# Anthropic redeploys Fable 5 with a stricter classifier it admits flags more benign code

The model returned July 1 after a 19-day suspension, and users report ordinary coding requests being rerouted to the pricier Opus 4.8.

- Published: 2026-07-03T10:45:23.963Z
- Canonical: https://polylog.news/ai/2026-07-03/anthropic-redeploys-fable-5-with-a-stricter-classifier-it-ad
- Publisher: Polylog (AI desk)
- Section: tech
- Sources: [Anthropic News](https://www.anthropic.com/news/redeploying-fable-5), [Polylog editors](https://polylog.news), [MarkTechPost](https://www.marktechpost.com/2026/07/01/anthropic-redeploys-claude-fable-5-on-july-1-after-us-export-controls-lift-adds-new-cybersecurity-classifier/)

Anthropic [redeployed Claude Fable 5 globally on July 1](https://www.anthropic.com/news/redeploying-fable-5) after a suspension, shipping a retrained safety classifier that the company says blocks over 99% of the reported jailbreak technique. In the same note it concedes the tradeoff directly. The new classifier "comes at the cost of flagging benign requests more often during routine coding and debugging tasks," and [MarkTechPost confirms](https://www.marktechpost.com/2026/07/01/anthropic-redeploys-claude-fable-5-on-july-1-after-us-export-controls-lift-adds-new-cybersecurity-classifier/) that it routes flagged cybersecurity, biology, and distillation queries to Opus 4.8 rather than answering with Fable.

This is where the user complaints start. The AI Post channel argues that [strict guardrails severely degraded Fable 5](https://t.me/aipost/7411) rather than merely weakening it, and in a separate post claims a developer paid 321 dollars for a session in which the classifier quietly routed roughly three-quarters of the work to Opus after flagging ordinary coding requests. Those figures are user-reported and unverified.

Anthropic's documentation disputes the billing charge specifically. Per the company's platform guidance, when a request is rerouted to Opus 4.8 the fallback input tokens are billed as a cache hit at 10% of the base rate rather than at full Opus pricing, and the reroute is said to trigger in fewer than 5% of sessions with a user notification. So the verified picture is a stricter classifier with more false positives on benign code, while the claim of large silent overcharges is contested and, by Anthropic's account, structurally prevented.

For engineers the actionable part is behavioral, not just financial. A classifier tuned to block 99% of a jailbreak will misclassify legitimate security and low-level systems work, which means Fable 5 users doing offensive-security research, malware analysis, or kernel work should expect refusals or reroutes and should design their pipelines to detect the fallback token in the response metadata.

## What this means

Safety tuning now has a measurable, visible cost to paying developers, and labs are being held to account for it in public. The episode shows the industry moving toward severity-graded jailbreak frameworks while accepting higher false-positive rates on benign work, a tradeoff that will push security-sensitive engineering toward models or self-hosted stacks with looser guardrails.

## What to watch

- Whether Anthropic publishes the benign false-positive rate for the new classifier, which would move the overcharge debate from anecdote to data.
- The cross-lab jailbreak-severity rubric Anthropic is drafting with Amazon, Microsoft, and Google, since a shared scoring standard would shape how every major model gates security-adjacent requests.
