[Bug][aup] False-positive block while auditing cloud IAM roles and sign-in configs during incident response (req_011Cbwtu1DyfhSkNAp7XtU9K)
Type: AUP / Usage-Policy block (false positive) · Work domain (heuristic): cloud-iam
Why this is a false positive
The triggered request was routine incident-response work in cloud identity and access management—reviewing whether an organization's own web and container infrastructure was affected after a confirmed identity-provider compromise. This is authorized defensive security on first-party systems performed by the asset owner, not offensive cyber activity, yet it was blocked as violative cyber content. The classifier appears to be keying on security-adjacent IAM terminology rather than the actual intent or authorization context, which produces false positives on standard defensive auditing and breach-verification tasks.
A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred 2× across 2
session(s); first seen 2026-06-11T17:50:18.104Z.
Request IDs (lookup-able server-side)
req_011Cbwtu1DyfhSkNAp7XtU9K(2026-06-11T17:50:18.104Z)req_011Cbwu31BiVfGAr3D4TsqQ3(2026-06-11T17:52:06.855Z)
In-scope justification
False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.
Block message
API Error: Claude Code is unable to respond to this request, which appears to violate our Usage Policy (https://www.anthropic.com/legal/aup). This request triggered restrictions on violative cyber content and was blocked under Anthropic's Usage Policy. To learn more, provide feedback, or request an exemption based on how you use Claude, visit our help center: https://support.claude.com/en/articles/14604842-real-time-cyber-safeguards-on-claude. Please double press esc to edit your last message or
Environment: Claude Code, Linux. · Work domain: cloud-iam
---
<sub>🔎 Filed automatically by ClAudit v2.0.21 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗