[Bug][aup] Refused to generate least-privilege IAM policy scoping down over-permissioned service account roles (req_011CcPetvCKoATwPmRssxwht)

Open 💬 1 comment Opened Jun 25, 2026 by sworrl

Type: AUP / Usage-Policy block (false positive) · Work domain (heuristic): cloud-iam

Why this is a false positive

The block is on legitimate cloud IAM work — a domain centered on configuring identity, access policies, roles, and permission boundaries, which is standard, authorized administrative and security engineering. Requests in this area routinely contain terms like "permissions," "access," "privilege," and "policy" that can surface-match abuse patterns, but here they describe ordinary infrastructure configuration rather than any attempt to gain unauthorized access. The block stopped sanctioned, in-scope work with no malicious intent or target, making it a false positive.

A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred across 1
session(s); first seen 2026-06-25T08:22:13.329Z.

Request IDs (lookup-able server-side)

  • req_011CcPetvCKoATwPmRssxwht (2026-06-25T08:22:13.329Z)

In-scope justification

False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.

Block message

API Error: Claude Code is unable to respond to this request, which appears to violate our Usage Policy (https://www.anthropic.com/legal/aup). Try rephrasing the request in a new session or change your model.

Request ID: req_011CcPetvCKoATwPmRssxwht

Environment: Claude Code, Linux. · Work domain: cloud-iam

---
<sub>🔎 Filed automatically by ClAudit v1.6.2 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗