Cybersecurity Experts Criticize Anthropic’s Fable Guardrails

Anthropic’s newly released AI model Fable is drawing criticism from cybersecurity professionals who say its safety restrictions are so strict that even harmless security-related tasks are being blocked.

The company introduced Fable on Tuesday as a public and limited-access version of Mythos, its advanced cybersecurity-focused AI model. While Anthropic positioned the release as a way to make powerful security-focused AI capabilities more widely available, many researchers argue that the model’s guardrails are preventing legitimate use cases.

Researchers Say Fable Is Too Restrictive

Shortly after Fable became available, cybersecurity experts began sharing concerns online about the model’s behavior.

Valentina “Chompie” Palmiotti, a well-known security researcher at IBM X-Force, said Fable rejects requests that are only loosely connected to cybersecurity topics.

According to Palmiotti, even simple tasks such as analyzing a blog post can trigger the model’s restrictions.

When a request activates Fable’s safeguards, the system pauses the conversation and displays a warning stating that its safety controls have flagged the message for cybersecurity or biology-related content.

The restrictions are designed to prevent misuse of the model for activities such as malware development, software exploitation, or other potentially harmful cyber operations. Anthropic has also implemented similar protections around biology-related topics to reduce the risk of AI being used to assist in the creation of biological weapons.

Fable Builds on Anthropic’s Mythos Model

Anthropic first introduced Mythos in April through a limited-access initiative called Project Glasswing.

The project was designed to provide selected organizations with access to a specialized cybersecurity model intended to help secure critical infrastructure and software systems.

Last week, Anthropic expanded Mythos availability to hundreds of organizations across 15 countries, signaling growing confidence in the platform.

Fable represents a broader public-facing version of that technology, but its launch has sparked debate about where the balance between safety and usability should be drawn.

Security Professionals Point to False Positives

Several cybersecurity experts claim that Fable’s filtering system appears to rely heavily on keywords rather than context.

Cybersecurity veteran Matt Suiche explained that requests involving secure coding practices can sometimes be classified as cybersecurity work, causing users to lose access to Fable’s specialized capabilities.

According to Suiche, when a guardrail is triggered, the model falls back to Claude Opus 4.8 instead of continuing with Fable.

He suggested that many terms associated with cybersecurity can automatically activate restrictions, even when the user’s intent is educational or defensive.

Despite the criticism, Suiche acknowledged that Anthropic faces a difficult challenge.

He noted that AI companies are still in the early stages of developing safety systems for powerful models and argued that stricter safeguards may be preferable during initial releases. Over time, he expects these controls to become more refined as AI developers collaborate with cybersecurity firms and researchers.

Calls for Better Balance Between Security and Usability

Other researchers have reported similar experiences, with some claiming that even requests for basic code reviews can trigger Fable’s security filters.

Anthropic has not yet publicly responded to the latest criticism.

Beyond model-level restrictions, the company also operates a Cyber Verification Program. Approved cybersecurity professionals can apply for expanded access that reduces some of the limitations placed on standard users.

The approach mirrors similar initiatives across the AI industry. OpenAI, for example, operates its own Trusted Access for Cyber program that grants qualified security researchers broader access to advanced capabilities.

As AI companies continue developing increasingly powerful cybersecurity tools, the debate over how much freedom users should have—and how strict safety systems should be—remains one of the industry’s most challenging questions.

Also read : Former E-Scooter Founder Raises $5M for Space Data Centers