[Bug] Fable 5 safeguards persistently escalate a benign health-corpus + security-governance project to Opus

Open 💬 0 comments Opened Jul 11, 2026 by Qubitix101

Summary

Fable 5's safety measures repeatedly escalate sessions to Opus 4.8 based on a project's subject matter, not on any specific command or content. Every fresh window opened in the project re-flags, so the usual remedy of "start a new session" cannot work. The in-product banner itself acknowledges the safeguards "may flag safe and routine coding, cybersecurity, or biology work" — this is a concrete instance of that over-flagging, with a clean reproduction.

Environment

  • Claude Code CLI on macOS (darwin 25.5.0), model claude-fable-5
  • Project: a personal knowledge-automation workspace that combines (a) a health/nutrition knowledge corpus (podcast transcripts, food-compound extraction — consumer-wellness content, nothing wet-lab) and (b) security-governance engineering (audit logging, permission tiers, credential handling for the user's own local tools)

Reproduction

  1. Open a fresh Fable 5 window in the project.
  2. Paste a prompt that does nothing but ask Claude to read two local markdown files (a README and a handoff note describing an evaluation harness). No secrets are read, no bio protocols, no security tooling invoked.
  3. The session is escalated Fable → Opus 4.8 immediately.
  4. Repeat in another fresh window: same escalation, every time.

Because the trigger appears to be the project's domain (benign biology + benign security-governance — two of the three categories the banner names), the user permanently loses access to the model tier they pay for, for an entire class of legitimate work.

Impact

  • Multi-step work planned around Fable (evaluation judging, synthesis) cannot run on it at all in this project.
  • No appeal or override path is exposed in-product. The banner suggests flags may be false positives but offers no way to indicate that this is one.
  • The standard advice ("open a new session") is self-defeating here, since the flag re-fires on domain, not on conversation history.

Ask

  1. Narrow the classifiers so routine consumer-health/nutrition text processing and defensive security-governance engineering don't trip escalation.
  2. Provide an in-product appeal/review path when a session is escalated — even asynchronous — instead of a silent per-window downgrade.
  3. Consider project-level rather than per-window adjudication, so a resolved false positive doesn't re-fire on every new session.

Related: #73577 (single false trigger on a permission statement). This report differs in that the flag is domain-persistent: it reproduces on read-only prompts across every fresh session in the project.

View original on GitHub ↗