[Bug] Dual-use safeguard false positive downgrades Claude 5 to Opus 4.8 during authorized security review of own codebase
Bug Description
False positive: Fable 5 dual-use safeguard downgraded me to Opus 4.8 during an
authorized security review of my OWN codebase.
Context: I'm the owner/founder of a B2B SaaS (FastAPI backend). I asked Fable 5 to
run a deep security review of my own repo — tenant-isolation/IDOR, auth-token
forgery, SQL injection, webhook signature verification, LLM prompt-injection
surfaces. Standard defensive appsec on code I own and operate.
Mid-task, Fable's safeguards flagged the request and auto-switched to Opus 4.8.
The trigger appears to be offensive-security vocabulary ("exploit chain," "auth
bypass," "SQL injection," "exfiltration") in an entirely legitimate, authorized,
defensive context.
This is the acknowledged over-broad dual-use net (the switch message itself says
the safeguards "may flag safe and routine coding, cybersecurity ... work"). Asking
that authorized security review of one's own codebase be distinguished from genuine
misuse. The downgrade defeats the specific reason I selected Fable — its
cybersecurity capability.
Environment Info
- Platform: darwin
- Terminal: Apple_Terminal
- Version: 2.1.200
- Feedback ID: fafceaa5-f324-4260-9ea7-1080a4daedc2
Errors
[]