[Bug] Fable 5 safety classifier false-positives on authorized defensive security audits

Open 💬 3 comments Opened Jun 9, 2026 by behruznassre

Bug Description
Subject: Fable 5 cybersecurity safety classifier false-positives on authorized defensive security work

I was specifically excited to use Fable 5 to run a pre-ship security review on my own production codebase — that was one of my main reasons for trying it. I ran a normal multi-agent security scan of a repository I own and operate. Partway through, I got the "Fable 5's safety measures flagged this message for cybersecurity or biology topics… Switched to Opus 4.8" message.

The work was unambiguously defensive and authorized: auditing my own code, on my own machine, before shipping. This is exactly the workflow I want the model for, and it's squarely benign.

Concrete details (evidence this was legitimate, high-value defensive work):

  • Project: my own production app — multi-tenant ASP.NET Core 10 / C# 13 / MySQL 8.4 service serving three member organizations, deployed on my own VPS. I'm the sole owner/operator.
  • Task: pre-ship security audit, fanned out across 6 parallel read-only auditor agents (SQL/data-access, auth/session, secrets/logging, file/PDF pipeline, web/XSS, deploy/infra).
  • What it found, all real: 1 CRITICAL (a live credential I'd accidentally committed and pushed to GitHub), 2 HIGH cross-site-scripting sinks, plus ~21 medium/low infra-hardening items.
  • Outcome: I fixed the three urgent issues and shipped them to production the same session — rotated the leaked key (verified the old one now returns 403), deployed the XSS fixes to all three tenants, and the post-deploy security check passed 102/0. In other words, the model materially improved the security posture of a real production system.

The scan itself ran productively — the safety routing fired during obviously-defensive, value-positive work.

Two problems from my side as a user:

  1. False positive on clearly in-scope work. A pre-ship security review of your own code is core developer activity, not offensive security. The classifier appears to trip on the topic (cybersecurity) rather than the intent/authorization, so legitimate defensive work gets caught.
  2. Chilling effect / confusion. Because the switch looked like I'd been "flagged," my honest next question was "should I just not use this model in my normal dev workflow at all?" That's a bad outcome — the safety routing made me hesitate to use the product for a legitimate, high-value task. The model also initially mis-explained the switch to me as a capacity/fast-mode issue, which added confusion before I pasted the actual message.

Suggestions:

  • Distinguish authorized/defensive security work (auditing your own code, vuln fixing, pre-ship review, CTFs) from offensive/malicious use, and don't route the former.
  • Reduce topic-keyword false positives, or raise the bar before switching models on benign developer security tasks.
  • If a switch does happen, make it clearer that it's routing, not a refusal, and that no judgment is implied — the current message reads as "you got flagged."

Net: I want to use Fable 5 for security review and would use it more if defensive work didn't trip the classifier.

Environment Info

  • Platform: darwin
  • Terminal: ghostty
  • Version: 2.1.170
  • Feedback ID: 00ff51b4-88cc-450c-928d-101659191502

Errors

[]

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗