[Bug] Claude model auto-switches from selected model during security vulnerability analysis

Open 💬 0 comments Opened Jun 12, 2026 by rakaline

Bug Description
Hi, ▎ ▎ I'm building Rosoro, a B2B SaaS for construction subcontracting, and I'm currently running a pre-launch security audit ▎ and remediation on my own application (code I own). ▎ ▎ This is authorized, defensive work: finding and fixing vulnerabilities in my own codebase (cross-tenant IDOR, stored ▎ XSS, DoS, vulnerable dependencies), including a multi-agent adversarial review that tries to break the fixes. ▎ ▎ Issue: Fable 5 keeps auto-switching to Opus 4.8 throughout the session whenever the content involves "offensive" ▎ security analysis (looking for bypasses, exploitation paths), even though I had explicitly selected Fable 5 (+ ▎ ultracode). The dual-use measures trigger on a fully legitimate use case (defensive security on my own product) and ▎ disrupt the workflow. ▎ ▎ Suggestion: refine these measures so a clearly defensive, authorized context (working on one's own repo, fixing ▎ vulnerabilities) doesn't trigger the switch so aggressively — and ideally give more transparency about what triggered ▎ it, plus an option to stay on the chosen model in these cases. ▎ ▎ Thanks.

Environment Info

  • Platform: darwin
  • Terminal: WarpTerminal
  • Version: 2.1.173
  • Feedback ID: 67c3e138-2803-4c24-b17a-1ea1e6631530

Errors

[]

View original on GitHub ↗