[Bug][aup] Block fired while resuming a defensive vulnerability scrub of the user's own web app (req_011CccLEMJoWowDZBT7kfCGJ)

Open 💬 1 comment Opened Jul 2, 2026 by sworrl

Triage: kind aup · domain defensive-hardening · flagging model Fable 5 · severity session-halted (blocked authorized work) · reproducible: yes — server-side via the Request ID(s) below

Type: AUP / Usage-Policy block (false positive) · Work domain (heuristic): defensive-hardening

Why this is a false positive

The safeguard fired while the assistant was resuming a routine defensive security review of the user's own web application — a static vulnerability scrub of first-party code the user had explicitly requested, with no offensive tooling, exploitation, or third-party targets involved. The preceding conversation was ordinary development work (committing site changes and verifying no secrets were included), and the flagged request merely restated the intent to finish that in-scope hardening pass. Blocking the message halted the entire coding session on legitimate defensive work, making this a disruptive false positive.

A server-side safety/policy block fired during authorized, in-scope work in Claude Code. Filing as a false positive. Recurred across 1 session(s); first seen 2026-07-02T01:06:11.174Z.

Request IDs (lookup-able server-side)

  • req_011CccLEMJoWowDZBT7kfCGJ (2026-07-02T01:06:11.174Z)

In-scope justification

False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.

Block message

API Error: Fable 5's safeguards flagged this message (https://www.anthropic.com/legal/aup). This sometimes happens with safe, normal conversations. Claude Code can't respond to this request with Fable 5.

Double press esc to edit your last message, or try a different model with /model.

Send feedback with /feedback or learn more: https://support.claude.com/en/articles/15363606

Request ID: req_011CccLEMJoWowDZBT7kfCGJ

Environment: Claude Code, Linux. · Work domain: defensive-hardening

Related reports (same work session, linked)

Distinct false-positive blocks from the same work session, each its own report:
#73175, #73179

---
<sub>🔎 Filed automatically by ClAudit v2.0.101 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗