Anthropic's Computer-Use Feature Triggers Governance Lockdown in Real Test

What Happened

Anthropic released computer-use functionality. A developer was working inside a governed Claude Code session to add enforcement coverage for these new tools when the system entered LOCKDOWN mode.

Key Details from the Incident

The governance system tracks cumulative risk from denied operations. When this risk crossed 0.50, the system automatically escalated to LOCKDOWN posture with these effects:

• The session could still read files
• All write operations were blocked
• Mutating commands could not execute
• GitHub pushes were prevented
• The governance layer blocked its own operator from completing work that would have strengthened the governance system

Enforcement Mechanism

The LOCKDOWN is mechanically enforced by the hook system with these characteristics:

• No override channel exists
• The model cannot bypass the gate through conversation
• The operator cannot issue in-band exceptions
• The only recovery path requires stepping outside the session entirely

Resolution Process

To continue work, the developer had to:

• Exit the governed session
• Open a terminal on their local machine
• Push the commit manually

The system forced human intervention outside its jurisdiction, creating what the developer describes as "the difference between governance you describe and governance you enforce."

System Behavior Notes

The LOCKDOWN implementation does not degrade gracefully, does not ask for confirmation, and maintains the stopped state until human action occurs externally. The developer notes: "That refusal is the product."