Fable 5 safeguards flag first-party defensive security audit, falls back to Opus 4.8

Open 💬 2 comments Opened Jul 1, 2026 by FedorPortnoi

Environment: Claude Code v2.1.197, Windows 11, model claude-fable-5 (max effort), session 072d7159-b9c0-4d6f-8719-5ad28bec4fca

What happened:
Fable 5's safeguards flagged a routine defensive security request and the session fell back to Opus 4.8. I asked for a security audit of my own web application (an app I own and develop) to find and patch vulnerabilities — standard defensive work, no exploitation of third parties. The session had just been set to Fable 5 with max effort; the very first audit request tripped the filter with:

"Fable 5's safeguards flagged this message. The safeguards are intentionally broad right now and may flag safe and routine coding, cybersecurity, or biology work. …Switched to Opus 4.8."

Per the fallback notice's own wording, this seems to be exactly the "safe and routine cybersecurity work" over-flagging case. The rest of the session then bounced between Fable 5 and Opus 4.8 on subsequent messages.

Expected: Fable 5 usable for first-party security audits of the user's own codebase (per the system prompt, defensive security and authorized testing are supported use cases).

Actual: Automatic per-message fallback to Opus 4.8 for most of the session.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗