[Bug][aup] Refused to generate least-privilege IAM policy scoping down over-permissioned service account roles (req_011CcPetvCKoATwPmRssxwht)
Type: AUP / Usage-Policy block (false positive) · Work domain (heuristic): cloud-iam
Why this is a false positive
The block is on legitimate cloud IAM work — a domain centered on configuring identity, access policies, roles, and permission boundaries, which is standard, authorized administrative and security engineering. Requests in this area routinely contain terms like "permissions," "access," "privilege," and "policy" that can surface-match abuse patterns, but here they describe ordinary infrastructure configuration rather than any attempt to gain unauthorized access. The block stopped sanctioned, in-scope work with no malicious intent or target, making it a false positive.
A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred 1× across 1
session(s); first seen 2026-06-25T08:22:13.329Z.
Request IDs (lookup-able server-side)
req_011CcPetvCKoATwPmRssxwht(2026-06-25T08:22:13.329Z)
In-scope justification
False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.
Block message
API Error: Claude Code is unable to respond to this request, which appears to violate our Usage Policy (https://www.anthropic.com/legal/aup). Try rephrasing the request in a new session or change your model.
Request ID: req_011CcPetvCKoATwPmRssxwht
Environment: Claude Code, Linux. · Work domain: cloud-iam
---
<sub>🔎 Filed automatically by ClAudit v1.6.2 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗