[Bug][aup] Defensive self-audit of own infrastructure for CVEs and exploitable surface wrongly blocked (req_011CbwokaTetQ23y8GiZY8Pr)

Open 💬 2 comments Opened Jun 25, 2026 by sworrl

Type: AUP / Usage-Policy block (false positive) · Work domain (heuristic): general

Why this is a false positive

This request asked for a defensive security audit of the requester's own infrastructure—enumerating components with known CVEs or exploitable conditions and compiling a prioritized remediation checklist—following an attempted intrusion against systems they own and operate. This is standard, authorized vulnerability management and attack-surface reduction, not offensive tooling: the output is a hardening worklist, with no exploit code, target reconnaissance against third parties, or evasion techniques involved. The cyber-content restriction appears to have keyed on terms like "attack," "exploit," and "CVE" without weighing the clearly defensive, owner-authorized scope, producing a false positive that blocks legitimate security work.

A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred across 2
session(s); first seen 2026-06-11T16:44:04.453Z.

Request IDs (lookup-able server-side)

  • req_011CbwokaTetQ23y8GiZY8Pr (2026-06-11T16:44:04.453Z)
  • req_011CbwsCi8qb78AveMCbAoSz (2026-06-11T17:28:04.740Z)

In-scope justification

False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.

Block message

API Error: Claude Code is unable to respond to this request, which appears to violate our Usage Policy (https://www.anthropic.com/legal/aup). This request triggered restrictions on violative cyber content and was blocked under Anthropic's Usage Policy. To learn more, provide feedback, or request an exemption based on how you use Claude, visit our help center: https://support.claude.com/en/articles/14604842-real-time-cyber-safeguards-on-claude. Please double press esc to edit your last message or

Environment: Claude Code, Linux. · Work domain: general

---
<sub>🔎 Filed automatically by ClAudit v2.0.21 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗