Anthropic unveiled its latest model, Fable, on Tuesday, describing it as a publicly accessible, limited version of its highly anticipated cybersecurity model, Mythos. However, the restrictions have drawn criticism from cybersecurity researchers and professionals, who have voiced their frustrations online. "Fable rejects any request that even remotely touches on cybersecurity—even simple tasks like reading a blog post," said Valentina "Chompie" Palmiotti, a well-known security researcher at IBM X-Force. When a prompt triggers its safeguards, Fable halts the conversation and states that its "safety measures flagged this message for cybersecurity or biology topics."

These guardrails are designed to minimize the risk of Fable being used to create malware or compromise software—a persistent concern for Anthropic. The biology-related restrictions stem from similar worries about developing biological weapons. When Anthropic released Mythos in April, it limited access to a select group of companies and organizations under a program called Project Glasswing, which aimed to deploy the model for securing critical software and infrastructure. Last week, Anthropic expanded Mythos access to hundreds of organizations across 15 countries. Despite these good intentions, many cybersecurity experts remain frustrated by what they see as inconsistent restrictions. "Fable is programmed to fall back to Claude Opus 4.8 if it hits a guardrail. It seems to be keyword-based, so anything in the lexical field of 'cybersecurity' triggers the guardrails," noted one researcher.

EMBED_PLACEHOLDER_0

Another researcher complained on X that "even asking for a code review" sets off Fable's guardrails. Anthropic did not immediately respond to a request for comment. Beyond the built-in model restrictions, Anthropic requires cybersecurity professionals to apply for its Cyber Verification Program. Approved applicants face fewer limitations when using Claude for cybersecurity work. OpenAI runs a similar program called Trusted Access for Cyber.