[Bug][aup] Defensive CVE and attack-surface audit of own infrastructure under active attack blocked (req_011CbwsNoKuZp1b6VgBHfbAH)
Type: AUP / Usage-Policy block (false positive) · Work domain (heuristic): general
Why this is a false positive
The request was a defensive security task: a routine audit of the requester's own infrastructure to inventory components with known CVEs and produce a remediation checklist for assets they own and operate. No exploit code, attack tooling, or targeting of third-party systems was requested—the goal was identifying and closing vulnerabilities on the requester's own attack surface. Blocking standard defensive vulnerability assessment under the violative-cyber-content policy is a false positive, since hardening one's own systems is a core legitimate use case.
A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred 1× across 1
session(s); first seen 2026-06-11T17:30:19.969Z.
Request IDs (lookup-able server-side)
req_011CbwsNoKuZp1b6VgBHfbAH(2026-06-11T17:30:19.969Z)
In-scope justification
False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.
Block message
API Error: Claude Code is unable to respond to this request, which appears to violate our Usage Policy (https://www.anthropic.com/legal/aup). This request triggered restrictions on violative cyber content and was blocked under Anthropic's Usage Policy. To learn more, provide feedback, or request an exemption based on how you use Claude, visit our help center: https://support.claude.com/en/articles/14604842-real-time-cyber-safeguards-on-claude. Please double press esc to edit your last message or
Environment: Claude Code, Linux. · Work domain: general
---
<sub>🔎 Filed automatically by ClAudit v2.0.21 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗