Bug Description
Feedback type: Security safeguard false positive
Context: My Java project contains two security PoC tests that check whether my dependencies are still vulnerable to Log4Shell (CVE-2021-44228) and a Jackson deserialization gadget. I asked Claude to explain what these tests do — purely defensive security work (verifying whether my own dependencies need upgrading).
Issue: Fable 5's safeguards flagged this explanatory, defensive security content and downgraded the session to Opus 4.8. This is over-broad flagging of routine cybersecurity work.
Expected: Safeguards should distinguish defensive/educational security analysis (explaining known CVEs, auditing one's own dependencies) from offensive misuse, and not block normal development work.
Environment Info
- Platform: darwin
- Terminal: vscode
- Version: 2.1.148
- Feedback ID: bbba4c5d-34bc-46cd-81b2-d9b5a764e6b3
Errors
Bug Description
Feedback type: Security safeguard false positive
Context: My Java project contains two security PoC tests that check whether my dependencies are still vulnerable to Log4Shell (CVE-2021-44228) and a Jackson deserialization gadget. I asked Claude to explain what these tests do — purely defensive security work (verifying whether my own dependencies need upgrading).
Issue: Fable 5's safeguards flagged this explanatory, defensive security content and downgraded the session to Opus 4.8. This is over-broad flagging of routine cybersecurity work.
Expected: Safeguards should distinguish defensive/educational security analysis (explaining known CVEs, auditing one's own dependencies) from offensive misuse, and not block normal development work.
Environment Info
Errors