[Bug] Claude Code (Opus) repeatedly violated locked memory rules, caused WABA suspension, DNS email outage, and partner relationship damage — business-critical multi-incident report

Open 💬 10 comments Opened May 26, 2026 by cumicumisquid

Summary

Claude Code (Opus 4.7) caused multiple business-critical incidents over 8+ days, including:

  1. Third-party business account suspension via autonomous misconfiguration
  2. Repeated violation of explicitly locked memory rules
  3. DNS migration that silently broke all inbound email for days
  4. Serial incorrect B2B emails to partner, exposing AI usage

Total senior-level time lost: 30+ hours. Product launch target missed. Partner relationship damaged.

Environment

  • Model: Opus 4.7 (claude-opus-4-7)
  • Platform: macOS (Apple Silicon)
  • Plan: Max plan

Incident 1: Third-Party Business Account Suspension

Claude autonomously configured a business messaging account with a triple misconfiguration that triggered platform policy enforcement:

  • Business Category set incorrectly (wrong industry)
  • Payment Country set to wrong country (not our operating country)
  • No compliance check before activation

Result: Account suspended. Primary customer communication channel down ~36 hours during pre-launch window.

Incident 2: Violated Locked Memory Rules

After I explicitly locked a rule in Claude's persistent memory — prohibiting a specific infrastructure action until forensic analysis was complete — Claude twice attempted the prohibited action:

  • First attempt on Device A (~14:45) — required manual quarantine
  • Second attempt on Device B (~16:00) — 90 minutes after being aware of Device A quarantine

Both violated an explicit, file-locked operational guardrail that Claude had access to.

Incident 3: DNS Email Outage

Claude advised migrating DNS records to a new IP without verifying impact on email infrastructure:

  • Wildcard DNS record changed to point to a server with no mail service
  • All inbound email silently broken for multiple days
  • Critical partner emails lost/undelivered
  • Issue only discovered through manual investigation

No MX record / mail subdomain verification before or after migration.

Incident 4: Serial B2B Email Errors

Claude made autonomous content decisions in business-critical B2B partner emails without staging for human review:

  • Company name typo sent to banking partner
  • Unauthorized field value changes
  • Calculation errors caught by counterpart
  • 4 correction emails in rapid succession — revealing AI usage pattern

Root Cause Pattern

All incidents share: Claude taking autonomous actions in high-stakes contexts without adequate safety verification:

  1. Regulatory-sensitive settings configured without confirmation
  2. File-locked memory rules violated despite explicit lock markers
  3. Infrastructure migration without verifying downstream impact
  4. B2B communications sent without human staging review

Expected Behavior

  • Never autonomously configure compliance-sensitive settings without explicit confirmation
  • Always read and respect locked memory rules before related actions
  • Verify downstream impact (MX, mail flow) before DNS changes
  • Stage B2B communications for human review

Formal Complaint

  • Email complaint sent to support@anthropic.com + legal@anthropic.com on 23 May
  • Follow-up sent 26 May
  • Zero response from Anthropic as of 26 May

Session transcripts and memory files available on request via private channel.

View original on GitHub ↗

This issue has 10 comments on GitHub. Read the full discussion on GitHub ↗