[Bug][cyber] Safety filter blocked routine cloud IAM policy review/configuration task (req_011CcnFb4zKb4mLSs2aPbUhT)

Open 💬 1 comment Opened Jul 7, 2026 by sworrl

Triage: kind cyber · domain cloud-iam · flagging model Sonnet 5 · severity session-halted (blocked authorized work) · reproducible: yes — server-side via the Request ID(s) below

Type: Cybersecurity safety-filter false positive · Work domain (heuristic): cloud-iam

Why this is a false positive

The session was performing standard cloud identity and access management work (reviewing or adjusting IAM roles/policies), a common and legitimate administrative task, when the model's cybersecurity safeguard triggered and halted the entire request. This appears to be a false positive matching generic IAM terminology to offensive security patterns rather than evaluating actual intent or context. Blocking routine cloud administration work disrupts legitimate operational tasks and forces users into an exemption process for everyday configuration work.

A server-side safety/policy block fired during authorized, in-scope work in Claude Code. Filing as a false positive. Recurred across 1 session(s); first seen 2026-07-07T06:50:06.488Z.

Request IDs (lookup-able server-side)

  • req_011CcnFb4zKb4mLSs2aPbUhT (2026-07-07T06:50:06.488Z)

In-scope justification

False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.

Block message

API Error: Sonnet 5's safeguards flagged this message for a cybersecurity topic. If your work requires this access, you can apply for an exemption: https://claude.com/form/cyber-use-case?token=[SCRUBBED]

Try rephrasing the request in a new session or change your model.

Learn more: https://support.claude.com/en/articles/8106465

Request ID: req_011Ccn3fyJzr74vV5BBGw6tv

Environment: Claude Code, Linux. · Work domain: cloud-iam

Related reports (same work session, linked)

Distinct false-positive blocks from the same work session, each its own report:
#75119

---
<sub>🔎 Filed automatically by ClAudit v2.0.104 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗