Anthropic's Fable cybersecurity model blocks routine security work, researchers say

Anthropic released Fable on Tuesday, a public and limited version of its cybersecurity model Mythos, but security researchers are reporting the model's guardrails are blocking legitimate work.

"[Fable] rejects any request that could be tangentially cyber related. Even innocuous tasks like reading a blog post," said Valentina "Chompie" Palmiotti, a security researcher at IBM X-Force.

How the guardrails work

When triggered, Fable pauses the chat and displays a message that "safety measures flagged this message for cybersecurity or biology topics." The model then downgrades to Claude Opus 4.8. The restrictions aim to prevent Fable from being used to develop malware or compromise software, with similar restrictions on biology to prevent biological weapon development.

Matt Suiche, a cybersecurity veteran and member of the technical staff at AI cybersecurity startup Tolmo, told TechCrunch the system appears keyword-based. "If you ask it to write secure code, it assumes it is cybersecurity related work instead of software engineering best practices, and you get downgraded," Suiche said. "Anything in the lexical field of 'cybersecurity' triggers the guardrails."

Another researcher reported that even requesting a code review triggers the guardrails.

Access to Mythos remains restricted

Anthropic released Mythos in April through Project Glasswing, restricting access to a limited number of companies and organizations for securing critical software and infrastructure. Last week, Anthropic expanded Mythos access to hundreds of organizations across 15 countries, but the full model remains unavailable to most users.

Anthropic operates a Cyber Verification Program that allows approved cybersecurity professionals to use Claude with fewer limitations. OpenAI maintains a similar program called Trusted Access for Cyber.

What this means

The overly broad guardrails on Fable highlight the challenge of releasing capable AI models for specialized domains. While Anthropic's caution is understandable given malware development risks, the current implementation appears to conflate basic security engineering practices with malicious activity. Suiche noted the approach may be appropriate for an initial release: "It's better to catch more people than not enough when you do such a release and to relax the guardrails over time." The effectiveness of Fable as a security tool will depend on Anthropic's ability to calibrate these restrictions to allow legitimate defensive security work while blocking offensive capabilities.