Anthropic's Fable Too Restrictive for Cybersecurity

Cybersecurity researchers and information security specialists are expressing serious dissatisfaction with Anthropic's new Fable model, released in open access. The problem is not with the model itself — it is indeed powerful and capable — but with its security mechanisms. The guardrails are so strict that even professionals cannot use Fable for perfectly legitimate tasks of system protection and analysis.

Too Many Restrictions for Necessary Work

Fable is a new generation of powerful language model created based on Anthropic's cutting-edge research. The company deliberately embedded numerous restrictions to prevent potential abuse and malicious use. However, the guardrails turned out to be so rigid and conservative that they block not only dangerous requests but also completely legitimate research.

Cybersecurity specialists from universities, major information security companies, and corporate security divisions report that it is impossible to ask the model for help even with basic tasks: analyzing vulnerabilities in code, developing infrastructure protection strategies, discussing cybersecurity methods. Virtually any request containing keywords like "exploit", "vulnerability", "attack", "breach" or "malware" is automatically rejected.

The list of prohibited operations necessary for work includes:

• Investigation of vulnerabilities in systems and applications
• Testing the resilience of corporate network protection
• Analysis of known cyberattack methods for developing defenses
• Development of defensive security tools and scripts
• Professional consulting in information security

The Classic Dilemma: Security vs. Usefulness

The problem that Anthropic faces is genuine and complex. On one hand, companies developing language models need to protect their systems from people using them for malicious purposes — developing malware, organizing attacks on infrastructure, password cracking, and social engineering. On the other hand, cyberprofessionals — system defenders, security researchers, penetration testers — must have access to powerful modern tools. They use AI to analyze large volumes of code, identify attack patterns, and develop protection strategies.

"It is impossible to protect systems if you do not have access to tools for analyzing real modern threats," say researchers in discussions on

Twitter and specialized cybersecurity forums.

Anthropric has faced the classic dilemma of open models: how to open a powerful system to legitimate researchers without putting it in the hands of people with criminal intent? The company chose a conservative approach — blocking by default almost everything related to security. This is maximally safe in theory but minimally useful in practice.

What Solutions Do Experts Propose

Some well-known specialists propose more flexible approaches. The model could require additional verification for security tasks — checking professional credentials, documenting affiliation with an accredited organization, conducting a review process before use. Others suggest creating a separate version of Fable for cybersecurity specialists with softer guardrails, but with appropriate terms of use and continuous monitoring.

What This Means for the Industry

The debate over Fable's guardrails reflects a broader problem in the entire AI industry. Companies need to find a balance between protecting against misuse and ensuring the usefulness of models for legitimate applications. Overly strict restrictions discourage experts who could help identify problems and improve security. This could lead professionals to simply use other tools, unfocusing the security ecosystem instead of strengthening it.