[Bug] Safety classifier false-positives on defensive security patching, causing silent mid-session model downgrade
Bug Description
Subject: False-positive safety flags are blocking routine defensive security work — and silently downgrading my model mid-task
I maintain a legacy corporate intranet. A core part of that work is fixing security holes in my own codebase: SQL injection, missing authorization checks, absent CSRF tokens. This is textbook defensive security on a system I own and operate.
Fable 5's safeguards flagged a message in which I asked the assistant to fix four specific vulnerabilities it had just identified in my code — an unparameterized query, a missing access-level gate, an auth-less save handler, and a dead delete endpoint. There is nothing dual-use or ambiguous here. Hardening your own application against injection is the single most routine task in web security. If the classifier can't distinguish "patch the SQLi in my intranet" from an actual threat, the classifier is miscalibrated to the point of being an obstacle to the exact work Anthropic markets these models for.
Three specific problems:
- The flag fired on defensive work. Identifying and remediating vulnerabilities in code I own is not a capability that needs gating. Broad-by-design is one thing; flagging a developer fixing their own SQL injection is a straightforward false positive, and it's not a rare edge case — it's mainstream engineering.
- The downgrade is silent and disruptive. Being dropped from Fable 5 to Opus 4.8 mid-task — with no opt-in, no warning before it happens, and a loss of context/continuity — is a materially worse product experience than just being told "we can't help with that." I was in the middle of a multi-step review. Swapping the model out from under an active session breaks the work, not just the message.
- "We'll refine it later" puts the cost on paying users now. I understand shipping capability sooner by accepting broad filters. But the tradeoff is being paid, today, by developers doing legitimate, security-positive work — and it teaches us to not describe our security tasks accurately, which is the opposite of what you want.
Requests
- Calibrate the safeguards so that remediating vulnerabilities in the user's own codebase (SQLi, XSS, CSRF, authz gaps) is not treated as a risk signal.
- If a message must be flagged, let me see why and give me a path to continue on the same model, rather than a silent downgrade.
- At minimum, surface the downgrade before it happens and preserve session continuity.
I'm a customer using these tools to make my systems safer. The current behavior actively impedes that. Please fix the calibration.
Environment Info
- Platform: linux
- Terminal: vte-based
- Version: 2.1.201
- Feedback ID: f3336530-e179-4957-81a3-99af02b1f227
Errors
[]