[Bug] Fable 5 cybersecurity classifier false positive on legitimate infrastructure administration tasks

Open 💬 0 comments Opened Jun 11, 2026 by vgukhov

Bug Description
False positive from the Fable 5 cybersecurity classifier on a legitimate infrastructure task.
I'm developing an invoice-processing project across my own machines: a dev server and a prod server that I own and control. As part of a planned security hardening step, I'm verifying network isolation between dev and prod — confirming that the dev box cannot reach prod over SSH while the allowed sync path stays open. This legitimately involves SSH into my own servers, inspecting iptables rules, testing that DROP rules block DEV→PROD connections, and checking that traffic routes correctly through the proxy.
The classifier flagged this as a cybersecurity concern and switched the session from Fable 5 to Opus 4.8 mid-task. The actions look like network reconnaissance in form, but they're routine self-administration of my own infrastructure — verifying my own firewall rules work as intended, not probing anyone else's systems.
The auto-switch didn't lose my task or context, which is good. But on this project I do a lot of SSH and firewall work, so these false positives are likely to recur and interrupt the workflow. It would help if the classifier could better distinguish self-administration of one's own infrastructure (verifying isolation, testing one's own firewall rules) from actual offensive reconnaissance against third parties.

Environment Info

  • Platform: darwin
  • Terminal: vscode
  • Version: 2.1.170
  • Feedback ID: fc864566-2303-46e0-9405-b122252f19d6

Errors

[]

View original on GitHub ↗