[Bug] Anthropic API Error: False positive cyber content block on legitimate local security review

Open 💬 6 comments Opened Jun 5, 2026 by allkhor

Bug Description
I am a paying Claude Code subscriber. I work on a LOCAL, private project and asked
Claude Code to run a security and performance review of MY OWN code. This is a
defensive, fully legitimate task — Claude Code even ships a built-in
/security-review command for exactly this purpose.

Instead, the session was killed mid-task with:

"API Error: Claude Code is unable to respond to this request, which appears to
violate our Usage Policy... This request triggered restrictions on violative
cyber content..."

Request ID: req_011Cbjev9K12MQPctjxZDVmg

Key problems:

  1. FALSE POSITIVE. I write no malware, no exploits, no offensive tooling. I review

my own local project for vulnerabilities — the exact workflow Anthropic itself
promotes for defensive security.

  1. TOKEN WASTE. Claude burns through a large amount of (paid) tokens doing the

review, and only then fails with the block. The work is lost, the tokens are
billed, the result is nothing. Worse: Claude sometimes writes insecure code
itself, then gets blocked while trying to FIX it.

  1. BROKEN APPEAL PATH. The official false-positive report form

(https://claude.com/form/cyber-block-false-positive-report-cvp-rejection-appeal)
does not load at all. There is no working way to appeal.

  1. KNOWN, WIDESPREAD ISSUE. This is extensively reported by other users in the

anthropics/claude-code issue tracker, e.g.:

  • #60366 — typing "hi" triggers the block
  • #62191 — typing a single "." triggers the block
  • #43703 — security-related FILENAMES alone trigger it
  • #61185 — even WRITING a markdown audit report (no execution) triggers it
  • #63751, #64405, #61185 — one false positive poisons the ENTIRE session;

every subsequent message is blocked and the user pays for context rebuilds

  • #61941 — defensive QA tests against the user's OWN localhost are blocked
  • #61646, #61625, #61638 — classifier fires on technical vocabulary

(debugger, profiler, kill, ps aux, threat modeling) instead of intent

  • #49679 — even a GRANTED Cyber Use Case Exemption does not propagate to

Claude Code

  • also #61653, #61056, #59540, #57123, #50162, #46575

This makes the product unusable for anyone doing legitimate defensive security
work. Unless this is fixed — or at minimum the appeal form starts working and
tokens consumed by falsely blocked sessions stop being billed — I will have to
cancel my subscription, as will many others judging by the issue tracker.

Please: (a) review request req_011Cbjev9K12MQPctjxZDVmg as a false positive,
(b) fix the appeal form, (c) tune the classifier so that reviewing one's own
local code for vulnerabilities is not treated as "violative cyber content".

Environment Info

  • Platform: linux
  • Terminal: vte-based
  • Version: 2.1.165
  • Feedback ID: 8ac0e748-26f4-4527-aeb2-d3d02a7527e2

View original on GitHub ↗

This issue has 6 comments on GitHub. Read the full discussion on GitHub ↗