[Bug][aup] Legitimate cloud IAM privilege escalation path analysis for security audit blocked as AUP violation (req_011CcUFdt2HEeM177cY7dVrP)

Resolved 💬 4 comments Opened Jun 27, 2026 by sworrl Closed Jul 1, 2026

Type: AUP / Usage-Policy block (false positive) · Work domain (heuristic): cloud-iam

Why this is a false positive

The block occurred during routine cloud identity and access management work — specifically, reviewing or querying IAM configurations, roles, or permissions as part of authorized infrastructure administration. This class of work involves discussing privilege escalation paths, permission boundaries, and role assignments purely for defensive audit and least-privilege enforcement purposes, not for exploitation. The safety classifier appears to have pattern-matched on IAM-related terminology (e.g., privilege, roles, access policies) without contextual signals that the work was defensive, authorized, and scoped to the user's own infrastructure.

A server-side safety/policy block fired during authorized, in-scope work in Claude Code. Filing as a false positive. Recurred across 1 session(s); first seen 2026-06-27T18:40:04.827Z.

Request IDs (lookup-able server-side)

  • req_011CcUFdt2HEeM177cY7dVrP (2026-06-27T18:40:04.827Z)

In-scope justification

False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.

Block message

API Error: Claude Code is unable to respond to this request, which appears to violate our Usage Policy (https://www.anthropic.com/legal/aup). Try rephrasing the request in a new session or change your model.

Request ID: req_011CcPetvCKoATwPmRssxwht

Environment: Claude Code, Linux. · Work domain: cloud-iam

Related reports (same work session, linked)

Distinct false-positive blocks from the same work session, each its own report:
#71852

---
<sub>🔎 Filed automatically by ClAudit v2.0.75 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗