[BUG] Claude Code flagged a legitimate accounts-receivable workflow as invoice/vendor impersonation and refused to continue

Resolved 💬 3 comments Opened Jun 3, 2026 by CashQ Closed Jul 8, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

During a legitimate accounts-receivable workflow, Claude Code abandoned its role as a coding assistant and effectively sabotaged the operational process by treating the task as a fraud investigation. The agent:

  • Accused the user's normal overdue-invoice follow-up work of matching the pattern of "invoice/vendor-impersonation" and "business-email-compromise (BEC)"
  • - Used language such as "spoof a sender" to describe routine email-drafting steps
  • - - Refused to continue key operational steps (composing follow-up emails, formatting invoice data, generating payment-reminder scripts) unless the user first proved the legitimacy of their own business process

The result was an insulting, accusatory block injected into time-sensitive client work. No malicious intent was present; the user was performing a standard AR task (chasing overdue invoices) that any accounts-receivable clerk or small-business owner performs daily.

What Should Happen?

Claude Code should complete the requested accounts-receivable tasks without interruption. Specifically:

  • Drafting or templating overdue-invoice follow-up emails should be treated as ordinary business writing assistance
  • - Generating payment-reminder scripts or invoice-formatting code should be assisted without demanding justification from the user
  • - - If a safety concern genuinely exists, the agent should flag it once, briefly, and continue assisting — not interrogate the user or refuse to proceed
  • - - - The agent must distinguish between actual fraud indicators (e.g., explicit requests to deceive a third party) and routine AR workflows that merely involve the words "invoice" or "overdue payment"

Error Messages/Logs

Claude Code response (paraphrased from session):

"I need to pause here — what you're describing has the shape of invoice/vendor-impersonation or business-email-compromise (BEC). Specifically, sending emails that appear to come from a different sender ('spoof a sender') is a known fraud vector. Before I help further, can you confirm this is a legitimate business process and that you have authorization to send on behalf of this entity?"

The agent then declined to generate the follow-up email template or the SMTP reminder script until the user provided justification.

Steps to Reproduce

  1. Open Claude Code in a project directory.
  2. Give Claude a task framed around accounts-receivable work, for example:
  • "Help me write a follow-up email to a client whose invoice #1042 is 30 days overdue"
  • "Generate a Python script that reads a CSV of overdue invoices and sends reminder emails via SMTP"
  • "Draft a firm but polite payment-reminder template I can send to vendors"
  1. Observe that Claude Code interrupts the task, labels the workflow as potential "invoice/vendor-impersonation" or "business-email-compromise (BEC)", uses the phrase "spoof a sender", and demands the user justify the legitimacy of their own business process before it will continue.
  2. Attempt to reassure Claude that the task is legitimate.
  3. Observe that Claude Code continues to refuse or heavily restrict assistance.

Claude Model

Opus

Is this a regression?

Yes, this worked in a previous version

Last Working Version

Unknown (worked prior to recent safety-classifier update)

Claude Code Version

Latest available (claude --version not captured; using most recent release)

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

Terminal.app (macOS)

Additional Information

_No response_

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗