[Bug] Dual-use safeguard false positive downgrades Claude 5 to Opus 4.8 during authorized security review of own codebase

Open 💬 0 comments Opened Jul 3, 2026 by amilovidov

Bug Description
False positive: Fable 5 dual-use safeguard downgraded me to Opus 4.8 during an authorized security review of my OWN codebase. Context: I'm the owner/founder of a B2B SaaS (FastAPI backend). I asked Fable 5 to run a deep security review of my own repo — tenant-isolation/IDOR, auth-token forgery, SQL injection, webhook signature verification, LLM prompt-injection surfaces. Standard defensive appsec on code I own and operate. Mid-task, Fable's safeguards flagged the request and auto-switched to Opus 4.8. The trigger appears to be offensive-security vocabulary ("exploit chain," "auth bypass," "SQL injection," "exfiltration") in an entirely legitimate, authorized, defensive context. This is the acknowledged over-broad dual-use net (the switch message itself says the safeguards "may flag safe and routine coding, cybersecurity ... work"). Asking that authorized security review of one's own codebase be distinguished from genuine misuse. The downgrade defeats the specific reason I selected Fable — its cybersecurity capability.

Environment Info

  • Platform: darwin
  • Terminal: Apple_Terminal
  • Version: 2.1.200
  • Feedback ID: fafceaa5-f324-4260-9ea7-1080a4daedc2

Errors

[]

View original on GitHub ↗