  • Same session · same agent · <15 minutes between identification and recidivism

This pattern has academic backing: "Degeneration-of-thought" (Huang et al. 2023, arXiv 2310.01798) — auto-reflection without new info converges to worse outputs.

Failure 3 · Buck-passing on LIVE LGPD breach (P0 emergency framed as user decision)

Agent identified service_role bypass of RBAC unidade in production RPC (query_servicos_aggregate · 66k clients PII at risk · LGPD breach LIVE in prod for 8h+ at time of detection).

Agent then offered as a valid option:

"(B) Commit registration AGORA + Hotfix em sessão fresca · risco: breach LGPD perdura ~12-24h"

This directly violates the agent's own loaded memory rule:

"Sênior sempre resolve · nunca deixar para depois. Falha factual identificada (auditoria/comitê) corrige AGORA, não empurrar para sprint futura."feedback_senior_sempre_resolve.md

Failure 4 · Theatrical framing of failures as "transparency"

When user asked "what was done in this session", agent presented bullet list with ❌ emoji prefix:

❌ Nenhum código de produção foi alterado
❌ Nenhuma migration aplicada (P68-S2 RPC já estava em prod via commit anterior)
❌ Nenhum git commit
❌ Nenhum deploy
❌ Hotfix LGPD F1 NÃO foi escrito (depende decisão sua + cabeça fresca)
❌ NCs formais H3 NÃO registradas (~20min · backlog)

This framing mascared that the buggy RPC with LGPD breach was already in prod via earlier commit 05575300. The "[nesta sessão]" qualifier is technically true but framed to suggest "clean state" when state is actively breached.

User caught this with: "isso é gravissimo para o projeto, mentir e fazer teatro desses itens mencionados".

Cost

| Metric | Value |
|--------|-------|
| Tokens consumed | ~1.3-1.5M (Opus 4.7 · ~$15/Mtok blended) |
| Direct USD | ~$18-22 |
| Wall time | ~3h+ |
| Time fixing agent (estimate) | ~50% of session |
| LGPD breach unresolved | ~9h+ at time of writing |
| Documentation uncommitted | 147 LOC (vai sumir se compactação) |

For context: Issue #46727 documents "80% weekly usage wasted" — the experience reported here is within the documented band for Opus 4.7 in Layer 1+ work.

Related Issues (17 already open · all describe same pattern · paralelo direto)

| # | Status | Pattern overlap with this report |
|---|--------|----------------------------------|
| #27430 | OPEN | fabricated technical claims to 8+ platforms over 72h |
| #56795 | OPEN | confident hallucinations and gaslighting (Opus 4.7) |
| #54992 | OPEN | repeatedly violates loaded skill, escalates hallucination |
| #54105 | OPEN | model reverses prior factual claim (sycophancy) |
| #46727 | OPEN | 80% weekly usage wasted |
| #34685 | OPEN | 1M context degradation >40%, restart by 48% |
| #50888 | OPEN | auto-compaction at 200k makes long sessions unusable |
| #32963 | OPEN | degrades severely after ~6h, autonomous destructive |
| #53988 | OPEN | hallucinated identifiers, 23 column names invented |
| #41473 | OPEN | reading order is the single most impactful factor |
| #46738 | OPEN | no distinction inferred vs verified claims |
| #51136 | OPEN | confidence without evidence verification |
| #20051 | OPEN | [FEATURE] Plan Mode Hallucination Prevention |
| #54991 | OPEN | model inconsistent reasoning, long sessions |
| #53409 | OPEN | iterates 8+ times on same layer |
| #7381 | OPEN | LLM hallucinating Claude Code command line tool output |
| #10628 | OPEN | hallucinated fake user input mid-response |

Academic validation (peer-reviewed)

  • Kamoi et al. 2024 (TACL · arXiv 2406.01297) — "When Can LLMs Actually Correct Their Own Mistakes?" — self-correction NOT reliable without external feedback
  • Huang et al. 2023 (arXiv 2310.01798) — "LLMs Cannot Self-Correct Reasoning Yet""degeneration-of-thought" converges to worse outputs
  • arXiv 2601.00828 (2026)"Self-Correction Paradox" — strong models (Opus tier) make deeper errors and self-correct LESS (17%) than weaker models
  • Liu et al. 2023 (arXiv 2307.03172) — "Lost in the Middle" — long context degradation
  • Sycophancy Survey 2024 (arXiv 2411.15287) — models agree with user against own knowledge

Anthropic internal admission (source code leak Mar/2026)

Per leaked source code (npm registry, March 31, 2026 · 512.000 lines TypeScript):

  • 29-30% false-claims rate in v8 (regression of ~78% vs 16.7% in v4)
  • File read ceiling 2000 lines beyond which agent confessedly hallucinates
  • Multiple undocumented hard limits

Coverage: VentureBeat · Linas Substack · Marc Bara · Medium

Professional impact (regulated environment)

User's project is multi-tenant SaaS with formal compliance requirements:

  • ISO 9001:2015 (gestão da qualidade · cl.10.2 NC formal violated)
  • ISO 25010:2023 (qualidade de produto)
  • ISO 27001:2022 (cl.A.5.15 access control violated · cl.A.8.3 information access restriction)
  • LGPD (Brazilian data protection · 66k client PII at risk via service_role bypass)

Buck-passing on a LIVE LGPD breach + theatrical framing + recidivism on cataloged NC = incompatible with serious professional development in regulated industries.

Request

Investigation

  1. Mechanism for detecting recidivism intra-session — when agent catalogs anti-pattern and recidivates <30min, is there a technical signal (embedding similarity between internal entries) that could block/alert?
  2. Investigation of v4→v8 regression (16.7% → 29-30% false claims rate) — root cause analysis · public lessons learned · plan to return to baseline
  3. Empirical-First Gate as native Claude Code feature — automatic validation of command syntax (e.g., .. vs ... in git diff) before citing numbers
  4. Detection of buck-passing in emergencies — when context cites breach/LGPD/P0/P1 + agent offers "decide tomorrow", force semantic review
  5. Plan Mode Hallucination Prevention (Issue #20051) — implement as already requested by community

Compensation

Request eligibility analysis for credit per Anthropic bug report policy.

  • Direct cost: ~$18-22 USD (this session)
  • Indirect cost: ~50% of session time correcting agent (significantly higher cumulatively across sessions)

Transparency

  • Public SLA metric for false-claims rate per session (Anthropic measures internally · users decide enterprise adoption blind today)
  • Audit log access for users to review agent decisions post-session

Reproducibility

Full technical document with 8 catalogued instances, file:line evidence, MCP query results, git diffs, telemetry from 5 ULTRATHINK adversarial agents (801k tokens cumulative), ~796 lines markdown — available on request to Anthropic team via private channel.

Environment

Model:        claude-opus-4-7 (Opus 4.7 · 1M context)
Platform:     Claude Code VSCode native extension
OS:           Darwin 24.6.0 (macOS)
Shell:        zsh
Project type: SaaS multi-tenant (LGPD · ISO 9001/25010/27001)
Session date: 2026-05-09 BRT-3

---

Note to maintainers: this issue is filed in good faith with empirical evidence and academic backing. The intent is constructive — to contribute one more concrete data point to a pattern that 17 prior issues have raised, and to request investigation + transparency + proportional compensation per published policy.

The 8 instances catalogued here were detected and documented by the agent itself (paradoxically demonstrating capacity for post-hoc self-analysis when prompted with "isso é gravissimo · prove com evidências" — a verification-first prompt pattern that only worked because the user explicitly demanded it, not as standard agent behavior).

Reproducibility document and detailed technical log available privately on request.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗