Anthropic built Fable to help secure the internet. Instead, it is struggling to read a blog post.
On Tuesday, the AI company released Fable, a public-facing version of its specialized cybersecurity model, Mythos. The goal was clear: provide a powerful tool for defending critical infrastructure. But the reality has been far more restrictive. Cybersecurity researchers are reporting that the model’s guardrails are so sensitive they flag even the most innocuous requests as potential threats.
"[Fable] rejects any request that could be tangentially cyber related," said Valentina “Chompie” Palmiotti, a security researcher at IBM X-Force. "Even innocuous tasks like reading a blog post."
When a user hits these triggers, the chat stops. Fable displays a message stating that its "safety measures flagged this message for cybersecurity or biology topics." It then forces the user to fall back to Claude Opus 4.8. For professionals trying to integrate AI into their daily workflows, this is a major roadblock. It is not just annoying. It is counterproductive.
The Keyword Problem
The frustration stems from how the model identifies risk. Experts suggest the system relies on a blunt, keyword-based filter rather than a nuanced understanding of intent. If a prompt contains words associated with the "lexical field of cybersecurity," the system shuts down.
Matt Suiche, a cybersecurity veteran and technical staff member at the startup Tolmo, noted that the model fails to distinguish between offensive and defensive work. "If you ask it to write secure code, it assumes it is cybersecurity related work instead of software engineering best practices," Suiche said. "You get downgraded."
This creates a paradox. The model is designed to improve software security, yet it penalizes users for asking how to write secure code. Other researchers have reported that even simple requests for code reviews trigger the same automated shutdown.
Why Anthropic Is Playing It Safe
Anthropic’s caution is not accidental. The company has long feared that its models could be weaponized to develop malware or compromise software. The biology restrictions, which appear alongside the cyber ones, stem from similar concerns regarding the development of biological weapons.
When Anthropic first introduced Mythos in April, it limited access to a small group of organizations under "Project Glasswing." Last week, the company expanded that access to hundreds of organizations across 15 countries. Fable was meant to be the next step in that rollout. It was supposed to be the accessible, public-facing sibling to the more restricted Mythos.
What This Means for Security Professionals
For now, the friction is high. Cybersecurity professionals who need real-world utility are finding themselves locked out of the very tools intended to help them. Anthropic does offer a "Cyber Verification Program" for those who need fewer limitations, mirroring OpenAI’s "Trusted Access for Cyber" initiative. However, the barrier to entry for these programs remains significant.
Despite the current headaches, some experts remain optimistic. Suiche argues that this is a necessary growing pain. "It is better to catch more people than not enough when you do such a release," he said. "I am sure they are going to evolve over time."
Key Takeaways
- Fable, Anthropic’s new cybersecurity-focused model, is currently triggering aggressive guardrails that block even basic, non-malicious tasks.
- Researchers report the model uses a blunt, keyword-based filter that confuses secure coding practices with prohibited cybersecurity activities.
- Anthropic is prioritizing extreme safety to prevent malware development, but the current implementation is hindering the productivity of security professionals.
Anthropic has yet to comment on the feedback. The company is likely monitoring the data to see where the lines should be drawn. For now, the model remains a work in progress. It is a powerful tool. It just needs to learn when to stay quiet.
