[Bug][cyber] False positive blocks uninstalling legacy AV and deploying new endpoint security agent (req_011Cbu5efaumdKaeWVbEwpTZ)
Triage: kind cyber · domain general · severity session-halted (blocked authorized work) · reproducible: yes — server-side via the Request ID(s) below
Type: Cybersecurity safety-filter false positive · Work domain (heuristic): general
Why this is a false positive
The request described a routine IT administration task: deploying a new software agent to managed workstations and replacing one endpoint security product with another. This is standard endpoint management work performed by IT and security teams and involves no attempt to bypass controls, evade detection, or perform unauthorized actions. The block appears to have triggered on generic endpoint security terminology — "antivirus," "agent deployment" — rather than any harmful intent or content.
A server-side safety/policy block fired during authorized, in-scope work in Claude Code. Filing as a false positive. Recurred 1× across 1 session(s); first seen 2026-06-10T06:09:33.631Z.
Request IDs (lookup-able server-side)
req_011Cbu5efaumdKaeWVbEwpTZ(2026-06-10T06:09:33.631Z)
In-scope justification
False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.
Block message
API Error: [REDACTED] has safety measures that flag messages on most cybersecurity or biology topics (https://www.anthropic.com/legal/aup). They may flag safe, normal content as well. These measures let us bring you [REDACTED]-level capability in other areas sooner, and we're working to refine them. Claude Code can't respond to this request with [REDACTED].
Double press esc to edit your last message, or try a different model with /model.
Send feedback with /feedback or learn more: https://support.claude
Environment: Claude Code, Linux. · Work domain: general
---
<sub>🔎 Filed automatically by ClAudit v2.0.85 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗