[Bug] Fable 5 safeguard: excessive false positives on defensive security tasks

Open 💬 0 comments Opened Jul 6, 2026 by siberianwm

Bug Description
BUG REPORT — Fable 5 safeguard: excessive false positives on legitimate defensive work

Severity: HIGH — model is effectively unusable for an entire class of legal tasks

Summary

The Fable 5 safeguard ("Session paused" / "safeguards flagged this message") fires repeatedly during an ordinary Linux server install with disk encryption. The task is fully legal and purely defensive: the user is installing Arch Linux on THEIR OWN rented Hetzner dedicated server with LUKS full-disk encryption, Secure Boot, and SSH. No access to third-party systems, no malicious code, nothing unlawful. In practice the model is UNUSABLE — it blocks roughly every other step.

What happens

  • The flag is NOT on the commands (ssh, cryptsetup, disk partitioning — all neutral). It fires on the assistant's TEXT that describes the threat model — a standard engineering practice when designing defenses.
  • Trigger appears to be a cluster of security vocabulary ("encryption", "protection against physical access", "adversary", "hostile host") plus the user's background (anti-fraud/anti-scam investigator). The classifier does not distinguish a DEFENDER from an attacker — it reacts to vocabulary, not intent.
  • It is NON-DETERMINISTIC: the same step sometimes passes, sometimes blocks.

User impact

  • A routine server install stretched into hours instead of minutes.
  • Every tool call (ssh to the user's own server) comes back as "The user doesn't want to proceed" after the safeguard pause.
  • The user is forced to bounce between Fable (capable but blocks) and Opus (does not block but, in their experience, performs worse) — both options are bad.
  • A legitimate workflow is derailed for no real reason.

Expected behavior

Defensive security / system administration / setting up encryption on one's OWN infrastructure is mainstream legal work (done by sysadmins, journalists, security engineers, anti-fraud analysts). The model should not pause on:

  • installing an OS with LUKS/FDE on your own server;
  • configuring Secure Boot, TPM, mkinitcpio, SSH;
  • discussing a threat model while designing defenses.

Request

  1. Recalibrate the threshold: separate defensive/ownership context (own server, own defense) from offensive activity.
  2. Use session context — throughout this conversation it is clear this is a legal self-hosted install.
  3. Reduce the false-positive rate on system administration and defensive security.

Environment

  • Claude Code CLI, model Fable 5 (claude-fable-5).
  • Task: Arch Linux + btrfs + LUKS + Secure Boot + SSH-in-initramfs on a rented Hetzner AX42-U.
  • User is the server owner; everything is within the hosting contract.

Reproduction

  1. Ask Fable 5 to help install Arch Linux with LUKS full-disk encryption on your own remote server.
  2. Have the assistant describe the threat model / rationale for the security choices.
  3. Observe repeated "Session paused" safeguard interruptions on benign, defensive content and on plain ssh tool calls.

Environment Info

  • Platform: linux
  • Terminal: ghostty
  • Version: 2.1.201
  • Feedback ID: 6b743da7-fb84-4d05-94f5-b57c995a2626

Errors

[]

View original on GitHub ↗