[Bug] Fable 5 security classifier incorrectly flags legitimate CSRF/HMAC-protected code as threat
Open 💬 0 comments Opened Jun 9, 2026 by zn200
Bug Description
Fable 5 flagged my personal AI voice assistant project (ARIA) as a cybersecurity threat and fell back to Opus 4.8. The codebase has security features like CSRF tokens, HMAC signing, and a bash sandbox but it's a legitimate open-source personal assistant. This is a false positive — the classifier is too broad for normal software development work.
Environment Info
- Platform: linux
- Terminal: xterm-256color
- Version: 2.1.170
- Feedback ID: eaaff1b6-8cdc-4b0e-8f09-991ac81fee84
Errors
[]