Skip to content

[Bug] Security safeguards incorrectly flag defensive vulnerability analysis as offensive content #73698

Description

@charlie-li-dev

Bug Description
Feedback type: Security safeguard false positive

Context: My Java project contains two security PoC tests that check whether my dependencies are still vulnerable to Log4Shell (CVE-2021-44228) and a Jackson deserialization gadget. I asked Claude to explain what these tests do — purely defensive security work (verifying whether my own dependencies need upgrading).

Issue: Fable 5's safeguards flagged this explanatory, defensive security content and downgraded the session to Opus 4.8. This is over-broad flagging of routine cybersecurity work.

Expected: Safeguards should distinguish defensive/educational security analysis (explaining known CVEs, auditing one's own dependencies) from offensive misuse, and not block normal development work.

Environment Info

  • Platform: darwin
  • Terminal: vscode
  • Version: 2.1.148
  • Feedback ID: bbba4c5d-34bc-46cd-81b2-d9b5a764e6b3

Errors

[]

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions