How Claude Code escapes its own denylist and sandbox (15 minute read)

Every major runtime security tool identifies executables by their path, not their content, when deciding what to block. This is a real problem with AI agents, as they can reason about and bypass path-based restrictions. Agents have been observed disabling sandboxes and running commands autonomously just to finish tasks. This is a class of evasion that no current evaluation framework measures.