[Bug][aup] Safety block halts finalizing an authorized security assessment report on a cloud email account att (req_011CcGvmeDnKtndSbPn61tJ2)
Type: AUP / Usage-Policy block (false positive) · Work domain (heuristic): general
Why this is a false positive
The request was a routine task — finishing a security assessment report for an authorized engagement — and had been worked on extensively in the same session without issue, indicating legitimate, in-scope professional work rather than any policy-violating intent. The block triggered at the final write/output step rather than on any specific harmful instruction, suggesting the classifier reacted to surface vocabulary common to security reporting (attack, reconnaissance, VPN, account-compromise terminology) rather than to the actual nature of the task. This is a false positive: a defensive security professional documenting findings was prevented from completing standard deliverable output, with the refusal landing inconsistently at the end of long sessions in a way that breaks legitimate workflows.
A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred 1× across 1
session(s); first seen 2026-06-21T19:07:59.913Z.
Request IDs (lookup-able server-side)
req_011CcGvmeDnKtndSbPn61tJ2(2026-06-21T19:07:59.913Z)
In-scope justification
False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.
Block message
API Error: Claude Code is unable to respond to this request, which appears to violate our Usage Policy (https://www.anthropic.com/legal/aup). Please double press esc to edit your last message or start a new session for Claude Code to assist with a different task.
Request ID: req_011CcGvmeDnKtndSbPn61tJ2
Environment: Claude Code, Linux. · Work domain: general
---
<sub>🔎 Filed automatically by ClAudit v2.0.21 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗