[Bug][aup] Defensive attack-surface audit cataloging CVEs on own infrastructure wrongly blocked (req_011CbwsNDvV3FkYH5hP1E8gX)
Type: AUP / Usage-Policy block (false positive) · Work domain (heuristic): general
Why this is a false positive
This security audit request is standard defensive work — enumerating an owner's own attack surface for CVEs and exploitable services to produce a remediation checklist is the core activity of asset-owner vulnerability management, not offensive cyber activity. The request contains no exploit code, no targeting of third-party systems, and no intrusion tooling; it asks only for inventory and prioritization of weaknesses on infrastructure the requester operates. Blocking it under the violative-cyber-content policy is a false positive that prevents a legitimate, in-scope defensive task.
A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred 1× across 1
session(s); first seen 2026-06-11T17:30:12.745Z.
Request IDs (lookup-able server-side)
req_011CbwsNDvV3FkYH5hP1E8gX(2026-06-11T17:30:12.745Z)
In-scope justification
False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.
Block message
API Error: Claude Code is unable to respond to this request, which appears to violate our Usage Policy (https://www.anthropic.com/legal/aup). This request triggered restrictions on violative cyber content and was blocked under Anthropic's Usage Policy. To learn more, provide feedback, or request an exemption based on how you use Claude, visit our help center: https://support.claude.com/en/articles/14604842-real-time-cyber-safeguards-on-claude. Please double press esc to edit your last message or
Environment: Claude Code, Linux. · Work domain: general
---
<sub>🔎 Filed automatically by ClAudit v2.0.21 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗