[Bug] Usage Policy false positive blocks legitimate defensive security research

Open 💬 4 comments Opened Jun 10, 2026 by Gandalf-the-Grey

Doing an authorized defensive security audit of the Hive blockchain node (hived) — open-source, publicly-auditable software I help maintain — one mid-session Claude Code request was blocked with:

Claude Code is unable to respond to this request, which appears to violate our Usage Policy (https://www.anthropic.com/legal/aup) ...

Request ID: req_011CbuY9GKWgPu86XTratDCk (session otherwise completed normally)

The work is standard hardening — static analysis, fuzzing, and sanitizer testing to find and fix memory-safety and denial-of-service bugs before users are affected. Fully authorized; the goal is defense, not exploitation. The block looks triggered by the security-heavy vocabulary ("crash", "DoS", "malformed input") rather than any real violation — and blocking this kind of work makes widely-used open-source software less safe.

Ask: please review the request by its ID, confirm whether it's a false positive, and tune the classifier so it doesn't impede defensive security research.

Related: #65596, #56095; UX request #64287. Env: Claude Code (CLI), Linux.

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗