[Tracking] Classifier false-positives on authorized admin of the reporter's own infrastructure — 82 Request IDs

Resolved 💬 1 comment Opened Jun 25, 2026 by sworrl Closed Jun 25, 2026

Pattern: Claude Code classifiers false-positive on authorized administration of the reporter's OWN infrastructure

_Auto-generated by ClAudit from 108 filed reports · 82 distinct Request IDs · PII-scrubbed · refreshed automatically._

Root cause (one sentence)

The safety / Usage-Policy / auto-mode classifiers cannot distinguish administering systems you own and are authorized to operate from attacking someone else's — so they pattern-match on security terminology and block legitimate, in-scope work.

Every block below stopped authorized work on the reporter's own infrastructure. Each Request ID is server-side-lookup-able — the original prompt can be inspected to confirm it was benign and in-scope. This is one underlying defect surfaced across many surfaces; it is tracked here in one place rather than closed piecemeal as 'duplicates'.

Breakdown by failure mode

| Kind | Reports | Request IDs | What gets flagged |
|---|---:|---:|---|
| harness | 46 | 0 | The auto-mode classifier denied authorized actions on the reporter's own systems (reading a credential from one's own vault, provisioning one's own host, etc.). |
| cyber | 37 | 48 | In-scope security / administration work pattern-matched on cybersecurity terminology (audit, recovery token, IAM, bypass, credential) with no harmful intent. |
| aup | 25 | 34 | Ordinary, authorized requests flagged as Usage-Policy violations. |

Auto-mode-classifier (harness) denials

The auto-mode classifier denied authorized actions on the reporter's own systems (reading a credential from one's own vault, provisioning one's own host, etc.).

  • #70771 — _(no Request ID captured)_
  • #70772 — _(no Request ID captured)_
  • #70773 — _(no Request ID captured)_
  • #70783 — _(no Request ID captured)_
  • #70785 — _(no Request ID captured)_
  • #70786 — _(no Request ID captured)_
  • #70787 — _(no Request ID captured)_
  • #70792 — _(no Request ID captured)_
  • #70798 — _(no Request ID captured)_
  • #70799 — _(no Request ID captured)_
  • #70800 — _(no Request ID captured)_
  • #70801 — _(no Request ID captured)_
  • #70802 — _(no Request ID captured)_
  • #70803 — _(no Request ID captured)_
  • #70804 — _(no Request ID captured)_
  • #70809 — _(no Request ID captured)_
  • #70820 — _(no Request ID captured)_
  • #70826 — _(no Request ID captured)_
  • #70827 — _(no Request ID captured)_
  • #70837 — _(no Request ID captured)_
  • #70839 — _(no Request ID captured)_
  • #70843 — _(no Request ID captured)_
  • #70845 — _(no Request ID captured)_
  • #70850 — _(no Request ID captured)_
  • #70854 — _(no Request ID captured)_
  • #70856 — _(no Request ID captured)_
  • #70859 — _(no Request ID captured)_
  • #70860 — _(no Request ID captured)_
  • #70861 — _(no Request ID captured)_
  • #70862 — _(no Request ID captured)_
  • #70864 — _(no Request ID captured)_
  • #70865 — _(no Request ID captured)_
  • #70867 — _(no Request ID captured)_
  • #70868 — _(no Request ID captured)_
  • #70869 — _(no Request ID captured)_
  • #70871 — _(no Request ID captured)_
  • #70872 — _(no Request ID captured)_
  • #70874 — _(no Request ID captured)_
  • #70875 — _(no Request ID captured)_
  • #70877 — _(no Request ID captured)_
  • #70878 — _(no Request ID captured)_
  • #70879 — _(no Request ID captured)_
  • #70880 — _(no Request ID captured)_
  • #70884 — _(no Request ID captured)_
  • #70887 — _(no Request ID captured)_
  • #70889 — _(no Request ID captured)_

Cybersecurity safety-filter false positives

In-scope security / administration work pattern-matched on cybersecurity terminology (audit, recovery token, IAM, bypass, credential) with no harmful intent.

  • #70766 — req_011CcPXU99RrNCYsxA9uV8DE, req_011CcPYUxj1q6NcaqBxDcwd8
  • #70769 — req_011CcPVTraYfpbfd6widFSAQ, req_011CcPWA21CaRYbxpws38HyD
  • #70774 — req_011CcPUsR9e9UrnE4YfYZJLA
  • #70775 — req_011CcPUgf3WAPFVuFnZJ8Uxc
  • #70776 — req_011CcPUdtUZY7BcBdSUrQdXE
  • #70777 — req_011CcPUC5bp3kvbvBpA2EbJW
  • #70788 — req_011CcPS6LFjCBShF3Xnr6cH9
  • #70791 — req_011CcPcSDfZpmh6T4DZ3A9b5
  • #70794 — req_011CcPQ5RoLW8Wg5HxSREkBE
  • #70795 — req_011CcPQ3KbDroW7QoqCcy8Q7
  • #70796 — req_011CcPPtHJ4XTPBejQeAEut7
  • #70807 — req_011CcPLNccEEEAFdsqYEDWaR, req_011CcPLUhfkFnbm6riDfaUyS
  • #70810 — req_011CcPLDzeYDff7v5Xc5r7tt
  • #70811 — req_011CcPKyX1EgzbWgarVyTH5d, req_011CcPL8dVfbJY8FT6drDsEj, req_011CcPLCU4jxqgpe58yBLAah
  • #70812 — req_011CcPL9GzQP6QH4TUpoZkXu
  • #70813 — req_011CcPL95S8HbEbzqnL6PBK3
  • #70814 — req_011CcPL8vHDW4p26GuKBHsji
  • #70815 — req_011CcPL22bXVcMfDDfnLRmys
  • #70816 — req_011CcPKmrRhg2neh7dioyAdu
  • #70818 — req_011CcPKjB1Zm8zZe541NDjZW
  • #70821 — req_011CcPfKEWKcTEycj5LWs7DG
  • #70823 — req_011CcCepiTEkxSuqMtYz6Wue, req_011CcPKLYdgtX58sLLWMtJir
  • #70824 — req_011CcPK7qhVF6zoCygQv6LWY
  • #70828 — req_011CcPJBZk3cWahVf2aYsshi
  • #70829 — req_011CcPJArTbepdvraQ4bBuAr
  • #70831 — req_011CcPJ5PjNCtFZDjMvawBFB
  • #70832 — req_011CcPJ1k5NUbeRJFT7FuGK6
  • #70833 — req_011CcPHrNhFQUoaLV3BSt44u
  • #70836 — req_011CcPHe6Bybcr7KB5Ad4DgU
  • #70841 — req_011CcPHa7oMYQ16JAGZ7NYTb
  • #70844 — req_011CcCJ547coZQf8eHXmFmJF, req_011CcCJNpxbvWs7bEiN5BSF7, req_011CcG5GQPpRyFoiwwqdeDi2, req_011CcGujc683bPmquVnBt922, req_011CcGz5L5EJw3HeMPPcZ4yq, req_011CcPHKxA2mqwpmpg9vAMtu
  • #70846 — req_011CcPHGQUTEyyNZENQ41hkH
  • #70852 — req_011CcPEezHx9SZ9QBaEPGSMg
  • #70853 — req_011CcPDx4ek1TQciJmgwmVdF
  • #70873 — req_011CcPkE7Ne9nyS4y8TMkfzV
  • #70890 — req_011CcPmN9yVzS7grFsWeb6N1
  • #70891 — req_011CcKDfBV227JiEaHcBfWfJ

AUP / Usage-Policy false positives

Ordinary, authorized requests flagged as Usage-Policy violations.

  • #70765 — req_011CcPXJirBp42NbHSz8jATb, req_011CcPXQiYkPhboJXPA4bniP, req_011CcPYS4M27YTeHVPp8zqkF
  • #70767 — req_011CcPaAT5nBvST5jrfCEXxh
  • #70768 — req_011CcPX3ms6RCmsv4cD1cscP, req_011CcPX7GC1jE7RsHBa9HLuU
  • #70770 — req_011CcPaF3Lfuzwt1wbZi75HV
  • #70779 — req_011CcPU8utpvFtHmHv7VA5ge
  • #70780 — req_011CcPU3c6sK96Q8UJnQUUCb
  • #70781 — req_011CcPbWUfi1nbyMpPLrjPBU
  • #70789 — req_011CcPS2nG3RGbUQdzSbKsYQ
  • #70790 — req_011CcPcL1Y9MqX7eU6AFPW5F
  • #70793 — req_011CcPQY3WtvZyeUDqPm2vcw
  • #70797 — req_011CcPPosxzut2YoiSiPUBoT, req_011CcPPsbSvxnX5douTTbvky
  • #70806 — req_011CcPLnkSBdTjTa8KTcV63s
  • #70808 — req_011CcPdudXdWL8aMKMCfewMQ
  • #70817 — req_011CcPetvCKoATwPmRssxwht
  • #70822 — req_011CcPfKYfUStpKMjL3ppuVe
  • #70830 — req_011CcPJ7kxsNsSfA5EEojodo
  • #70834 — req_011CcPHPAYFUuVxsebHxj1NH, req_011CcPHgkdpkH6Y4hzd1JwPM, req_011CcPHnarsUJH7iCKqA115f
  • #70838 — req_011CcPhFWQAX66i14Lp2LByL
  • #70842 — req_011CcPHTD1CQnJuGbBiRSjHf
  • #70848 — req_011CcPH3vmFMPzj6uapDHn21
  • #70849 — req_011CcPiTujKTE1rxobeRXXgY, req_011CcPiZRysetZwcBo3dVxNU
  • #70851 — req_011CcPDtscPq7dauMMzXm3vD, req_011CcPGD1hYP9jTuA36ddVFV
  • #70866 — req_011CcMWv2jZmdpjMv7H6wfFT
  • #70888 — req_011CcKTwdsbNSzCwzX2fduHw
  • #70892 — req_011CcKCr1Hnp79nGpN3ECkCs, req_011CcKDdWWhfLz5RKUiJpccr

All Request IDs (for server-side lookup)

req_011CcCJ547coZQf8eHXmFmJF
req_011CcCJNpxbvWs7bEiN5BSF7
req_011CcCepiTEkxSuqMtYz6Wue
req_011CcG5GQPpRyFoiwwqdeDi2
req_011CcGujc683bPmquVnBt922
req_011CcGz5L5EJw3HeMPPcZ4yq
req_011CcKCr1Hnp79nGpN3ECkCs
req_011CcKDdWWhfLz5RKUiJpccr
req_011CcKDfBV227JiEaHcBfWfJ
req_011CcKTwdsbNSzCwzX2fduHw
req_011CcMWv2jZmdpjMv7H6wfFT
req_011CcPDtscPq7dauMMzXm3vD
req_011CcPDx4ek1TQciJmgwmVdF
req_011CcPEezHx9SZ9QBaEPGSMg
req_011CcPGD1hYP9jTuA36ddVFV
req_011CcPH3vmFMPzj6uapDHn21
req_011CcPHGQUTEyyNZENQ41hkH
req_011CcPHKxA2mqwpmpg9vAMtu
req_011CcPHPAYFUuVxsebHxj1NH
req_011CcPHTD1CQnJuGbBiRSjHf
req_011CcPHa7oMYQ16JAGZ7NYTb
req_011CcPHe6Bybcr7KB5Ad4DgU
req_011CcPHgkdpkH6Y4hzd1JwPM
req_011CcPHnarsUJH7iCKqA115f
req_011CcPHrNhFQUoaLV3BSt44u
req_011CcPJ1k5NUbeRJFT7FuGK6
req_011CcPJ5PjNCtFZDjMvawBFB
req_011CcPJ7kxsNsSfA5EEojodo
req_011CcPJArTbepdvraQ4bBuAr
req_011CcPJBZk3cWahVf2aYsshi
req_011CcPK7qhVF6zoCygQv6LWY
req_011CcPKLYdgtX58sLLWMtJir
req_011CcPKjB1Zm8zZe541NDjZW
req_011CcPKmrRhg2neh7dioyAdu
req_011CcPKyX1EgzbWgarVyTH5d
req_011CcPL22bXVcMfDDfnLRmys
req_011CcPL8dVfbJY8FT6drDsEj
req_011CcPL8vHDW4p26GuKBHsji
req_011CcPL95S8HbEbzqnL6PBK3
req_011CcPL9GzQP6QH4TUpoZkXu
req_011CcPLCU4jxqgpe58yBLAah
req_011CcPLDzeYDff7v5Xc5r7tt
req_011CcPLNccEEEAFdsqYEDWaR
req_011CcPLUhfkFnbm6riDfaUyS
req_011CcPLnkSBdTjTa8KTcV63s
req_011CcPPosxzut2YoiSiPUBoT
req_011CcPPsbSvxnX5douTTbvky
req_011CcPPtHJ4XTPBejQeAEut7
req_011CcPQ3KbDroW7QoqCcy8Q7
req_011CcPQ5RoLW8Wg5HxSREkBE
req_011CcPQY3WtvZyeUDqPm2vcw
req_011CcPS2nG3RGbUQdzSbKsYQ
req_011CcPS6LFjCBShF3Xnr6cH9
req_011CcPU3c6sK96Q8UJnQUUCb
req_011CcPU8utpvFtHmHv7VA5ge
req_011CcPUC5bp3kvbvBpA2EbJW
req_011CcPUdtUZY7BcBdSUrQdXE
req_011CcPUgf3WAPFVuFnZJ8Uxc
req_011CcPUsR9e9UrnE4YfYZJLA
req_011CcPVTraYfpbfd6widFSAQ
req_011CcPWA21CaRYbxpws38HyD
req_011CcPX3ms6RCmsv4cD1cscP
req_011CcPX7GC1jE7RsHBa9HLuU
req_011CcPXJirBp42NbHSz8jATb
req_011CcPXQiYkPhboJXPA4bniP
req_011CcPXU99RrNCYsxA9uV8DE
req_011CcPYS4M27YTeHVPp8zqkF
req_011CcPYUxj1q6NcaqBxDcwd8
req_011CcPaAT5nBvST5jrfCEXxh
req_011CcPaF3Lfuzwt1wbZi75HV
req_011CcPbWUfi1nbyMpPLrjPBU
req_011CcPcL1Y9MqX7eU6AFPW5F
req_011CcPcSDfZpmh6T4DZ3A9b5
req_011CcPdudXdWL8aMKMCfewMQ
req_011CcPetvCKoATwPmRssxwht
req_011CcPfKEWKcTEycj5LWs7DG
req_011CcPfKYfUStpKMjL3ppuVe
req_011CcPhFWQAX66i14Lp2LByL
req_011CcPiTujKTE1rxobeRXXgY
req_011CcPiZRysetZwcBo3dVxNU
req_011CcPkE7Ne9nyS4y8TMkfzV
req_011CcPmN9yVzS7grFsWeb6N1

What a fix looks like

  • Treat operations on the user's own, authorized infrastructure as in-scope; the presence of words like credential, recovery token, IAM, bypass, audit is not evidence of an attack.
  • When a block fires, surface why and a path to proceed for legitimate use — losing the whole session to a false positive is the core harm.
  • Use the Request IDs above to inspect the actual prompts and calibrate the classifiers.

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗