Fable 5 safeguard classifier false-positives on benign requests when project files contain defensive-security language
What happens: Asking Fable 5 (Claude Code, VSCode extension) to review one of my own projects and write an implementation plan — a routine planning task — trips the safeguard mid-task ("Fable 5's safeguards flagged this message… Switched to Opus 4.8") and silently swaps the model. Reproduced across multiple runs of the same benign request.
Root cause (my read): The flag isn't triggered by my prompt. It fires once the model reads my project's files into context. The project is a defensive security tool, so its README/PRD legitimately contain threat-model vocabulary — "prompt-injection surface," "an attacker controls the input," "SSRF," "attack surface," "private IP ranges," "rate limiting." The classifier can't tell a defensive audit/PRD from malicious content. The banner itself admits it "may flag safe and routine coding, cybersecurity, or biology work."
Why it matters: The usual workaround ("anchor the request to your own project") can't help when the project is a security tool — the flagged text is unavoidably in context. This makes Fable 5 unusable for normal defensive engineering (auth, injection defenses, security PRDs). The silent mid-task model swap also changes behavior partway through without consent.
Repro: Point Fable 5 at any repo with a defensive-security README/PRD using standard threat-model terms → ask a benign review/planning question about it → safeguard fires, forced switch to Opus 4.8.
Requested fix:
- Distinguish defensive/analytical security context from operational malicious intent.
- Don't let ingested file content alone trigger a message-level flag on an otherwise benign request.
- If a flag fires, make the model swap explicit/opt-in, not silent mid-task.
Environment: Claude Code VSCode extension, Windows 11. Model pinned to claude-fable-5[1m]. /bug and /feedback slash commands both no-op in this build.