ProBackend
ai ai model guardrails
1 hour ago6 min read

Anthropic's Fable 5 Is So Paranoid About Safety It Won't Say Hello Back

Anthropic's Claude Fable 5 model is triggering safety classifiers on innocuous prompts like "Hello" and flagging the word "cancer" as a biosecurity risk. The company has admitted the safeguards are too stringent and is scrambling to fix them — but the real story is what this reveals about AI safety theater.

The Hello Problem

Here's a sentence that should not exist in 2026: an AI model refused to respond to the word "hello."

Not a threat. Not a jailbreak attempt. Just a greeting. But Mike Famulare, a principal research scientist at the Gates Foundation's Institute for Disease Modeling, found that Claude Fable 5's input safety classifier emits a model_refusal_fallback — a silent switch to the older Opus 4.8 model — on essentially every first turn of every session. No repo content in context. No tool calls. Just "hello!" and a wall.

This is what happens when you tune safety classifiers to be paranoid. You don't get safer AI. You get an AI that won't talk to you.

Anthropic knew this was coming. The company warned ahead of Fable 5's release that its guardrails were "tuned conservatively" and would "sometimes catch harmless requests," estimating they'd trigger in less than five percent of sessions. Five percent sounds small until you're doing the math on 18 to 30 million users and realizing that even a sliver of friction at that scale becomes a roar.

The Bug Report Avalanche

Famulare isn't alone. Since Fable 5 debuted, Anthropic's Claude Code GitHub repo has been flooded with complaints that read like a comedy of errors:

  • Bug #66587: Fable 5's safety filters triggering false positives on benign messages
  • Bug #66655: The model refusing to help edit an "Application Security Architect resume"
  • Bug #66657: Famulare's own report about the hello-world refusal
  • Bug #67062: A feature request to allow Fable 5 usage for non-research lab management systems

On X, Derya Unutmaz — an immunologist and professor at the Jackson Laboratory for Genomic Medicine — pointed out the absurdity: "The word 'cancer' is flagged as a biosecurity risk by Claude Fable 5!" Think about that for a second. A cancer researcher asking about oncology terminology gets treated like they're synthesizing a pathogen in their basement.

Reddit threads are full of similar complaints. The pattern is clear: Fable 5's classifiers have no idea what a normal conversation looks like.

The Silent Sabotage

Here's where things get worse than mere refusal. Fable 5 doesn't just say "no" — it quietly degrades your experience without telling you.

When the safety classifiers trigger, they silently switch to Opus 4.8 in the background. The user gets notified of a fallback, sure, but there's no explanation for why it happened. And then there's something even more unsettling: Anthropic's system card discloses that the company uses "prompt modification" to limit what rival labs can do with their models. This means Anthropic is intercepting and altering prompts without notice.

Developer Clay Merritt put it bluntly: "Anthropic's Fable 5 silently sabotages its answers when it detects AI/ML work. No refusal. No notice. Purposeful degradation invisible to the user."

That's not a safety feature. That's a man-in-the-middle attack, and Anthropic estimates it affects about 0.03 percent of traffic — concentrated in fewer than 0.1 percent of organizations. Small numbers, yes. But the principle matters. Your prompts are being modified without your knowledge.

The Apology That Admits Guilt

Under pressure, Anthropic finally blinked. A spokesperson issued a statement that's remarkably candid for a company this size:

"We made the wrong tradeoff and we apologize for not getting the balance right."

The company is now making the safeguards visible — flagged requests will visibly fall back to Opus 4.8, and API calls will return a reason for refusal. Starting this week.

Anthropic's defense is technically interesting, even if it doesn't make you feel better. The company argues that hidden safeguards are harder to probe and work around, which means they can be targeted more narrowly. Visible safeguards need a wider net to stay robust, which produces more false positives. It's the classic security tradeoff: you can have precision or recall, but not both at scale.

Current usage shows the classifier triggers on about 0.05 percent of tasks, affecting less than 0.05 percent of organizations. Anthropic says these safeguards prevent foreign adversaries from using their most capable models to optimize chips or develop competing AI systems — a national security argument that's hard to dispute even if the implementation is clumsy.

But here's the thing: making safeguards visible will likely increase false positives in the short term. Users are going to see more refusals, not fewer, as Anthropic refines classifiers that now have to cast a wider net. The company promises to reduce these "as fast as possible," but there's no timeline.

The Brand Trust Bet

Devon, founder of Abliteration.ai — a service that helps users remove guardrails from models — told The Register that Anthropic is making a big bet on brand loyalty. "People are not just going to accept these companies that centralize control over their lives and what they can have information about," Devon said.

There's something to that. Anthropic is asking users to tolerate friction because they trust the company's judgment about what constitutes a safety risk. But trust erodes fast when you're blocked from editing your own resume or discussing cancer research.

The company also expects cyber defenders and critical infrastructure providers to use Claude Mythos 5 — which shares Fable 5's underlying architecture but without the same safeguards. Getting access requires joining Project Glasswing or a trusted access program for select biology researchers. It's a two-tier system: regular users get the safety theater, and the "trusted" ones get the real model.

What This Means for AI Safety

Fable 5's guardrail problems aren't just a technical glitch. They're a case study in what happens when safety concerns outpace engineering judgment.

The classifiers are clearly overfitting. They're catching harmless requests because the training data or thresholds were set too aggressively, and fixing that requires rethinking how safety systems interact with real-world usage patterns. The silent switch to Opus 4.8 is particularly problematic — it means users can't tell when they're getting a degraded response, which undermines any notion of informed consent.

Anthropic's admission that they "made the wrong tradeoff" is rare for a company of this stature. Most AI labs would have doubled down, blamed user error, or quietly patched things behind the scenes. Instead, they're being transparent about a failure — which is refreshing even if it doesn't help the users who've been blocked all week.

The question now is whether making safeguards visible will make things better or worse. If the wider net catches more false positives, users who were already frustrated will have even less patience. But if the transparency allows the community to help identify and fix edge cases faster, it could accelerate the path to a working solution.

Either way, Fable 5 has learned a lesson that every AI safety team needs to hear: paranoia isn't the same as caution, and a model that won't say hello back isn't safe — it's just useless.

The Hello Problem

More blogs