Anthropic reverses course on invisible Claude Fable distillation guardrails after researcher backlash

Anthropic is reversing its decision to silently degrade Claude Fable 5 responses when it detects potential model distillation attempts. Following criticism from AI researchers, the company will now route suspected distillation queries to Claude Opus 4.8 with explicit user notification.

Claude Fable 5 is the first publicly available model in Anthropic's Mythos class of AI systems, which the company has characterized as too dangerous for unrestricted release. In its system card, Anthropic disclosed that it would handle suspected distillation attempts—a technique for training smaller models using larger model outputs—by "altering and degrading the model's answers directly" without notifying users.

The invisible safeguard drew immediate backlash from the AI research community. Critics warned the covert restrictions could affect third-party researchers attempting to evaluate the frontier model, not just competitors trying to replicate it.

New approach matches other safety measures

Anthropic announced on X that distillation queries will now fall back to Claude Opus 4.8, its previous flagship model, with prominent user notification. "You will see this every time it happens," the company stated.

This approach mirrors how Fable handles other high-risk categories. When safety features trigger in biology, chemistry, and cybersecurity areas, queries route through Opus 4.8 unless blocked entirely under broader safety rules covering drugs, weapons, or prohibited content. In biology specifically, the safeguards have been calibrated so broadly that Fable is "practically unusable for even basic queries," according to Anthropic's comment to The Verge.

Why Anthropic chose invisible safeguards

"Visible safeguards can be probed, so they have to be robust, which takes time to get right," Anthropic wrote in its explanation. "Invisible safeguards can be targeted more narrowly, allowing us to ship quickly with very few false positives. We went with invisible safeguards for this reason—and that was the wrong tradeoff."

In its system card, Anthropic justified targeting distillation attempts by noting that "using Claude to develop competing models already violates our Terms of Service." The company has previously accused Chinese AI labs like DeepSeek of distilling its models on an "industrial" scale.

What this means

This reversal highlights the tension between rapid deployment of powerful AI systems and transparent safety measures. Anthropic's initial approach prioritized speed and precision in blocking distillation while avoiding false positives, but the lack of visibility undermined trust with researchers who need to understand when and why their queries are being restricted. The company's decision to align distillation safeguards with its other visible safety measures suggests it's prioritizing transparency over the tactical advantage of covert restrictions, even if that means more aggressive blocking and potentially more false positives. For researchers and developers using Claude Fable, the change means clearer boundaries—but also more explicit limitations on certain use cases.