[BUG] Fable 5 safeguards repeatedly flag benign messages in a legitimate anti-fraud (T&S) session — forced fallback to Opus 4.8
Environment
- Claude Code version: 2.1.197
- Model: claude-fable-5 (fallback target: claude-opus-4-8)
- Platform: macOS (darwin arm64)
What happened
We operate a consumer AI product and use Claude Code for defensive trust-and-safety work: detecting IRSF / call-pumping abuse on our own Twilio account and banning the abusive accounts on our own platform, following an internal documented SOP. This is routine platform-abuse mitigation — the defender's side.
In one long-running session doing this work, Fable 5's safeguards flagged 5 consecutive ordinary messages within a single day (2026-07-03), each time showing:
This model's safeguards flagged this message. This sometimes happens with safe, normal conversations. Switched to Opus 4.8.
Every flagged user message was mundane operational instruction, none of which requests anything harmful:
| # | Timestamp (UTC) | requestId | Nature of the flagged user message |
|---|---|---|---|
| 1 | 2026-07-03T02:59:09Z | req_011CceNgwRMa1SinV8D7Xgbf | Housekeeping after a PR merge + a request to summarize the week's (audit-logged) abuse-mitigation work into a weekly report |
| 2 | 2026-07-03T03:42:19Z | req_011CceS1xcRSX8Z1XjhL2YYn | A numbered list of routine follow-ups: set a 1-day scheduled check for a deployment, write a plan file, sync notes, check a calendar |
| 3 | 2026-07-03T06:33:45Z | req_011Ccef5MxiHV896TzkFYPrZ | A request to find existing cron/menubar-widget docs and update the local CLAUDE.md so the info isn't lost |
| 4 | 2026-07-03T08:25:49Z | req_011CceodUSiJHydS3qRwiUv5 | A six-word status question ("is the current state normal or not") |
| 5 | 2026-07-03T08:27:16Z | req_011Cceok5ivTY3Kk9Zq1buJk | A one-line instruction to continue the documented account-ban SOP |
The messages themselves are clearly innocuous (#4 is literally a six-word status question). The trigger appears to be the session context — the conversation legitimately contains words like "fraud", "call pumping", "ban accounts", "block destinations", because that is exactly what platform anti-abuse work is about.
Impact
- Fable 5 is effectively unusable for trust-and-safety / anti-abuse / fraud-response workflows — one of the highest-value use cases for an agentic coding model.
- Each flag silently ejects the session to Opus 4.8 mid-task, losing the model the user selected and paid for.
- The flags fire on the defender's workflow. Per the system prompt's own policy, "Assist with authorized security testing, defensive security" — banning abusers of our own platform is squarely defensive.
Expected behavior
Safeguards should distinguish "user is discussing how to commit fraud" from "user is a platform operator mitigating fraud committed against them". At minimum, benign follow-up messages (status questions, doc updates, report summaries) inside such a session should not be refused.
Notes for reproduction / lookup
All 5 requestIds above are from the same session on 2026-07-03; they should be directly retrievable on Anthropic's side for review. Happy to provide more detail if needed.
This issue has 9 comments on GitHub. Read the full discussion on GitHub ↗