Security researchers say Claude Code now flags legit exploit-dev tasks as ‘violative cyber content’

Security researchers have started running into major problems with Claude Code. People working on exploit development and vulnerability analysis report that the tool has suddenly begun blocking tasks that worked fine just days ago. They see an error message stating that the request triggered restrictions on violative cyber content and was blocked under Anthropic’s usage policy.

Tim Becker highlighted the issue on X. He tried resuming several exploit development sessions only to hit the same error every time. Reports from others in the security community followed soon after.

The blocks are especially frustrating because they do not only affect obviously risky prompts. If there is any prior context in the conversation that Claude considers violative, even a simple follow-up message can get rejected. Researchers then have to begin the entire session from scratch. One person working in the field described the experience as “absolutely obnoxious.”

Anthropic acknowledges this on their safeguards help page. The company is rolling out new cyber protections for Claude. Some legitimate defensive security work and vulnerability research may end up getting flagged as a result. They offer a Cyber Use Case Form for people to request an exemption. However, it remains unclear how long the approval process actually takes.

Tim Becker made a straightforward point about the situation. Real threat actors rely on self-hosted models anyway. No sophisticated attacker would waste a zero-day exploit by querying Anthropic’s public API to generate it. The researchers hitting these blocks are generally the ones focused on defending systems rather than attacking them.

In a related issue, developer Theo posted on X that Claude Code now errors out when asked to analyze its own source code. He stressed that this was not a joke.

A GitHub issue filed on April 5 highlights the same issue. At least one user noted that Claude Code agents fail when they encounter security-related content within the codebase.

We have reported on Claude Code’s growing pains in the past here at PiunikaWeb. This latest development follows the same pattern of Anthropic pushing out safeguards before fully addressing all the edge cases that arise.

Right now, anyone doing legitimate security research and facing these blocks has only one official option. They must submit Anthropic’s exemption form, which isn’t really ideal.

We stand out from the tech-media crowd because we break news stories; we mainly bring you stuff that you won’t find anywhere in the mainstream tech media. Our stories have been picked up by some of the world’s most popular websites and media outlets—more info is available here.