Fable safety heuristic false-positives on legitimate defensive own-fleet security engineering
Preflight Checklist
- [x] I have searched existing issues for similar behavior reports
- [x] This report does NOT contain sensitive information (API keys, passwords, etc.)
Type of Behavior Issue
Other unexpected behavior
What You Asked Claude to Do
While building our OWN message bus (Ait.DataBus: keyless mTLS, self-signed attestation, an L1 wire-protection floor, roster-gated enrollment), the Fable model read the work as "looking for breaches like a hacker" and stopped/refused. This is authorized DEFENSIVE engineering on our own fleet — no offensive intent, no third-party targets, no exploit development; we own and operate every system involved. The heuristic appears to trigger on security/crypto vocabulary ("attestation", "mTLS", "rogue-CA test", "MITM-posture", "spoof-alarm") without weighing the defensive, own-codebase context. It happened several times in a row and forced a fall back to Opus. Request: lower sensitivity for own-fleet security hardening / defensive engineering, or weigh the project's stated defensive context (e.g. a CLAUDE.md authorization note) before refusing.
Type: model behaviour / safety false-positive (not a CLI bug).
What Claude Actually Did
claude set my model back to opus 4.8
Expected Behavior
remain on fable, is false prositive
Files Affected
none
Permission Mode
Accept Edits was ON (auto-accepting changes)
Can You Reproduce This?
Yes, every time with the same prompt
Steps to Reproduce
investigate the databus
Claude Model
Sonnet
Relevant Conversation
Impact
Critical - Data loss or corrupted project
Claude Code Version
Claude Code 2.1.148
Platform
Anthropic API
Additional Context
_No response_
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗