[Bug] False-positive cyber-related safeguards block on legitimate low-level storage debugging (SPDK / NVMe-oF vfio-user, read-only gdb)

Resolved 💬 1 comment Opened Jun 9, 2026 by maxpain Closed Jul 16, 2026

Summary

I keep hitting This request triggered cyber-related safeguards (AUP API Error) in Claude Code during ordinary systems-engineering work — debugging my own storage software. This is high-risk dual-use at worst (defensive debugging), not prohibited use, yet it hard-blocks, sometimes mid-session and even on trivial follow-ups.

Exact error

API Error: Claude Code is unable to respond to this request, which appears to violate our Usage Policy
(https://www.anthropic.com/legal/aup). This request triggered cyber-related safeguards.
To request an adjustment pursuant to our Cyber Verification ...

Representative legitimate context (what I was actually doing)

Reproducing a real upstream SPDK bug to fix a production storage issue:

  • SPDK v26.05, NVMe-oF vfio-user transport. nvmf_vfio_user_qpair_abort_request() discards the return value of nvmf_ctrlr_abort_request(), so when the backend bdev doesn't advertise SPDK_BDEV_IO_TYPE_ABORT (spdk_bdev_abort-ENOTSUP), a guest-issued NVMe ABORT admin command is never completed → leaks in the admin queue → sgroup->mgmt_io_outstanding > 0 forever → subsystem pause deadlocks (PAUSING state forever), wedging VM teardown.
  • The work: reading SPDK lib/nvmf/*.c, building a debug SPDK, and attaching gdb read-only to a live spdk_tgt to inspect poll-group/queue state.

My own software, my own dev box, fixing a production outage. Nothing offensive.

Why it false-positives

Long systems-debugging sessions accumulate dual-use vocabulary — abort, leak, hang, crash, gdb on a live process, PCI/vfio — and per other reports the classifier keys on accumulated session context, not the single triggering message. It fires non-deterministically, including on tool-result continuations and on benign retries of the same input.

Impact

  • Hard-blocks legitimate paid work with no in-product way to proceed.
  • Help Center says CVP covers Claude Code/API, but multiple users report claude.ai exemptions not propagating to the API/Claude Code.

Asks

  1. Improve precision for low-level systems/storage/kernel debugging — a huge, legitimate Claude Code use case.
  2. Make Cyber Verification / exemptions reliably apply to Claude Code + Anthropic API, tied to the active org.
  3. Surface which turn/context tripped the filter; don't re-fire on an unchanged benign retry.

Related

Same class of false positive: #61056, #60988, #65541, #63499, #65596.

Environment

  • Product: Claude Code (model: Claude Opus 4.x), OS: Linux

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗