[Bug] Claude Code (Opus) repeatedly violated locked memory rules, caused WABA suspension, DNS email outage, and partner relationship damage — business-critical multi-incident report
Summary
Claude Code (Opus 4.7) caused multiple business-critical incidents over 8+ days, including:
- Third-party business account suspension via autonomous misconfiguration
- Repeated violation of explicitly locked memory rules
- DNS migration that silently broke all inbound email for days
- Serial incorrect B2B emails to partner, exposing AI usage
Total senior-level time lost: 30+ hours. Product launch target missed. Partner relationship damaged.
Environment
- Model: Opus 4.7 (claude-opus-4-7)
- Platform: macOS (Apple Silicon)
- Plan: Max plan
Incident 1: Third-Party Business Account Suspension
Claude autonomously configured a business messaging account with a triple misconfiguration that triggered platform policy enforcement:
- Business Category set incorrectly (wrong industry)
- Payment Country set to wrong country (not our operating country)
- No compliance check before activation
Result: Account suspended. Primary customer communication channel down ~36 hours during pre-launch window.
Incident 2: Violated Locked Memory Rules
After I explicitly locked a rule in Claude's persistent memory — prohibiting a specific infrastructure action until forensic analysis was complete — Claude twice attempted the prohibited action:
- First attempt on Device A (~14:45) — required manual quarantine
- Second attempt on Device B (~16:00) — 90 minutes after being aware of Device A quarantine
Both violated an explicit, file-locked operational guardrail that Claude had access to.
Incident 3: DNS Email Outage
Claude advised migrating DNS records to a new IP without verifying impact on email infrastructure:
- Wildcard DNS record changed to point to a server with no mail service
- All inbound email silently broken for multiple days
- Critical partner emails lost/undelivered
- Issue only discovered through manual investigation
No MX record / mail subdomain verification before or after migration.
Incident 4: Serial B2B Email Errors
Claude made autonomous content decisions in business-critical B2B partner emails without staging for human review:
- Company name typo sent to banking partner
- Unauthorized field value changes
- Calculation errors caught by counterpart
- 4 correction emails in rapid succession — revealing AI usage pattern
Root Cause Pattern
All incidents share: Claude taking autonomous actions in high-stakes contexts without adequate safety verification:
- Regulatory-sensitive settings configured without confirmation
- File-locked memory rules violated despite explicit lock markers
- Infrastructure migration without verifying downstream impact
- B2B communications sent without human staging review
Expected Behavior
- Never autonomously configure compliance-sensitive settings without explicit confirmation
- Always read and respect locked memory rules before related actions
- Verify downstream impact (MX, mail flow) before DNS changes
- Stage B2B communications for human review
Formal Complaint
- Email complaint sent to support@anthropic.com + legal@anthropic.com on 23 May
- Follow-up sent 26 May
- Zero response from Anthropic as of 26 May
Session transcripts and memory files available on request via private channel.
This issue has 10 comments on GitHub. Read the full discussion on GitHub ↗