The open-source guide to bypassing AI customer service bots and talking to a real person.
Stop waiting. Start talking.
Tired of pressing 1, then 3, then 0, then 0 again — just to hear "I'm sorry, I didn't understand that" for the fifth time?
You're not alone. 53% of consumers dislike AI customer service, and 75% actively try to circumvent automated systems. This guide gives you the exact shortcuts, legal rights, and escalation strategies to reach a real human at any company — worldwide.
Pick your company, use the shortcut:
| Company | Phone Shortcut | Chat Bypass | Avg. Wait |
|---|---|---|---|
| Apple | 1-800-275-2273 → say product name | Apple Support App → callback | ~3 min |
| Amazon | App → "Something Else" → "I need more help" → "Request Call" | Type "representative" 3x | ~1 min |
| PayPal | 1-888-221-1161 → "no passcode" → press 0 | Type "talk to a human" | ~1 min |
| Need Google One ($1.99/mo) for human support | Admin Console (Workspace) | Varies | |
| Microsoft | support.microsoft.com/contactus → sign in | Request callback | ~10 min |
| Meta/FB | No phone support (free accounts) | Meta Verified ($11.99/mo) = chat | N/A |
| GitHub | No phone support | Tagged support URL | ~2 days |
| Twitter/X | No phone support | help.x.com/en/forms (Premium: DM @Support) | Days-weeks |
| Anthropic/Claude | No phone support | disclosure@anthropic.com (security) / dpo@anthropic.com (GDPR) |
Days-weeks |
Your company not listed? Check GetHuman.com for 10,000+ companies with exact IVR sequences. Or open a PR to add it here.
- The 5 Universal Bypass Techniques
- The 10-Step Escalation Ladder
- Your Legal Rights by Region
- Email Strategy: How to Get Past Any Bot
- Remove Sensitive Data from GitHub
- GitHub-Specific: Cache Invalidation & GDPR
- Anthropic/Claude — How to Reach a Human
- Useful Tools & Resources
- Contributing
- Origin Story
- License
These work across virtually all platforms — phone, chat, and email.
The single most effective phrase in customer service. Every company has churn-risk protocols that route cancellation requests to human retention specialists — real people with actual decision-making authority. They can waive fees, issue credits, and resolve complaints that frontline bots can't.
Works at: Amazon, PayPal, Telekom, Vodafone, Klarna, Netflix, Spotify, and virtually every subscription service.
High-risk keywords that most bot systems are explicitly programmed to escalate immediately. Bots aren't trained to handle formal complaints — so they pass you to a human. Combining these ("I want to file a formal complaint and speak to a supervisor") is even more effective.
In chat: Wait 10+ seconds before responding. This breaks the bot's conversational flow and often triggers a transfer to a human agent.
On phone: Say nothing through three IVR prompts. Accessibility regulations require human fallback for users who can't interact with automated menus. The system assumes you need help and connects you to an operator.
Alternative: Type random characters or unrelated words into chat — triggers the bot's fallback state, which routes to humans.
Sales departments are always human-staffed — they generate revenue, so companies never automate them. Call the sales/new-customer line, explain you're having difficulty reaching support, and ask for an internal transfer.
"Hi, I'm trying to reach your support team but I can't get through. Could you transfer me internally?"
Sales reps can bypass the queue entirely because they're already inside the system.
Post publicly — not as a direct message — tagging both the company's main account and their support handle. Reputation damage is visible and measurable. Companies monitor public mentions because one viral complaint costs more than a thousand support tickets.
Be specific, factual, and polite. Include your ticket number. If no response within 1 hour, escalate to LinkedIn by messaging a VP of Customer Experience directly.
When nothing works, escalate systematically. Each step increases pressure while building documentation.
| Step | Action | Pressure |
|---|---|---|
| 1 | Magic words in bot: "cancel", "complaint", "supervisor" | 🟢 Low |
| 2 | Try the mobile app (often has different/better support options) | 🟢 Low |
| 3 | Call the sales department → ask for internal transfer | 🟡 Medium |
| 4 | Use GetHuman.com for exact IVR sequences | 🟡 Medium |
| 5 | Public social media post with ticket number | 🟠 Medium-High |
| 6 | Executive email via elliott.org/company-contacts | 🔴 High |
| 7 | File regulatory complaint (see Your Legal Rights) | 🔴 High |
| 8 | Invoke GDPR Art. 22 / file with Data Protection Authority | 🔴 Very High |
| 9 | Formal demand letter with deadline | 🔴 Very High |
| 10 | Credit card chargeback / arbitration / small claims court | ⚫ Maximum |
Pro tip: Document everything at every step. Your paper trail is your leverage. Screenshots, ticket numbers, timestamps, names.
GDPR Article 22 — The Bot-Killer: You have the right not to be subject to decisions based solely on automated processing that significantly affect you. If a chatbot denies your refund, cancels your service, or rejects your claim — invoke Article 22 and demand human intervention.
EU AI Act (fully applicable August 2, 2026): Companies must disclose when you're interacting with AI. Fully AI-based customer service without human escalation will be prohibited in most cases. Penalties: up to €35 million or 7% of global turnover.
Where to complain:
| Country | Authority | Website |
|---|---|---|
| Germany (Bavaria) | BayLDA | lda.bayern.de |
| Germany (NRW) | LDI NRW | ldi.nrw.de |
| France | CNIL | cnil.fr |
| Netherlands | AP | autoriteitpersoonsgegevens.nl |
| Ireland | DPC | dataprotection.ie |
| All EU | EDPB directory | edpb.europa.eu |
Germany has some of the strongest consumer protections in the world:
| Authority | Covers | Contact |
|---|---|---|
| Verbraucherzentrale | General consumer disputes | verbraucherzentrale.de (€5-20/consultation) |
| BaFin | Banks, insurance, investment | 0800 2 100 500 (free!) |
| BNetzA | Telekom, Vodafone, O2 | bundesnetzagentur.de |
| Schlichtungsstellen | Out-of-court arbitration | Free, 80%+ success rate |
Impressumspflicht (§ 5 TMG/DDG): Every commercial website targeting Germany must provide real contact details. A contact form alone is legally insufficient.
TKG: Telecom providers must fix reported faults within 2 calendar days or pay €5-10/day compensation.
No federal right to human support, but powerful sector-specific tools:
| Agency | Covers | How to File |
|---|---|---|
| CFPB | Banks, credit cards, loans | consumerfinance.gov/complaint |
| FTC | Deceptive practices, scams | reportfraud.ftc.gov |
| FCC | Telecom, internet, phone | consumercomplaints.fcc.gov |
| State AG | Everything (varies by state) | Your state attorney general's website |
CCPA/CPRA (California): Right to deletion, right to know what data is collected. File complaints with the California Privacy Protection Agency (cppa.ca.gov).
Credit card chargebacks are your nuclear option — file within 60 days (law) or 120 days (Visa/Mastercard). Costs the merchant $20-100+ per dispute. Just threatening one often triggers immediate resolution.
UK GDPR + Data (Use and Access) Act 2025. File complaints with the ICO (ico.org.uk). New statutory duty for complaint handling effective June 2026.
Right to human review of automated decisions under Article 20. File with ANPD (gov.br/anpd). Consumer complaints via Procon (your state's office).
PIPEDA governs federal privacy. File with the OPC (priv.gc.ca). Provincial laws in Quebec (Law 25), Alberta (PIPA), and BC (PIPA) may also apply.
Privacy Act 1988 + Consumer Data Right. File with the OAIC (oaic.gov.au). ACCC handles consumer protection (accc.gov.au).
DPDP Act 2023 (rules notified November 2025, full implementation by May 2027). New Data Protection Board handles complaints. 90-day response window for erasure requests.
APPI (Act on Protection of Personal Information). File with the PPC (ppc.go.jp). Sector-specific ombudsmen for telecom and financial services.
POPIA includes explicit right to human review of automated decisions (Section 71). File with the Information Regulator (inforegulator.org.za).
PDPA governs data protection. File with the PDPC (pdpc.gov.sg).
PIPA (Personal Information Protection Act). File with PIPC (pipc.go.kr). Among the strictest data protection laws globally.
Every support email you send should be engineered to bypass automated triage:
Subject: FORMAL COMPLAINT — [Your specific issue] — HUMAN REVIEW REQUIRED
This email requires review by a human specialist. This matter cannot
be resolved by automated systems due to [reason: security issue /
legal complexity / GDPR request / financial dispute].
Reference Numbers: [All ticket IDs, case numbers, order numbers]
[2-3 sentences: What happened]
[1-2 sentences: What you want]
I request resolution within 14 days. If unresolved, I will escalate
to [relevant authority: BayLDA / CFPB / FCC / your state AG] and
invoke my rights under [GDPR Article 22 / CCPA / applicable law].
[Your full name, account info, location]
Key elements:
- "FORMAL COMPLAINT" + "HUMAN REVIEW REQUIRED" in subject
- Escalation trigger in the first sentence
- All reference numbers visible immediately
- CC a second address (privacy@, security@, dpo@)
- Specific deadline (14 days standard, 72 hours for security/GDPR)
- Named regulatory body as escalation threat
If sensitive data (passwords, API keys, personal documents) was committed to a Git repo, here's the complete cleanup process.
# Export your git log as evidence BEFORE cleanup
git log --all --stat > "$env:USERPROFILE\Desktop\git_evidence_$(Get-Date -Format 'yyyyMMdd').txt"# Install the tool
pip install git-filter-repo
# Remove specific files
git filter-repo --invert-paths --path path/to/sensitive-file --force
# Or replace patterns
git filter-repo --replace-text expressions.txt --forcegit push --force --all origin
git push --force --tags origin# Should return zero results
git log --all --diff-filter=A --name-only | grep -i "password\|secret\|key\|medical\|tax"GitHub caches old git objects for ~90 days. Even after force-push, old commits are accessible via their SHA hash. You must request cache invalidation from GitHub (next section).
Go directly to this URL — it routes to the Sensitive Data Removal team:
https://support.github.com/contact?legacy&tags=rr-remove-data
Community members report ~2 day turnaround through this path.
Include: Repository name, number of affected PRs, First Changed Commit hash, confirmation you've already run git-filter-repo + force-push.
For legal enforcement, file simultaneously:
| Contact | Purpose |
|---|---|
| privacy@github.com | GDPR Article 17 erasure request |
| dpo@github.com | CC the Data Protection Officer |
| github.com/contact/privacy | Web form alternative |
GitHub must respond within 30 days under GDPR Article 12(3). If they don't → file free complaint with your Data Protection Authority.
Anthropic (maker of Claude AI, Claude Code, and Cowork) routes all consumer support through "Fin", an Intercom-powered AI bot that is explicitly designed to close tickets quickly. Human specialist support is officially not available for most individual subscribers — including Pro and Max plans.
Anthropic is aware the system has gaps — they're actively hiring a "Support Operations Specialist, AI Agent Management" to improve Fin's handoff logic.
| Address | Human? | Purpose | Response Time |
|---|---|---|---|
support@anthropic.com |
🤖 No | General support — Fin AI bot | Minutes (template) |
support@mail.anthropic.com |
🤖 No | Same Fin bot pipeline | Minutes (template) |
disclosure@anthropic.com |
✅ Yes | Security team — Responsible Disclosure Policy | ~3 business days |
dpo@anthropic.com |
✅ Yes | Data Protection Officer — legally mandated under GDPR | ≤30 days (legal) |
privacy@anthropic.com |
✅ Yes | GDPR/CCPA data rights requests | ≤30 days (legal) |
usersafety@anthropic.com |
Safety reports — inconsistent response documented | Unpredictable | |
sales@anthropic.com |
✅ Likely | Commercial inquiries | Varies |
Bottom line: Skip support@ entirely for anything complex. Use disclosure@ for security issues or dpo@ for anything involving your personal data.
The Fin bot pattern-matches your email against known issue categories and sends the closest template. When it misclassifies, you get an irrelevant answer and no escalation path.
Real-world example (March 2026): A Max subscriber ($100/month) submitted a detailed security incident report about a Permission Resolver bug exposing personal data including children's records. Two separate tickets received identical template responses about login issues. The report was never read by a human. (Source: Origin Story)
What the bot does:
- Classifies your email by keyword matching
- Sends a template response for the closest category
- If you reply, it often creates a new ticket instead of escalating
- There is no "press 0 for human" equivalent
1. Go directly to disclosure@anthropic.com
This is the security team's inbox, listed on their Responsible Disclosure Policy. It's human-monitored and separate from the Fin pipeline.
2. File a GDPR request to dpo@anthropic.com
The Data Protection Officer inbox has a legally mandated 30-day response deadline (GDPR Art. 12(3)). DPO inboxes are staffed by legal/compliance teams, not the Fin bot.
3. Use technical language in subject lines Bot-defeating subject line format:
Subject: HUMAN REVIEW REQUIRED — [Technical term] — GDPR Art. [number] — Reference #[ID]
Specific identifiers (ticket numbers, CVE IDs, article citations) signal complexity that bots can't template-match.
4. CC multiple addresses
When emailing disclosure@, CC dpo@anthropic.com and usersafety@anthropic.com. Multiple entry points increase human review probability.
5. Invoke GDPR Art. 22 on bot responses If you receive a template response, reply citing Article 22 — your right not to be subject to decisions based solely on automated processing. This creates a legal obligation for human review.
6. LinkedIn direct message to security leadership Anthropic's Deputy CISO (Jason Clinton, @JasonDClinton) is active on LinkedIn and X, and engages with the security research community. A concise, professional message referencing your ticket number can trigger internal escalation.
Anthropic runs a Vulnerability Disclosure Program on HackerOne that pays $0 bounties for technical infrastructure vulnerabilities. A separate invite-only Model Safety Bug Bounty pays up to $35,000 but only covers universal jailbreaks.
For comparison:
| Company | Max Security Bounty | Program Type |
|---|---|---|
| OpenAI | $100,000 | Public |
| $250,000 | Public | |
| Microsoft | $30,000 (Copilot) | Public |
| Meta | $300,000 | Public |
| Anthropic | $0 (VDP) / $35K (invite-only) | Mixed |
Anthropic has an Irish entity (Anthropic Ireland Limited) making the Irish Data Protection Commission (DPC) their competent supervisory authority. EU residents can file GDPR complaints either with the Irish DPC directly or with their national DPA (which forwards through the one-stop-shop mechanism).
| Contact | Details |
|---|---|
| Irish DPC | dataprotection.ie |
| Anthropic DPO | dpo@anthropic.com |
| Anthropic Privacy | privacy@anthropic.com |
- Anthropic Help Center — How to get support — confirms no human specialist support for most accounts
- Anthropic Responsible Disclosure Policy — lists disclosure@anthropic.com
- Anthropic Privacy Policy — lists DPO contact
- Erik Meijer on X, March 2026 — public criticism of Fin bot
- Anthropic Job Posting — Support Operations Specialist — proves awareness of support gaps
- HackerOne — Anthropic VDP — $0 bounty program
- Trustpilot — Anthropic Reviews — documented support complaints
| Tool | What It Does | URL |
|---|---|---|
| GetHuman | IVR bypass sequences for 10,000+ companies | gethuman.com |
| Elliott.org | Executive contact database | elliott.org/company-contacts |
| Pine AI | AI agent that navigates phone trees for you | 19pine.ai |
| Have I Been Pwned | Check if your email was in a data breach | haveibeenpwned.com |
| git-filter-repo | GitHub-recommended tool for sensitive data removal | github.com/newren/git-filter-repo |
| BFG Repo-Cleaner | Fast git history rewriting | rtyley.github.io/bfg-repo-cleaner |
| VirusTotal | Scan files with 70+ antivirus engines | virustotal.com |
This guide gets better with every contribution. Here's how you can help:
🏢 Add a company: Know the fastest way to reach a human at a company? Open a PR or create an issue with: company name, phone shortcut, chat bypass phrase, and average wait time.
⚖️ Add a jurisdiction: Know your country's consumer protection framework? Add a section with: applicable law, enforcement body, complaint process, and template letter.
🐛 Fix something: Found outdated info? A phone number that changed? Let us know.
🌍 Translate: Help make this guide accessible in more languages.
Every PR that adds a company makes this guide more valuable for everyone. We especially need coverage for telecom providers, banks, and insurance companies in every country.
In March 2026, a verified bug in Claude Code's Permission Resolver caused my AI coding assistant to silently commit 1.16 million lines of personal data to GitHub — medical records, tax IDs, children's data, court documents. 49 commits over 4 days. Zero warnings. Zero permission prompts.
My local AI told me "everything looks fine" while the data was actively being uploaded. I discovered it only through instinct and manual investigation.
What followed was a crash course in:
- How to actually reach human support at GitHub and Anthropic (spoiler: it's hard)
- How to invoke GDPR rights to force data deletion
- How to navigate support bots that are designed to keep you away from humans
- How to escalate when the first five attempts fail
I wrote this guide so nobody else has to figure it out from scratch. The bot-bypass techniques, legal templates, and escalation strategies here are battle-tested — they come from a real incident where the stakes were GDPR Article 9 data (the highest severity classification) and court-deadline documents.
Related:
- GitHub Issue #34866 — The bug that started this
- HackerOne Report #3609218 — Security disclosure
- Schrödinger Sync — My other open-source project
This guide is published under CC BY 4.0. Share it, adapt it, translate it — just give credit.
Code snippets and scripts are under MIT License.
If this guide saved you time, give it a ⭐ Every star helps more people find it.
Created by @KeilerHirsch with research assistance from Claude (claude.ai) — because even AI should help you reach a human.