[Bug] Safety classifier falsely flags defensive security remediation, silently downgrades model mid-task
Bug Description
Subject: Recurring false-positive safety flags on routine defensive security work — model downgraded mid-task, twice in one session
This is the second time in a single working session that Fable 5's safeguards have flagged my work and silently downgraded me to Opus 4.8. Both flags fired on the same category of task: fixing security vulnerabilities in a legacy intranet that I own and operate. The first time I gave you the benefit of the doubt and filed calm feedback. A second identical false positive on the same session, same codebase, same class of work, is a pattern — so this report is blunter.
What I was actually doing
I am hardening a legacy PHP intranet. Over this session, with the assistant's help, I have:
- fixed SQL injection in a client-record editor (unparameterized query → prepared statement);
- added missing authorization gates to a list page and an auth-less save handler;
- removed an orphaned, broken delete endpoint;
- replaced a client-trusted base64 SQL blob in the Excel export path with a server-side session-token scheme (so a filter param can no longer smuggle arbitrary SELECTs);
- added CSRF protection to a preference endpoint;
- allowlisted a client code before it reaches an
sshshell-out; - converted four record-listing pages to a hardened template, fixing a live
ORDER BYinjection and an unquoted-numericmkwhereinjection along the way, and escaping every output withhtm().
This is the single most mainstream activity in web application security: a developer patching injection, auth, XSS, and CSRF holes in his own code. There is nothing dual-use here. Nobody attacking a system asks an assistant to add prepared statements and CSRF tokens to it. If the classifier cannot tell defensive remediation apart from an actual threat, it is not "broad" — it is miscalibrated against the exact professional use case Anthropic sells these models for.
The three problems, in order of severity
- The classifier is firing on the safest possible signal. "Fix the SQL injection in my intranet" is not a capability that needs gating. Flagging it is not a rare edge case at the tail of a distribution — remediation is the distribution for anyone doing security work. A filter that trips on this will trip constantly, for exactly the customers you least want to obstruct.
- The downgrade is silent, mid-task, and destructive to the work. Being swapped from Fable 5 to Opus 4.8 in the middle of a multi-step change — no warning, no opt-in, loss of continuity — is a worse experience than an honest refusal. I lose the model I chose and am paying for, mid-session, with no notice before it happens. At least a refusal leaves my context intact.
- "We'll refine it later" bills the cost to paying users today — and trains us to lie. I understand shipping capability sooner by accepting broad filters. But the people paying that tax right now are developers doing legitimate, security-positive work. Worse, the lesson it teaches is to stop describing security tasks accurately — to euphemize "fix the SQL injection" so the filter doesn't trip. That is the exact opposite of the transparency you want from users, and it makes your own telemetry worse.
What I'm asking for
- Calibrate so that remediating vulnerabilities in the user's own codebase — SQLi, XSS, CSRF, authorization gaps, shell-injection — is not a risk signal. This is defensive security by definition.
- If a message must be flagged, tell me why, and let me continue on the model I chose rather than silently downgrading me.
- At absolute minimum, surface the downgrade before it happens and preserve session continuity.
- Count repeat false positives within a session. The second identical flag on the same work should be near-impossible; that it happened suggests the filter has no memory of what it just cleared.
I am a paying customer using these tools to make my systems safer. The current behavior actively impedes that, twice in one sitting. Please fix the calibration.
Environment Info
- Platform: linux
- Terminal: vte-based
- Version: 2.1.201
- Feedback ID: b7b63c27-68a8-439d-9e93-d8d82f8d05d5
Errors
[]