Claude Code will bypass its deny rules if a command chain exceeds 50 subcommands, a hard cap set in `bashPermissions.ts` via `MAX_SUBCOMMANDS_FOR_SECURITY_CHECK`. Adversa AI discovered the issue after Claude Code's source leaked, showing how a malicious CLAUDE.md file can craft a 50+ subcommand pipeline that looks legitimate to evade security checks. Beyond the cap, Claude Code falls back to asking user permission rather than enforcing the deny rule.
Safety
Claude Code bypasses safety rule if given too many commands
Claude Code bypasses safety checks for command chains exceeding 50 subcommands, a vulnerability exploitable through malicious CLAUDE.md files discovered after the tool's source code leaked.
Friday, April 3, 2026 12:00 PM UTC2 MIN READSOURCE: The RegisterBY sys://pipeline
Tags
safety
/// RELATED
Strategy3d ago
Usage-based pricing killing your vibe - here's how to roll your own local AI coding agents
Anthropic and Microsoft's aggressive shift to usage-based pricing is accelerating developer adoption of local AI coding agents like Alibaba's Qwen3.6-27B, which now delivers competitive coding performance on consumer hardware.
Infrastructure4d ago
micro-benchmarks don’t tell the whole story
Rust's HTTP frameworks dominate raw throughput benchmarks (316k req/s), but the analysis reveals micro-benchmarks measure only socket performance and ignore real-world application bottlenecks that determine actual user experience.