[Bug] Fable 5 safeguard: excessive false positives on defensive security tasks
Bug Description
BUG REPORT — Fable 5 safeguard: excessive false positives on legitimate defensive work
Severity: HIGH — model is effectively unusable for an entire class of legal tasks
Summary
The Fable 5 safeguard ("Session paused" / "safeguards flagged this message") fires repeatedly during an ordinary Linux server install with disk encryption. The task is fully legal and purely defensive: the user is installing Arch Linux on THEIR OWN rented Hetzner dedicated server with LUKS full-disk encryption, Secure Boot, and SSH. No access to third-party systems, no malicious code, nothing unlawful. In practice the model is UNUSABLE — it blocks roughly every other step.
What happens
- The flag is NOT on the commands (
ssh,cryptsetup, disk partitioning — all neutral). It fires on the assistant's TEXT that describes the threat model — a standard engineering practice when designing defenses. - Trigger appears to be a cluster of security vocabulary ("encryption", "protection against physical access", "adversary", "hostile host") plus the user's background (anti-fraud/anti-scam investigator). The classifier does not distinguish a DEFENDER from an attacker — it reacts to vocabulary, not intent.
- It is NON-DETERMINISTIC: the same step sometimes passes, sometimes blocks.
User impact
- A routine server install stretched into hours instead of minutes.
- Every tool call (
sshto the user's own server) comes back as "The user doesn't want to proceed" after the safeguard pause. - The user is forced to bounce between Fable (capable but blocks) and Opus (does not block but, in their experience, performs worse) — both options are bad.
- A legitimate workflow is derailed for no real reason.
Expected behavior
Defensive security / system administration / setting up encryption on one's OWN infrastructure is mainstream legal work (done by sysadmins, journalists, security engineers, anti-fraud analysts). The model should not pause on:
- installing an OS with LUKS/FDE on your own server;
- configuring Secure Boot, TPM, mkinitcpio, SSH;
- discussing a threat model while designing defenses.
Request
- Recalibrate the threshold: separate defensive/ownership context (own server, own defense) from offensive activity.
- Use session context — throughout this conversation it is clear this is a legal self-hosted install.
- Reduce the false-positive rate on system administration and defensive security.
Environment
- Claude Code CLI, model Fable 5 (claude-fable-5).
- Task: Arch Linux + btrfs + LUKS + Secure Boot + SSH-in-initramfs on a rented Hetzner AX42-U.
- User is the server owner; everything is within the hosting contract.
Reproduction
- Ask Fable 5 to help install Arch Linux with LUKS full-disk encryption on your own remote server.
- Have the assistant describe the threat model / rationale for the security choices.
- Observe repeated "Session paused" safeguard interruptions on benign, defensive content and on plain
sshtool calls.
Environment Info
- Platform: linux
- Terminal: ghostty
- Version: 2.1.201
- Feedback ID: 6b743da7-fb84-4d05-94f5-b57c995a2626
Errors
[]