Anthropic on Tuesday launched Claude Fable 5, its most capable public model. But within two days, users began reporting that its safety system was blocking benign or legitimate prompts.
Fable 5 is the first public model derived from Anthropic’s Mythos family, whose original iteration showed unusual skill during training at finding software bugs and exploiting them to disrupt or take control of systems. That raised enough concern inside Anthropic that the company grouped cybersecurity with other high-risk domains, including biology and chemistry, when setting limits on Mythos-derived public models.
For Fable 5, that means prompts flagged as sensitive in those areas are routed to Claude Opus 4.8, a less capable model with its own guardrails. Anthropic says the fallback affects about 0.05% of queries and notifies users when it happens.
But reports of false positive reports quickly mounted. That’s because Anthropic erred on the side of caution when it designed the classifiers used to detect and downgrade potentially dangerous uses of its model. It was also challenged to balance accuracy with transparency.
Try telling that to developers. Across social media, people have complained aboutClaude Fable 5 rejecting queries about everything from RNA sequencing data for sheep to résumé editing, to shopping lists.
“The word ‘cancer’ is flagged as a biosecurity risk by Claude Fable 5!” said scientist Derya Unutmazon X. “Our Anthropic overlords deciding which prompts the peasants are allowed to use.,” added founder and developer Bojan Tunguz on X.
Anthropic now says it’s working on the problem. “A hidden safeguard is harder to probe and work around,” Anthropic says in a statement emailed to Fast Company. “This means the safeguards can be targeted much more narrowly. A visible safeguard needs to cast a wider net to be more robust, resulting in more requests being incorrectly flagged.”
“We made the wrong tradeoff and we apologize for not getting the balance right,” the company adds.
Now Anthropic says it’s working to refine the classifiers so that less queries trigger false positives. For Claude subscribers, query downgrades (to Opus 4.8) will be more obvious. Developers accessing Fable 5 via the Claude API will see a reason for the model’s refusal of a prompt, the company says.
Meanwhile, at least one AI researcher appears to have coerced Fable 5 into responding to a banned prompt. Pliny the Liberator claimed on X to bypass Fable 5’s filters roughly 24 to 48 hours after launch. Pliny described using a multi-agent approach involving a previously jailbroken Claude Opus 4.8, along with techniques including query decomposition, long-context framing, fiction and narrative structures, and academic taxonomies.
Before launch, Anthropic said more than 1,000 hours of internal and external red-teaming, including bug bounty efforts, had identified no universal jailbreaks. The company has acknowledged that preventing all sophisticated, multi-turn, or agentic attacks is likely not possible and says it continues to refine its classifiers.