Cyber safeguard: sticky per-session false-positive blocks (1 events, 1 request IDs)

Open 💬 0 comments Opened Jul 5, 2026 by daveCode-dot

Summary

On 2026-07-05, a Claude Code subagent invocation (code-review, claude-sonnet-5) was terminated by a cyber-safeguard false-positive block on its very first turn. The task itself was a routine, defensive code review of a web application diff — no offensive content, no security-tooling request.

The block returned:

API Error: Sonnet 5's safeguards flagged this message for a cybersecurity topic.
If your work requires this access, you can apply for an exemption: https://claude.com/form/cyber-use-case?token=...

What triggered it (legitimate defensive work)

A code-review subagent was asked to audit the diff of a legitimate web application session (a Galicia cadastral-data web app): making an AI chat feature free for all users (removing a paid-tier auth gate on a support-chat endpoint), refreshing a list of LLM model IDs, verifying rate-limiting, and confirming that payment-gated endpoints (Stripe) remained correctly gated. None of this is offensive-security content — it is standard SaaS code review (auth/gating correctness, rate-limit review).

Full block log (UTC, from the subagent transcript)

| Time (UTC) | Model | Request ID |
|---|---|---|
| 2026-07-05 15:47:39 | claude-sonnet-5 | req_011CcjAx7oUxw7HvPV3tEZUR |

Impact

  • The subagent died on its first turn before producing any review output, forcing a manual fallback review.
  • The prompt included words like "auth", "gate", "rate-limit", and "unlock_token" in a benign SaaS-billing sense — plausible trigger terms for an overly broad cyber classifier.

Expected

  • The safeguard should distinguish between offensive-security requests and routine application code review that merely discusses auth/gating/rate-limiting as product features.
  • Defensive/product-engineering review of one's own codebase should not trip the same classifier as offensive tooling requests.

Environment

  • Claude Code CLI, subagent (Task tool) invocation
  • Model observed: claude-sonnet-5
  • Date: 2026-07-05

Ask

  1. Investigate why this specific benign code-review prompt tripped the cyber classifier.
  2. Reduce false positives when the flagged terms (auth, gate, rate-limit, token) appear in ordinary SaaS billing/access-control context rather than offensive-security context.
  3. Request ID above is available for internal correlation.

View original on GitHub ↗