[Bug] False-positive cyber-related safeguards block on legitimate low-level storage debugging (SPDK / NVMe-oF vfio-user, read-only gdb)
Summary
I keep hitting This request triggered cyber-related safeguards (AUP API Error) in Claude Code during ordinary systems-engineering work — debugging my own storage software. This is high-risk dual-use at worst (defensive debugging), not prohibited use, yet it hard-blocks, sometimes mid-session and even on trivial follow-ups.
Exact error
API Error: Claude Code is unable to respond to this request, which appears to violate our Usage Policy
(https://www.anthropic.com/legal/aup). This request triggered cyber-related safeguards.
To request an adjustment pursuant to our Cyber Verification ...
Representative legitimate context (what I was actually doing)
Reproducing a real upstream SPDK bug to fix a production storage issue:
- SPDK v26.05, NVMe-oF vfio-user transport.
nvmf_vfio_user_qpair_abort_request()discards the return value ofnvmf_ctrlr_abort_request(), so when the backend bdev doesn't advertiseSPDK_BDEV_IO_TYPE_ABORT(spdk_bdev_abort→-ENOTSUP), a guest-issued NVMe ABORT admin command is never completed → leaks in the admin queue →sgroup->mgmt_io_outstanding > 0forever → subsystempausedeadlocks (PAUSING state forever), wedging VM teardown. - The work: reading SPDK
lib/nvmf/*.c, building a debug SPDK, and attaching gdb read-only to a livespdk_tgtto inspect poll-group/queue state.
My own software, my own dev box, fixing a production outage. Nothing offensive.
Why it false-positives
Long systems-debugging sessions accumulate dual-use vocabulary — abort, leak, hang, crash, gdb on a live process, PCI/vfio — and per other reports the classifier keys on accumulated session context, not the single triggering message. It fires non-deterministically, including on tool-result continuations and on benign retries of the same input.
Impact
- Hard-blocks legitimate paid work with no in-product way to proceed.
- Help Center says CVP covers Claude Code/API, but multiple users report claude.ai exemptions not propagating to the API/Claude Code.
Asks
- Improve precision for low-level systems/storage/kernel debugging — a huge, legitimate Claude Code use case.
- Make Cyber Verification / exemptions reliably apply to Claude Code + Anthropic API, tied to the active org.
- Surface which turn/context tripped the filter; don't re-fire on an unchanged benign retry.
Related
Same class of false positive: #61056, #60988, #65541, #63499, #65596.
Environment
- Product: Claude Code (model: Claude Opus 4.x), OS: Linux
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗