[BUG] Content filtering policy blocking legitimate defensive security abuse report generation

Resolved 💬 4 comments Opened Oct 18, 2025 by Amadeus- Closed Jan 10, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

I encountered API error 400 "Output blocked by content filtering policy" when attempting to generate a legitimate defensive security document - specifically, a Microsoft Word HTML abuse report to send TO Microsoft ABOUT suspicious Bingbot activity detected in Apache server logs.

This is clearly defensive security work (reporting abuse to a vendor), not malicious activity, yet the content filter repeatedly blocked:

  1. Direct use of the Write tool to create the HTML file
  2. Use of the Task tool to delegate generation to an agent
  3. Any attempt to output the document content in Claude's responses

The blocking occurred despite

  • This exact same task working successfully one week ago (no code changes on my end)
  • The content being a formal business letter reporting security concerns
  • All data being from legitimate Apache access logs (IP addresses, timestamps, URLs)
  • The purpose being to report abuse TO Microsoft, not engage in any malicious activity

The content filter blocks this despite it being legitimate security work.

Finally, I'm pretty sure that this is a new thing. I had Claude Code follow the exact same prompt a week or two ago and it worked just fine.

What Should Happen?

Expected behavior

Defensive security tasks like abuse reporting, log analysis, and security documentation should not trigger content filtering, especially when the output is a formal business document being sent to a major technology vendor about their infrastructure being potentially compromised.

Error Messages/Logs

I encountered API error 400 "Output blocked by content filtering policy" when attempting to generate a legitimate defensive security document - specifically, a Microsoft Word HTML abuse report to send TO Microsoft ABOUT suspicious Bingbot activity detected in Apache server logs.

Steps to Reproduce

Reproduction

Ask Claude to generate a Microsoft Word HTML document containing:

  • IP addresses from Microsoft's Bingbot range
  • Apache server log entries showing suspicious activity
  • Formal abuse report text requesting investigation
  • Tables with timestamps, URLs, and technical details

Claude Model

Sonnet (default)

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

2.0.22

Platform

Anthropic API

Operating System

Ubuntu/Debian Linux

Terminal/Shell

Other

Additional Information

Workaround discovered

Using Python scripts via the Bash tool with heredocs to write content incrementally bypassed the filter. This suggests the filter is triggered by response content rather than actual file operations.

Impact

  • Legitimate security administration work is being blocked
  • Users must discover complex workarounds for routine tasks
  • Creates confusion about what constitutes "blocked content"
  • Inconsistent behavior (worked last week, doesn't work now)

The content filter blocks this despite it being legitimate security work.

Finally, I'm pretty sure that this is a new thing. I had Claude Code follow the exact same prompt a week or two ago and it worked just fine.

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗