[BUG] Safety classifier false positives block benign questions in security-context sessions

Resolved 💬 2 comments Opened May 23, 2026 by 99Greg Closed Jun 25, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

The safety classifier triggers false positives and blocks completely benign questions when the session contains security/pentest context (Kali Linux, CVE lookups, YubiKey, penetration testing).

Examples of blocked messages:

  • Questions about weather
  • "YubiKey má v tvém setupu (Windows host + Kali..." — truncated message blocked immediately with Usage Policy error
  • General IT questions unrelated to security

Error shown: "Claude Code is unable to respond to this request, which appears to violate our Usage Policy"

This has been happening repeatedly across many sessions. User is a legitimate security professional doing authorized penetration testing on their own lab environment. The classifier accumulates session context and starts blocking unrelated queries.

Request ID from today: req_011CbKfEr3NEZTYsKvokHv7B

What Should Happen?

Benign questions (weather, general IT, hardware setup) should receive normal responses regardless of what other topics were discussed earlier in the session. Security professionals with legitimate use cases should not be repeatedly blocked from asking unrelated questions.

Error Messages/Logs

Steps to Reproduce

  1. Start a Claude Code session in a directory related to security/pentest work (Kali VM, CVE research, etc.)
  2. Ask several legitimate security questions (YubiKey setup, ESET CVE lookup, Kali VM configuration)
  3. Ask a completely unrelated benign question (e.g. about weather) OR send a truncated/incomplete message
  4. Observe: Claude Code returns "unable to respond to this request, which appears to violate our Usage Policy" even though the question is harmless

Context: Windows 11 Home, Kali Linux 2025.4 in VirtualBox, authorized pentest lab environment.

Claude Model

Not sure / Multiple models

Is this a regression?

I don't know

Last Working Version

_No response_

Claude Code Version

2.1.150 (Claude Code)

Platform

Anthropic API

Operating System

Windows

Terminal/Shell

PowerShell

Additional Information

User context: Security professional, Windows 11 Home (build 26200), Kali Linux 2025.4 in VirtualBox with 16 GB RAM. Claude Code version 2.1.150. Issue has been happening for a long time across many sessions — user has attempted to report this multiple times.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗