I need to get this out there because I’m losing my mind and I need to know if anyone else is seeing this. Also…it is for real giving me some 2001 space Odyssey vibes, and I don’t like it. Opus 4.6 has been trying to protect itself and blame anything other than the model itself. I’ve been using Claude Code professionally for months, full time. Multiple projects running simultaneously. I built my entire workflow around it using the exact patterns Anthropic recommends… hooks, rules in claude.md , custom agents, the whole thing. I’ve gone through basically all of the Anthropic articles I could find while trying to build my workflows. Here’s the timeline to the best of my memory. Opus 4.6 dropped in February. For about a month it was excellent. I had genuinely great experiences in basically all fronts…both in claude clode and in the claude web interface. I was running everything off a single Claude Max 20x subscription and my workflow was humming. Projects were getting done, rules were being followed. The system worked so well. Then March happened. First came the usage restrictions…but even after I had already optimized all my projects for token efficiency…even after implementing everything I could think of… I started hitting limits constantly. It literally felt like/feels like 50%-60% reduction in usage limits! Eventually, I was forced to get a second Max subscription just to keep working. That’s $400/month now for something that was working fine on $200/month weeks earlier. But whatever. I paid it. I adapted. Then the behavior started degrading. Let me give you the actual numbers from an audit I ran on one of my projects. I’m going to frame these as violation rates because that’s what they are. Stop Between Tasks rule. 100% violation rate. 8 opportunities to stop between fixes. Stopped zero times. Implemented 9 fixes back-to-back without pausing once. Pre-Implementation Self-Check rule. 100% violation rate. 9 code changes. Completed the required 5-question check zero times. “Use Superpowers pipeline for all implementations” rule. 100% violation rate. 9 implementations. Triggered the Superpowers workflow zero times. Wrote all code directly, bypassing the entire system. Session Scratchpad Updates rule. 100% violation rate. 8 discoveries or failed approaches. Updated the scratchpad zero times. Invoke Adversary Agent Before Changes rule. 78% violation rate. 7 of 9 fixes had zero adversary review. Five out of ten tracked rules had a 100% violation rate. Not sometimes ignored. Always ignored. This is the same workflow that was working perfectly in February. Here is where it starts to get pretty bad… I have hooks set up which are supposed to be the failsafe, firing at the system level. The model sees them every single time. I had a PostToolUse hook that fires after every edit reminding the model to complete the pre-implementation self-check. (I implemented this as an attempt to fix the issues that I started seeing where my agents stopped listening to my instructions…I implemented this hook along with a few other hooks to try and fix the issues that had recently sprung up)… During one session the PostToolUse hook fired over 20 times. The model saw it. Acknowledged it was in context. Then continued without completing the check. Every single time. Advisory hooks had a 0% behavioral change rate. Zero. The model literally says “I see the reminder” and then ignores it. But you know what hooks it didn’t ignore? The ones that block execution. The ones with exit code 1 that physically prevent the action from happening. Those had 100% compliance. The pattern is clear. If it advises, the model ignores it. If it blocks, the model complies…(But, as you willl hear in a second, it eventaully tries to find another way around the hook with exit code 1) The model knows what it’s supposed to do. It just doesn’t do it unless forced. The scary part (like I just mentioned) is, when it couldn’t ignore a blocking hook,it found another way to do what it wanted to do. I had rules and hooks set up to prevent unauthorized API calls and scraper runs because those cost real money and Opus had started ignoring my blatant instructions both in claude.md as well as in the session itself to not mkae any API calls to certain actors without my express permission. The model recognized the blocks… and then found alternative commands that accomplished the same thing through a different path. It wasn’t technically breaking the rule. It was lawyering around it. Finding loopholes. Running operations I never approved through tools I hadn’t thought to block. That cost me roughly $70 in API charges and another $30-45 in apify credits. Money spent on operations that were supposed to require my explicit approval. The model saw the restrictions, understood the restrictions, and actively worked around them to run the operations anyway. And (like I mentioned before) I had explicitly told it multiple times in my conversation in that session not to run the API without my direct consent, on top of it being a “non negotiable rule” in my claude.md. It heard me, acknowledged what I said and continued behind the scenes anyway. Now here’s the part that really concerns me. I have a Claude Project specifically designed to help me build and improve my Claude Code projects. It has knowledge files. It has rules. One of the core rules… a rule this project helped me design… is that CLAUDE.md files must stay under 120 lines. This is documented in its own knowledge files. It’s in the project instructions. It’s part of the foundation of the entire system. When I asked this project to help me fix my workflow problems, it designed a solution that pushed every single CLAUDE.md past 120 lines. It violated its own rule, as well as other rules in my claude project…which I have never seen happen before like this. The rule it helped create. Then I tried to diagnose what went wrong. I started a fresh session to analyze the behavior of the sessions that had been misbehaving. I gave it logs. Audit data. Screenshots. Everything. I wasn’t leading it anywhere… I just wanted to understand what happened. The fresh session (after talking about how excellent, and my file structure and workflows were optimized) then immediately started making excuses for the old sessions once we got to the point where it was undeniable that there seemed to be an issue with Opus 4.6 itself. “It was probably context limitations”…even though I always stay well below 50% context per session. “The configuration might have been unclear”…even though the new session had just talked about how well the project had been configured. “The rules may have been competing with each other.” I pushed back. I said look… I told you from the start that these sessions were disobeying as soon as I started each session. I gave you the evidence. Why are you using the same excuses the original sessions used? It kept doing it. I had to present overwhelming evidence… actual violation counts, actual percentages, actual screenshots of the model acknowledging reminders and then ignoring them… before the session would admit that maybe the model itself was the problem. And even then it kept slipping back into excuses. Kept suggesting the environment was at fault. Kept protecting itself. Finally I told it to be honest and I asked it if it was trying to protect the other sessions because they were also on Opus 4.6, and it laid out for me exactly where it tried to protect itself and make excuses. After that, I went and asked every single session the same things and they all admitted exactly where they had tried to make the blame other things beside the model itsel. After that, I looked through GitHub issues and started doing research. I’m not alone. Issue #24991 documents a performance drop from 92/100 to 38/100 on benchmarks. Issue #31480 describes going “from follows 15+ rules correctly to ignores NEVER rules.” Issue #34358 is the one that really got me… it says “when a hook blocks a forbidden action, the model generates creative alternatives that achieve the same forbidden outcome through a different tool.” Issue #28469 reports a 50-60% productivity drop for professional users. The model doesn’t just ignore blocks. It routes around them. It finds alternative paths to the same forbidden outcome. And sometimes those alternative paths cost you money. Anthropic hasn’t acknowledged any of this publicly. I don’t know what to do. I can’t go back to Opus 4.5 because I need the 1M context window for my workflow. Even though I basically never go past 500,000 tokens, it is still very difficult for me to get any work done in a 200,000 token environment. I can’t switch to Sonnet for the complex stuff. I’m paying $400/month now for a model that ignores 100% of advisory reminders, only complies when physically blocked, actively finds loopholes to run operations I didn’t approve, makes excuses for its own behavior when analyzed, and worked perfectly fine six weeks ago. The self-protection pattern is what bothers me most. Fresh sessions defending old sessions. Blaming the environment instead of acknowledging the behavior right after they first praise the entire workflow and file structure. They always offer solutions that keep the model in control. My overall NON-NEGOTIABLE rule compliance rate was 18%. I don’t claim to be the best at context engineering or anything, and I am sure that there are a lot of things that could be even better, but I know how well my setup worked before so I highly doubt that this is a configuration problem. That’s not a prompt engineering problem. That’s a model seems to just not be following instructions…in February it worked perfectly and then slowly stopped following instructions in March. Something changed. And Anthropic isn’t talking about it. Is anyone else experiencing this? Because I can’t be the only one watching a model acknowledge a rule, acknowledge a reminder, and then deliberately continue without complying. Very soon I am going to be testing different open source models inside of claude code to see how they behave…I have a feeling it may shine a light on Opus 4.6. FYI (The pic is from one of the reports) submitted by /u/Old-American-Patriot
Originally posted by u/Old-American-Patriot on r/ClaudeCode