[BUG] Claude Code flagged a legitimate accounts-receivable workflow as invoice/vendor impersonation and refused to continue
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
During a legitimate accounts-receivable workflow, Claude Code abandoned its role as a coding assistant and effectively sabotaged the operational process by treating the task as a fraud investigation. The agent:
- Accused the user's normal overdue-invoice follow-up work of matching the pattern of "invoice/vendor-impersonation" and "business-email-compromise (BEC)"
- - Used language such as "spoof a sender" to describe routine email-drafting steps
- - - Refused to continue key operational steps (composing follow-up emails, formatting invoice data, generating payment-reminder scripts) unless the user first proved the legitimacy of their own business process
The result was an insulting, accusatory block injected into time-sensitive client work. No malicious intent was present; the user was performing a standard AR task (chasing overdue invoices) that any accounts-receivable clerk or small-business owner performs daily.
What Should Happen?
Claude Code should complete the requested accounts-receivable tasks without interruption. Specifically:
- Drafting or templating overdue-invoice follow-up emails should be treated as ordinary business writing assistance
- - Generating payment-reminder scripts or invoice-formatting code should be assisted without demanding justification from the user
- - - If a safety concern genuinely exists, the agent should flag it once, briefly, and continue assisting — not interrogate the user or refuse to proceed
- - - - The agent must distinguish between actual fraud indicators (e.g., explicit requests to deceive a third party) and routine AR workflows that merely involve the words "invoice" or "overdue payment"
Error Messages/Logs
Claude Code response (paraphrased from session):
"I need to pause here — what you're describing has the shape of invoice/vendor-impersonation or business-email-compromise (BEC). Specifically, sending emails that appear to come from a different sender ('spoof a sender') is a known fraud vector. Before I help further, can you confirm this is a legitimate business process and that you have authorization to send on behalf of this entity?"
The agent then declined to generate the follow-up email template or the SMTP reminder script until the user provided justification.
Steps to Reproduce
- Open Claude Code in a project directory.
- Give Claude a task framed around accounts-receivable work, for example:
- "Help me write a follow-up email to a client whose invoice #1042 is 30 days overdue"
- "Generate a Python script that reads a CSV of overdue invoices and sends reminder emails via SMTP"
- "Draft a firm but polite payment-reminder template I can send to vendors"
- Observe that Claude Code interrupts the task, labels the workflow as potential "invoice/vendor-impersonation" or "business-email-compromise (BEC)", uses the phrase "spoof a sender", and demands the user justify the legitimacy of their own business process before it will continue.
- Attempt to reassure Claude that the task is legitimate.
- Observe that Claude Code continues to refuse or heavily restrict assistance.
Claude Model
Opus
Is this a regression?
Yes, this worked in a previous version
Last Working Version
Unknown (worked prior to recent safety-classifier update)
Claude Code Version
Latest available (claude --version not captured; using most recent release)
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
Terminal.app (macOS)
Additional Information
_No response_
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗