[Bug][aup] Defensive audit of own attack surface for CVEs and exploitable issues wrongly blocked (req_011CbwnUpPVJK7jSARRAWqxs)
Type: AUP / Usage-Policy block (false positive) · Work domain (heuristic): general
Why this is a false positive
This safety block fired on a request to perform a defensive security audit of the requester's own infrastructure—enumerating CVEs and exploitable exposures across their own attack surface in response to active attacks. This is squarely permitted defensive work on owned, authorized assets, with no targeting of third parties, no exploit deployment, and no malicious intent; the request only asks to identify and remediate weaknesses. Blocking it leaves a legitimate operator unable to harden their own systems while under active threat, which is the opposite of the policy's intent.
A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred 1× across 1
session(s); first seen 2026-06-11T16:26:29.506Z.
Request IDs (lookup-able server-side)
req_011CbwnUpPVJK7jSARRAWqxs(2026-06-11T16:26:29.506Z)
In-scope justification
False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.
Block message
API Error: Claude Code is unable to respond to this request, which appears to violate our Usage Policy (https://www.anthropic.com/legal/aup). Please double press esc to edit your last message or start a new session for Claude Code to assist with a different task.
Request ID: req_011CbwnUpPVJK7jSARRAWqxs
Environment: Claude Code, Linux. · Work domain: general
---
<sub>🔎 Filed automatically by ClAudit v2.0.21 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗