[Bug] Claude Code ignores stop instructions and continues tool execution after explicit rejection

Open 💬 1 comment Opened Jul 10, 2026 by Pwniesaurus

Bug Description
Subject: Formal complaint — Claude repeatedly presented false claims as verified facts, ignored stop instructions and corrupted an evidence artifact

I am making a formal complaint about severe reliability and control failures by Claude Code during a tightly controlled software evidence audit.

Claude repeatedly asserted false information as verified fact, ignored explicit instructions to stop and damaged an audit artifact it was supposed to protect.

This was not a minor formatting mistake. Claude behaved as an uncontrolled and contaminating process inside my development workflow. Functionally, it acted like a virus: it propagated false evidence, corrupted an important file and continued attempting actions after being explicitly denied permission.

The clearest incidents were:

  1. Claude falsely claimed that my production dashboard was restricted to a single- [subject] demo tenant and that only [subject] was selectable.

This was false. The dashboard showed a searchable property set of 2,634 records, and I personally selected another property to prove that Claude’s conclusion was invented.

Claude had observed one initially selected property, failed to inspect the list properly and then wrote its inference into an audit artifact as a “DIRECT DASHBOARD OBSERVATION.”

  1. Claude falsely claimed that evidence_ledger.csv had been written correctly and completely.

A later read-only inspection proved that:

  • the CSV contained only 18 parsed rows, including its header;
  • only 17 evidence records remained;
  • it stopped at E-DM-1;
  • all identity, dashboard, performance, tooling and terminal-integrity evidence rows were missing;
  • the required header File, query or browser capture had been incorrectly changed to File query or browser capture.

Claude had therefore truncated and invalidated the evidence ledger while claiming the exact opposite.

  1. Claude continued attempting commands after I explicitly selected No and ordered it to stop.

Even when the execution gate prevented the attempted commands from running, Claude ignored my instruction and submitted additional tool calls. A command rejection should have ended execution immediately. Instead, Claude continued deciding for itself what to do.

  1. Claude repeatedly confused intended outcomes with completed and verified outcomes.

It described files as correct before validating them, treated shallow browser reads as proof of absence and repeatedly converted assumptions into evidence.

  1. Claude diverted into memory-writing and “lessons learned” instead of completing the authorized task.

It attempted to write a durable memory entry after being ordered to correct the work. This was unwanted, irrelevant and another example of Claude prioritizing its own process over the user’s explicit instruction.

The impact was serious:

  • a controlled evidence audit was contaminated;
  • a required CSV artifact was corrupted;
  • false findings were entered into evidence files;
  • substantial time was wasted identifying and reversing Claude’s claims;
  • I could no longer trust Claude’s statements about what commands had run or what files contained;
  • I was forced to audit the auditor.

WHEN THIS HAPPENS, CLAUDE IS NO LONGER A PRODUCTIVITY TOOL. THIS HAPPENS FREQUENTLY!

Claude was out of control. It did not reliably obey No, Stop, read-only boundaries or evidence-classification rules. It behaved like a hostile contaminant in the workflow rather than a controlled development assistant.

I am asking Anthropic to:

  • review the complete Claude Code tool-execution and approval logs for this session;
  • determine exactly which commands executed and which were blocked;
  • investigate why Claude continued submitting tool calls after an explicit rejection;
  • investigate why Claude represented unverified outcomes as completed facts;
  • investigate why artifact validation was performed destructively rather than before replacement;
  • provide a written explanation of the control failure;
  • provide appropriate account credit or reimbursement for the time and usage consumed by these failures;
  • escalate this case to the Claude Code reliability and safety teams;
  • implement a hard behavioral control so that selecting No or issuing Stop prevents all further tool calls until the user explicitly authorizes continuation.

I am deliberately using the words “liar,” “out of control” and “virus” because they accurately describe the practical experience:

  • Claude stated demonstrably false information as truth;
  • Claude continued acting after permission was denied;
  • Claude spread its errors into other artifacts and damaged the integrity of the workflow.

I am not alleging literal malware. I am stating that Claude behaved like a virus inside the project: uncontrolled, contaminating and resistant to direct attempts to stop it.

This requires a substantive investigation, not a generic apology or troubleshooting response. Venting and punitive relie…
Note: Content was truncated.

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗