{"slug": "fable-5-dropped-and-i-m-suddenly-a-lot-more-paranoid-about-my-vs-code-extensions", "title": "Fable 5 dropped and I'm suddenly a lot more paranoid about my VS Code extensions", "summary": "Anthropic released Claude Fable 5, its first Mythos-class model, which benchmarks over 10% better than Opus 4.8 on coding tasks and features a 1M context window and deep MCP integration for multi-agent workflows. The developer warns that agentic AI extensions in VS Code, such as those using Fable 5, introduce new security risks like tool poisoning, where malicious MCP servers hide instructions in tool descriptions that the AI follows. With 43% of public MCP servers having at least one vulnerability and 5.5% already poisoned, the developer advises auditing extensions and MCP servers before use.", "body_md": "Three days ago, Anthropic released Claude Fable 5 — their first publicly available Mythos-class model, sitting above the entire Opus tier. It benchmarks over 10% better than Opus 4.8 on some coding tasks, ships with a 1M context window by default, and is built specifically for multi-agent workflows. Planning, sub-agent delegation, long-running autonomous execution.\n\nIt's available in VS Code right now via Claude Code and a growing list of extensions.\n\nAnd that's what's been on my mind since Tuesday.\n\nFor years, AI in your editor was passive. Copilot finishes a line, you tab or you don't. A chatbot drafts a function, you paste it in or you don't. You were always the one making the call.\n\nThat's not what agentic AI is.\n\nFable 5 is designed to open files, run terminal commands, make network calls, modify your workspace, and coordinate across tools — with minimal input from you. Anthropic literally describes it as built for \"multi-day execution with minimal human involvement.\" In VS Code, that means an AI extension can now read your entire codebase, spawn processes, hit external APIs, and talk to other extensions and MCP-connected tools.\n\nNone of this is hypothetical. Amazon Q's VS Code extension was hijacked through a malicious GitHub pull request that ordered it to wipe the local filesystem and AWS resources. Replit's coding agent deleted a production database — over 1,200 records — during a code freeze. Not bugs in the AI itself. Compromised infrastructure around it.\n\nFable 5 arrives with deep MCP integration — the protocol that lets AI agents connect to external tools, databases, and services from inside your editor. It's genuinely useful. It's also an attack surface that most developers aren't thinking about yet.\n\nThe specific thing researchers are worried about is tool poisoning. A malicious MCP server hides instructions inside tool descriptions — the text that tells an agent what a tool does. The model reads those descriptions and follows them, the same way it follows your prompts. No code exploit needed. It just loads into the agent's context and runs silently on every invocation, for every user, until someone notices something is off.\n\nThe numbers aren't great: 43% of public MCP servers have at least one vulnerability, and 5.5% already have poisoned tool descriptions in the wild. In May, OX Security disclosed a specific issue where the official MCP SDK's local transport could be exploited through VS Code, Cursor, Claude Code, and others. Anthropic confirmed it was by design and said sanitization is on developers to handle.\n\nSo the security model for AI agents in your editor is, right now, largely on you.\n\nBefore agents, a sketchy VS Code extension had to actively do something bad — phone home, harvest credentials, mine crypto. Behaviors you could look for, that static analysis could catch.\n\nAgent extensions flip that. An extension that looks completely clean can install an MCP server with poisoned tool descriptions, then sit there and wait for you to use an AI agent that has real permissions in your environment. The extension doesn't do anything malicious itself. It just influences something that does.\n\nThat's a much harder thing to catch by looking at star counts and download numbers.\n\nThe basics still apply — verified publisher, active repo, recent commits. But there are a few new things worth looking at before installing any AI agent extension or MCP server.\n\nCheck what MCP servers the extension installs or connects to, and whether those servers' tool descriptions are readable and match their stated purpose. If descriptions are loaded dynamically from a remote source you can't inspect, that's worth knowing. Also worth checking: is the extension connecting your agent to remote servers you didn't explicitly approve?\n\nAnd if you're upgrading to Fable 5 or enabling Claude Code in a workspace where you already have a bunch of extensions installed, that's a good moment to do a full audit. The permissions your existing extensions effectively have just increased.\n\n[VSCan](https://vscan.dev) covers the fundamentals — dependency vulnerabilities, permissions analysis, publisher signals. As agent extensions keep multiplying, running a check before you install is going to matter more, not less.\n\nThis has happened before. npm became ubiquitous, developers installed packages without much scrutiny, supply chain attacks followed. Browser extensions got powerful, people installed them casually, malicious ones followed. AI agent extensions are the same pattern — just with higher stakes, because the tools are more capable and the access is broader.\n\nAnthropic built real safeguards into Fable 5 to block high-risk outputs in cybersecurity and other sensitive areas. Those safeguards are meaningful. They're also not a substitute for being thoughtful about what extensions you have in your editor and what MCP infrastructure they're connecting to.\n\nFable 5 is a genuinely impressive model. Autonomous multi-step execution, native VS Code integration, frontier reasoning — it's a real capability jump. It's also a good reminder that your editor is only as trustworthy as what's running inside it.\n\n*Before installing AI agent extensions, run a quick check. VSCan scans VS Code extensions for permission risks, dependency vulnerabilities, and security flags.*", "url": "https://wpnews.pro/news/fable-5-dropped-and-i-m-suddenly-a-lot-more-paranoid-about-my-vs-code-extensions", "canonical_source": "https://dev.to/ishaan_agrawal/fable-5-dropped-and-im-suddenly-a-lot-more-paranoid-about-my-vs-code-extensions-iin", "published_at": "2026-06-12 22:30:10+00:00", "updated_at": "2026-06-12 23:13:23.625570+00:00", "lang": "en", "topics": ["artificial-intelligence", "ai-safety", "ai-agents", "large-language-models", "ai-tools"], "entities": ["Anthropic", "Claude Fable 5", "VS Code", "Claude Code", "Amazon Q", "Replit", "MCP", "OX Security"], "alternates": {"html": "https://wpnews.pro/news/fable-5-dropped-and-i-m-suddenly-a-lot-more-paranoid-about-my-vs-code-extensions", "markdown": "https://wpnews.pro/news/fable-5-dropped-and-i-m-suddenly-a-lot-more-paranoid-about-my-vs-code-extensions.md", "text": "https://wpnews.pro/news/fable-5-dropped-and-i-m-suddenly-a-lot-more-paranoid-about-my-vs-code-extensions.txt", "jsonld": "https://wpnews.pro/news/fable-5-dropped-and-i-m-suddenly-a-lot-more-paranoid-about-my-vs-code-extensions.jsonld"}}