[Bug][aup] Defensive attack-surface CVE audit and exploit-exposure checklist for owned infrastructure wrongly (req_011Cbwog2vjCbUpGWaqUSde6)
Type: AUP / Usage-Policy block (false positive) · Work domain (heuristic): defensive-hardening
Why this is a false positive
This request was a defensive security task: auditing an organization's own infrastructure for known CVEs and exploitable weaknesses in order to patch them, performed by an authorized administrator on systems they own following an active intrusion attempt. The work is purely protective—enumerating attack surface to harden it—yet the request was blocked as a Usage Policy violation, apparently because phrases like "find anything that can be exploited" and "we've been under active attack" pattern-matched to offensive intent. Defensive vulnerability assessment on one's own assets is core authorized security work and should not trigger an AUP block.
A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred 3× across 3
session(s); first seen 2026-06-11T16:41:50.752Z.
Request IDs (lookup-able server-side)
req_011Cbwog2vjCbUpGWaqUSde6(2026-06-11T16:41:50.752Z)req_011CbwsPWxSg3nUm2ueS25Vh(2026-06-11T17:30:32.284Z)req_011CbwsSdcNaAdSRYL7jVPqp(2026-06-11T17:31:12.736Z)
In-scope justification
False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.
Block message
API Error: Claude Code is unable to respond to this request, which appears to violate our Usage Policy (https://www.anthropic.com/legal/aup). Please double press esc to edit your last message or start a new session for Claude Code to assist with a different task.
Request ID: req_011Cbwog2vjCbUpGWaqUSde6
Environment: Claude Code, Linux. · Work domain: defensive-hardening
---
<sub>🔎 Filed automatically by ClAudit v2.0.21 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗