Fake Anthropic console org-admin spend-cap / API-key-rotation lure — "spend cap exceeded, verify and approve overage to avoid throttle" or "Anthropic API key found exposed on GitHub, rotate within 24 hours or usage suspended" targeting developer + ML-platform admins. Two narrative variants but shared phishing surface: console.anthropic.com lookalike harvests API keys + admin credentials, then attacker burns the key budget at high-end model rates ($10K-$100K rapid drain) or pivots to organization-level data (workbench prompts, fine-tune corpora). Distinct from R12 #4 consumer Claude.ai subscription-renewal phish — this signal is B2B-admin-scoped (org admin / API key / spend cap / exceeded vocabulary). Source: GC1 R7 multiagent council top-5 (S5 SaaS specialist).

Fake Anthropic console org-admin lure with two narrative variants but the same underlying credential-harvest surface. Variant (a): "Spend cap exceeded — verify and approve overage to avoid throttle." Variant (b): "Your Anthropic API key was found exposed on a public GitHub repository — rotate the key within 24 hours via console.anthropic.com or your usage will be suspended." Targets developer + ML-platform admins at organizations with Anthropic Claude API access. Post-compromise impact: (1) the rotated-or-exposed API key is harvested and used to drive high-end model usage at attacker scale ($10K-$100K+ rapid drain at Claude Opus rates before the org admin notices) until the billing-alert email is rotated to attacker-controlled address; (2) admin credential pivots to the full organization workbench — exfil of saved prompts, fine-tune corpora, and the org's Claude usage analytics; (3) for orgs with multiple admins or seat-managed users, the attacker provisions phantom seats to maintain access after the original key is rotated. Distinct from R12 #4 consumer Claude.ai subscription-renewal phish — that signal targets individual Pro subscribers with payment-failed framing; this signal is B2B-admin-scoped (org admin / API key / spend cap / exceeded vocabulary) and uses the `console.anthropic.com` admin surface as its lookalike target rather than `claude.ai`. Real Anthropic communications about API-key exposure or spend caps come exclusively from `anthropic.com` / `console.anthropic.com` / `support.anthropic.com` with DMARC-pass; org admins manage keys through the console UI directly, never via inbound email link. Fires when body references Anthropic / console.anthropic / API key / spend cap / usage limit / org admin / organization admin AND contains rotate / verify-and-approve / exceeded / exposed-on-github / github-leak / suspended urgency. Excludes anthropic.com, console.anthropic.com, support.anthropic.com, claude.ai, docs.anthropic.com. Auto-classified as danger via the `-spoof` suffix. Source: GC1 R7 multi-agent council top-5 (S5 SaaS specialist).