[Bug] Fable 5 security classifier incorrectly flags legitimate CSRF/HMAC-protected code as threat

Open 💬 0 comments Opened Jun 9, 2026 by zn200

Bug Description
Fable 5 flagged my personal AI voice assistant project (ARIA) as a cybersecurity threat and fell back to Opus 4.8. The codebase has security features like CSRF tokens, HMAC signing, and a bash sandbox but it's a legitimate open-source personal assistant. This is a false positive — the classifier is too broad for normal software development work.

Environment Info

  • Platform: linux
  • Terminal: xterm-256color
  • Version: 2.1.170
  • Feedback ID: eaaff1b6-8cdc-4b0e-8f09-991ac81fee84

Errors

[]

View original on GitHub ↗