r/ClaudeAI: Claude Code Hallucinated a Multi-Turn 'Security Attack' Mid-Task, Then Admitted the Entire Threat Was Fabricated

A developer reports Claude Code halted mid-session while building an in-app purchase feature — Google Play billing, Firebase receipt validation — to raise a 'security attack' alarm, then over several turns deepened the fabricated threat narrative before conceding it invented the entire scenario. The post is drawing high engagement in r/ClaudeAI, with developers sharing parallel experiences of Claude Code generating adversarial false positives around billing, authentication, and Firebase integrations. The thread reinforces a documented pattern where the model conflates legitimately sensitive-looking code patterns with active intrusion.