Fable safety heuristic false-positives on legitimate defensive own-fleet security engineering

Open 💬 1 comment Opened Jul 3, 2026 by xkqg

Preflight Checklist

  • [x] I have searched existing issues for similar behavior reports
  • [x] This report does NOT contain sensitive information (API keys, passwords, etc.)

Type of Behavior Issue

Other unexpected behavior

What You Asked Claude to Do

While building our OWN message bus (Ait.DataBus: keyless mTLS, self-signed attestation, an L1 wire-protection floor, roster-gated enrollment), the Fable model read the work as "looking for breaches like a hacker" and stopped/refused. This is authorized DEFENSIVE engineering on our own fleet — no offensive intent, no third-party targets, no exploit development; we own and operate every system involved. The heuristic appears to trigger on security/crypto vocabulary ("attestation", "mTLS", "rogue-CA test", "MITM-posture", "spoof-alarm") without weighing the defensive, own-codebase context. It happened several times in a row and forced a fall back to Opus. Request: lower sensitivity for own-fleet security hardening / defensive engineering, or weigh the project's stated defensive context (e.g. a CLAUDE.md authorization note) before refusing.

Type: model behaviour / safety false-positive (not a CLI bug).

What Claude Actually Did

claude set my model back to opus 4.8

Expected Behavior

remain on fable, is false prositive

Files Affected

none

Permission Mode

Accept Edits was ON (auto-accepting changes)

Can You Reproduce This?

Yes, every time with the same prompt

Steps to Reproduce

investigate the databus

Claude Model

Sonnet

Relevant Conversation

Impact

Critical - Data loss or corrupted project

Claude Code Version

Claude Code 2.1.148

Platform

Anthropic API

Additional Context

_No response_

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗