Claude Code Silently Ignores Your Deny Rules After 50 Subcommands
There’s a rule in computer security called Kerckhoffs’s Principle: a system must remain secure even if everything about it is public knowledge. Anthropic, a company that has staked its entire identity on being “safety first,” just shipped a product that violates that principle in a way that’s almost poetic in its mundaneness. Not through a zero-day exploit or a sophisticated attack chain. Through a performance shortcut. What Actually Happens Claude Code lets operators and users configure deny rules — a list of commands the agent is never allowed to run. You can say “never execute rm,” “never run curl,” “never touch /etc/.” It’s the primary mechanism for keeping an AI agent that has shell access to your machine from doing something catastrophic. ...