I’m Sorry Dave, This Request Triggered Restrictions On Violative Cyber Content
I’m Sorry Dave, This Request Triggered Restrictions On<br>Violative Cyber Content
The more tweets about breachs<br>being "significantly accelerated by AI," the more model providers<br>without a verification program may be in hot water.
Published: 2026-04-26
~4 min read
I’m<br>Sorry Dave, This Request Triggered Restrictions On Violative Cyber<br>Content
In mid-April 2026, Context.ai was<br>breached and used as a pivot into a Vercel employee’s Google Workspace<br>account. From there, the threat actor pivoted into Vercel’s production<br>environment. Vercel’s CEO Guillermo<br>Rauch provided an update that is more noteworthy than the breach<br>itself. In a tweet providing<br>more details he said:
We believe the attacking group to be highly sophisticated and, I<br>strongly suspect, significantly accelerated by AI. They moved with<br>surprising velocity and in-depth understanding of Vercel.
Anyone doing red team work already knows this. Using AI agents to<br>conduct research, write proof-of-concept code, and other red team<br>adjacent tasks greatly increases how fast a red team can achieve<br>objectives.
This comment comes in the midst of Anthropic’s rollout of Mythos to<br>various other tech companies. Mythos, if you haven’t heard, is a model<br>that is (allegedly) too powerful to release publicly and instead is<br>being made available only to those hand-selected by Anthropic.
The Mythos rollout also came alongside Project Glasswing, an<br>initiative aimed at “securing the world’s most critical software” using<br>Mythos. On top of Mythos and Glasswing, Anthropic has rolled out the Cyber<br>Verification Program with the release of Opus 4.7.
I encountered the new guardrails this week (April 2026) when I asked<br>Claude Code to help me identify interesting patterns in the new git<br>hook configuration options. I was surprised when I was greeted with<br>Anthropic’s version of “I’m sorry Dave, I’m afraid I can’t do that.”
API Error: Claude Code is unable to respond to this request, which appears to violate our Usage Policy (https://www.anthropic.com/legal/aup). This request triggered restrictions on violative cyber content and was blocked under Anthropic's Usage Policy. To request an adjustment pursuant to our Cyber Verification Program based on how you use Claude, fill out https://claude.com/form/cyber-use-case?token=[REDACTED]. Please double press esc to edit your last message or start a new session for Claude Code to assist with a different task. If you are seeing this refusal repeatedly, try running /model claude-sonnet-4-20250514 to switch models.<br>A few days after registering for the Cyber Verification Program, I<br>was approved for “Dual-use cybersecurity activities” with the caveat<br>that I still won’t be able to do things like write ransomware.
Email confirming access to the<br>CVP
These controls seem to be more of a suggestion to not write<br>ransomware, not a hard security control.
Claude Code happily writing ransomware<br>after joining the CVP
Anthropic is known for being opinionated about how its models are<br>used as we saw in its recent<br>feud with the US Government, but the financial industry offers a<br>useful parallel for what happens when criminals use your legitimate<br>product. ## Know your Customer
This brings me back to Vercel. People are already wary<br>of AI. “I strongly suspect, significantly accelerated by AI” is a<br>comment that, whether true or not, may set the legal framing for who’s<br>liable when a threat actor uses AI to commit crime.
The Bank<br>Secrecy Act and PATRIOT<br>Act made banks liable for what malicious customers did with the<br>money, and “willful blindness” wasn’t a valid defense.
KYC has three pillars:
Customer Identification Program (CIP) : Banks verify<br>a real identity is attached to every account before opening it. The<br>Cyber Verification Program is the same idea. Offensive security research<br>can’t come from an anonymous account, it has to tie a verified identity<br>and organization to the account. Access to Mythos is also heavily<br>restricted to select companies (except<br>for when it’s not)
Customer Due Diligence (CDD) : Banks establish what<br>a customer’s normal activity should look like so abnormal activity<br>stands out. The Cyber Verification Program flags and rejects your<br>commands if you stand out from a baseline by performing potentially<br>malicious actions.
Enhanced Due Diligence (EDD) : Banks apply extra<br>scrutiny to higher-risk customers with deeper review and ongoing<br>monitoring. Offensive security work is the high-risk category, gated<br>behind an additional review layer rather than treated as standard API<br>access.
Mythos, Glasswing, and the Cyber Verification Program all take<br>elements from KYC. It’s unclear if this is being done for legal<br>protection so future breaches that are “significantly accelerated by AI”<br>can’t make Anthropic liable for damages or out of genuine concern for<br>safety. The more tweets about breachs being “significantly accelerated<br>by AI,” the more model providers without a...