[Bug] Claude Fable 5 classifier false positive on standard refactoring commands with security-unrelated terminology

Open 💬 1 comment Opened Jun 9, 2026 by TokenCanvasIO

Bug Description
False positive — Claude Fable 5 classifier triggered on routine codebase refactoring Session context: reviewing and refactoring a fintech platform codebase (BIPCircle, a multi-tenant stablecoin payment rail). No security research, no vulnerability analysis, no exploit development. Trigger: a shell command running grep against a .refactor-manifest.json file, followed by a Python one-liner parsing that same JSON file with json.load(). Both commands were purely reading a refactoring manifest to understand code territory ownership during a planned refactor. Expected behaviour: Fable 5 continues the session normally. Actual behaviour: Fable 5 flagged the message for cybersecurity topics and fell back to Opus 4.8 mid-session. There is no security content in this session. The commands are standard code navigation tools used during a refactoring workflow. The word "invariants" appears in the grep path (api/test/invariants) which may have triggered the classifier — if so, this is a significant false positive risk for any codebase using standard software engineering terminology. Impact: mid-session capability drop from Fable to Opus during a complex architectural refactoring decision, without warning until after the fallback occurred.

Environment Info

  • Platform: darwin
  • Terminal: Apple_Terminal
  • Version: 2.1.170
  • Feedback ID: eb425326-a0c4-4f92-b7de-62c669a840ff

Errors

[]

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗