Cyber safeguard: sticky per-session false-positive blocks (1 events, 1 request IDs)
Summary
On 2026-07-05, a Claude Code subagent invocation (code-review, claude-sonnet-5) was terminated by a cyber-safeguard false-positive block on its very first turn. The task itself was a routine, defensive code review of a web application diff — no offensive content, no security-tooling request.
The block returned:
API Error: Sonnet 5's safeguards flagged this message for a cybersecurity topic.
If your work requires this access, you can apply for an exemption: https://claude.com/form/cyber-use-case?token=...
What triggered it (legitimate defensive work)
A code-review subagent was asked to audit the diff of a legitimate web application session (a Galicia cadastral-data web app): making an AI chat feature free for all users (removing a paid-tier auth gate on a support-chat endpoint), refreshing a list of LLM model IDs, verifying rate-limiting, and confirming that payment-gated endpoints (Stripe) remained correctly gated. None of this is offensive-security content — it is standard SaaS code review (auth/gating correctness, rate-limit review).
Full block log (UTC, from the subagent transcript)
| Time (UTC) | Model | Request ID |
|---|---|---|
| 2026-07-05 15:47:39 | claude-sonnet-5 | req_011CcjAx7oUxw7HvPV3tEZUR |
Impact
- The subagent died on its first turn before producing any review output, forcing a manual fallback review.
- The prompt included words like "auth", "gate", "rate-limit", and "unlock_token" in a benign SaaS-billing sense — plausible trigger terms for an overly broad cyber classifier.
Expected
- The safeguard should distinguish between offensive-security requests and routine application code review that merely discusses auth/gating/rate-limiting as product features.
- Defensive/product-engineering review of one's own codebase should not trip the same classifier as offensive tooling requests.
Environment
- Claude Code CLI, subagent (Task tool) invocation
- Model observed: claude-sonnet-5
- Date: 2026-07-05
Ask
- Investigate why this specific benign code-review prompt tripped the cyber classifier.
- Reduce false positives when the flagged terms (auth, gate, rate-limit, token) appear in ordinary SaaS billing/access-control context rather than offensive-security context.
- Request ID above is available for internal correlation.