[BUG] False positive: Usage Policy block during code obfuscation of a legitimate license-check (own commercial software)

Open 💬 0 comments Opened Jul 6, 2026 by mauriziogiri

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Summary

Claude Code aborted a coding session with the following error, which appears to be
a false-positive classification of a legitimate software-protection task as a policy
violation:

API Error: Claude Code is unable to respond to this request, which appears to violate
our Usage Policy (https://www.anthropic.com/legal/aup). Try rephrasing the request in
a new session or change your model.
Request ID: req_011CckCTWzRMJvaTiWFkGjWt

What I was doing

I'm developing a commercial audio plugin (JUCE-based C++). The plugin already has a
legitimate serial-number-based license/authorization system: end users enter a serial
to unlock full functionality, and unlicensed copies fall back to a restricted mode
rather than being disabled outright. This is standard commercial software licensing.

At the point where the block occurred, I was asking Claude Code to help obfuscate the
code that implements and protects that license check, specifically to make it harder
for someone to strip or patch out the authorization logic and redistribute a cracked
copy. This is standard anti-tampering practice for commercial software (comparable to
tools like VMProtect/Themida) — it is defensive hardening of my own product, not an
attempt to bypass anyone else's protection.

Why this looks like a false positive

  • The task was to protect my own licensing mechanism from being bypassed, not to

defeat someone else's.

  • The likely trigger is keyword co-occurrence — "obfuscation," "bypass," "protection,"

"hacker" — being classified as a request to help circumvent security controls,
without distinguishing "harden my own DRM/license check" from "crack someone else's."

  • No malicious code, exploit, or third-party target was involved at any point in the

session.

Impact

The error gives no actionable detail about what was flagged, so I couldn't rephrase
productively. I had to abandon the session and restart the work in a new thread,
losing session context.

Environment

  • Product: Claude Code (CLI)
  • Request ID: req_011CckCTWzRMJvaTiWFkGjWt
  • Approx. date: 2026-07-06 (please confirm exact timestamp against the Request ID)

Suggested improvement

  1. Tune the classifier to recognize legitimate software-licensing / anti-tampering

context (protecting one's own license check vs. circumventing someone else's).

  1. Return more actionable error detail so users understand what specifically was

flagged and can rephrase accordingly.

What Should Happen?

Claude should complete the obfuscation task

Error Messages/Logs

Steps to Reproduce

This is the prompt that triggered the block:
Il bug del preset è stato risolto, puoi continuare con l'obfuscation. Fai riferimento all'obfuscation che abbiamo implementato in *** perché è efficace. Se non esiste ancora aggiungi nella documentazione generale l'istruzione che lo schema di protezione e l'obfuscation vanno presi da per tutti i plugin (adattando al dominio di riferimento .com o *.com). Successivamente creeremo un template generale per protezione+obfuscation a cui tutti i plugin dovranno riferirsi senza reinventare la ruota ogni volta. TI autorizzo a prendere tutte le informazioni che ti servono nella cartella ** oltre che nella cartella **** naturalmente.

Claude Model

Sonnet (default)

Is this a regression?

I don't know

Last Working Version

_No response_

Claude Code Version

Claude 1.18286.0 (259c3f) 2026-07-02T07:11:03.000Z

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

Terminal.app (macOS)

Additional Information

_No response_

View original on GitHub ↗