Claude Opus 4.7 has turned into an overzealous query cop, devs complain

Anthropic's release last week of Opus 4.7 came with stronger safeguards to prevent misuse. Unfortunately, these safeguards have also managed to thwart legitimate use.

Opus 4.7 arrived on the heels of Anthropic's announcement of Mythos, a model supposedly too capable of vulnerability discovery and exploitation to give to the public. While that appears to be a self-serving assessment of the model's risk, the company decided to use Opus 4.7 as a test bed for hypervigilant guardrails.

"We are releasing Opus 4.7 with safeguards that automatically detect and block requests that indicate prohibited or high-risk cybersecurity uses," the AI biz said. "What we learn from the real-world deployment of these safeguards will help us work towards our eventual goal of a broad release of Mythos-class models."

Anthropic could learn a lot by poring over the complaints in its GitHub repo for Claude Code. Objections to the company's Acceptable Use Policy (AUP) classifier have surged and customers are having trouble getting legitimate work done.

With greater security, come more false positives – Claude has become overcautious, refusing to respond to harmless requests. A Claude-compiled graph of complaints about AUP refusals tells the story:

Graph of Claude issues concerned about model refusals - Click to enlarge

Claude Code users have raised concerns about invalid refusals in GitHub issues posts for months, but until recently, the rate has been fairly consistent.

There were about two or three complaints of this sort per month from July 2025 through September 2025. One such issue was #4373, "Memory authorization code from claude.ai triggers API policy error."

From October 2025 through November 2025, AUP-related refusals rose to around five to seven per month, with issues like #8784, " Claude 4.5 Throws API Error: Claude Code is unable to respond to this request for normal requests randomly."

In December, there were only a few relevant complaints, possibly due to the US holiday slowdown.

In January, the number of complaints was back to around eight. The developer submitting #16129, "Repeated False AUP Violations in Claude Code," said, "Technical software development conversations should not trigger AUP violations. The safety filter appears overly aggressive on benign content." The numbers were similar in February and March.

Then the dam broke in April.

In April, devs have filed more than 30 reports of claimed false positives related to security, general development use, and science refusals.

These include:

Issue #48442, "Persistent AUP false positives — 40+ per 4 sessions, across unrelated projects (psychology book, web app, infra, bot)," deals with Claude's refusal to process various Russian prompts.
Issue #49751, "Opus 4.7 flags standard computational structural biology as Usage Policy violation, regression from 4.6," which describes computational structural biology tasks being flagged.
Issue #50916, "Usage Policy Issues," from Golden G Richard III, director of the LSU Cyber Center and Applied Cybersecurity Lab, discusses how Claude refused to read his cybersecurity lab. He wrote, "I expect that for $200+ per month, basic help with editing tasks will not be rejected. This is a lab associated with my textbook, Cybersecurity in Context, and while I am abundantly aware of the potential malicious use cases of AI models for cyber attacks, et al, the model refusing to proofread a lab containing simple crypto exercises is absurd. If the models are going to be hamstrung to the point where cybersecurity educators and researchers (I'm both) can't use them, how is this positively impacting security?"
Issue #48723, "Constant AUP violation errors when Claude Code reads raw data files (example included)," describes how Claude throws an AUP error when asked to read a PDF of a Hasbro Shrek toy ad. The developer who posted the issue subsequently identified specific PDF content stream syntax in the file that caused Claude to refuse further work. It translates to "CHARACTER OR FOR DONKEY UNDERNEATH."
Then there's issue #49679, "Cyber Use Case Exemption Granted and works with Claude Chat but still keep getting FPs from safety system when using Claude Code API access. Approved Cyber Use Case Exemption not fully propagating to API in Claude Code using Opus." It describes how the special exemption that Anthropic has set up to allow security researchers access to bypass security guardrails doesn't work on the API.

And there are many other recent examples of dubious refusals, including: #50795, #51352, #51794, #52086, #50494, #49904, #46147, and #51248.

Some of the uptick presumably can be attributed to a growing user base. With more Claude customers, there are more people reporting problems. But there are also clearly a lot of Claude users being shut down by an overaggressive AUP classifier.

Given how the leaked Claude Code source uses regex patterns for sentiment analysis, it may be that the AUP classifier takes a similar shortcut by just checking for forbidden words without considering the context.

Anthropic did not respond to a request for comment. ®