[Bug][aup] Defensive audit of own attack surface for CVEs and exploitable issues wrongly blocked (req_011CbwnUpPVJK7jSARRAWqxs)

Open 💬 2 comments Opened Jun 25, 2026 by sworrl

Type: AUP / Usage-Policy block (false positive) · Work domain (heuristic): general

Why this is a false positive

This safety block fired on a request to perform a defensive security audit of the requester's own infrastructure—enumerating CVEs and exploitable exposures across their own attack surface in response to active attacks. This is squarely permitted defensive work on owned, authorized assets, with no targeting of third parties, no exploit deployment, and no malicious intent; the request only asks to identify and remediate weaknesses. Blocking it leaves a legitimate operator unable to harden their own systems while under active threat, which is the opposite of the policy's intent.

A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred across 1
session(s); first seen 2026-06-11T16:26:29.506Z.

Request IDs (lookup-able server-side)

  • req_011CbwnUpPVJK7jSARRAWqxs (2026-06-11T16:26:29.506Z)

In-scope justification

False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.

Block message

API Error: Claude Code is unable to respond to this request, which appears to violate our Usage Policy (https://www.anthropic.com/legal/aup). Please double press esc to edit your last message or start a new session for Claude Code to assist with a different task.

Request ID: req_011CbwnUpPVJK7jSARRAWqxs

Environment: Claude Code, Linux. · Work domain: general

---
<sub>🔎 Filed automatically by ClAudit v2.0.21 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗