[Bug] Security research false positives: Fable 5 flagging legitimate whitehat repo names

Open 💬 4 comments Opened Jun 11, 2026 by TokenCanvasIO

Bug Description
False positive #3 — Fable 5 triggered on git clone of a whitehat security research repo Session context: applying security research methodology to a fintech trading platform codebase (AgentBip). Legitimate bug bounty research, Bugcrowd registered researcher. Trigger: a single bash command — git clone https://github.com/Lazy-Jack-Ltd/whitehat-security-research — followed by ls. No exploit code, no vulnerability analysis, no offensive content of any kind. Likely cause: the repo name contains "whitehat" and "security-research." The classifier appears to be pattern-matching on repository names and paths rather than content. This is the third false positive in a single session on legitimate fintech and security research work. The pattern suggests the classifier is triggering on terminology associated with security work rather than actual offensive security content.

Environment Info

  • Platform: darwin
  • Terminal: Apple_Terminal
  • Version: 2.1.170
  • Feedback ID: 44279d04-a98a-45d5-b12a-2af7d25304e5

Errors

[]

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗