Vivold Consulting

Security pros say Fable's guardrails are so strict they block routine defensive work

Key Insights

Days after Anthropic released Fable (a public, restricted version of its Mythos cybersecurity model), security researchers are complaining its guardrails are too broad, blocking even benign tasks like reading a blog post or requesting a code review. Critics say the filters look keyword-based, flagging anything in the cybersecurity "lexical field" and downgrading requests to Opus 4.8. Some are sympathetic, expecting Anthropic to relax the controls as it works with cybersecurity firms.

Stay Updated

Get the latest insights delivered to your inbox

"Better to catch too much" - but defenders say it's catching everything

Anthropic pitched Fable as a public, limited window into its powerful Mythos cybersecurity model. Within days, a chorus of security researchers pushed back - not because the model is weak, but because its guardrails are so aggressive they get in the way of ordinary defensive work.

What's tripping the filters

The complaints, aired across X and Reddit, paint a picture of overly broad blocking:

- One well-known researcher said Fable rejects anything even loosely cyber-related, down to reading a blog post.
- Others reported that asking for a code review or to write secure code trips the guardrails, with the model apparently treating security-flavored phrasing as offensive work rather than software-engineering best practice.
- When triggered, Fable pauses and notes its safety measures flagged the message for cybersecurity or biology topics, then falls back to Claude Opus 4.8 - which critics say quietly downgrades the result.

The consensus diagnosis is that the system looks keyword-based, so anything in the lexical field of cybersecurity sets it off.

Why the guardrails exist

This isn't caution for its own sake. Anthropic has been vocal about the risk that frontier models accelerate malware development or software compromise, and applies similar limits to biology over bioweapon concerns. It's the same posture behind Project Glasswing, the vetted program through which it released Mythos to critical-infrastructure organizations - recently expanded to hundreds of orgs across 15 countries.

The escape hatch, and the outlook

For professionals who need fewer limits, Anthropic offers a Cyber Verification Program that approved applicants can use for security work (OpenAI runs a similar Trusted Access scheme). Even some critics are forgiving: one veteran argued that on a release this sensitive it's better to over-block and loosen later, and expected the guardrails to evolve as frontier labs work more closely with a new generation of cybersecurity companies. The episode is a neat illustration of the central tension in shipping powerful dual-use models - tune them too loose and you enable attackers, too tight and you frustrate the very defenders you're trying to empower.

Related Articles

L'Oreal's OpenAI deal puts Maybelline try-on, product discovery, and ChatGPT ads in play

L'Oreal has announced a wide-ranging collaboration with OpenAI, unveiled at VivaTech 2026, that brings Maybelline's virtual makeup try-on directly into ChatGPT via L'Oreal's ModiFace AR technology. The deal spans consumer shopping tools, product discovery for brands like Lancome and Kerastase, advertising pilots (SkinCeuticals, CeraVe, Garnier), and R&D - including using OpenAI's GPT-Rosalind life-sciences model for skin-microbiome research. It lands as OpenAI reports ChatGPT at more than 900 million weekly users.

Sakana's Fugu delivers multi-agent frontier performance through one API - and pitches it as an export-control hedge

Sakana AI has launched Fugu and Fugu Ultra, a multi-agent orchestration system delivered as a single foundation model - Fugu is itself an LLM trained to route tasks across a swappable pool of the world's best models (and recursively to itself) via one OpenAI-compatible API. Sakana says Fugu Ultra matches frontier models like Anthropic's Fable 5 and Mythos Preview on demanding engineering, science, and reasoning benchmarks, while pitching the approach as an AI-sovereignty hedge: if one provider's access disappears, as with Anthropic's recently export-controlled models, Fugu reroutes around it. It is generally available today through subscription and pay-as-you-go tiers.

HSBC's multi-year Google Cloud deal targets 200+ AI use cases, some worth $100M+ each

HSBC has signed a multi-year partnership with Google Cloud to build and deploy AI across wealth management, financial-crime risk, and internal decision support, using Gemini models and the Gemini Enterprise Agent Platform. The bank expects more than 200 AI use cases over two years, with selected ones each potentially returning over US$100 million. It builds on a deep existing base - 600-plus AI use cases and a Google-built financial-crime system screening 1.2 billion transactions a month.