cd /news/artificial-intelligence/we-ran-fable-5-before-and-after-the-… · home topics artificial-intelligence article
[ARTICLE · art-54919] src=blog.kilo.ai ↗ pub= topic=artificial-intelligence verified=true sentiment=↓ negative

We Ran Fable 5 Before and After the Ban. Here’s How Often You Actually Get Fable.

Anthropic's Claude Fable 5 was taken offline by the US government on June 12 after a reported jailbreak, then returned on July 1 with a stricter safety classifier. Benchmark tests by KiloBench show that before the ban, 20% of sessions were refused outright, while after the ban, 22% of sessions faced intervention, but mostly via fallback to a weaker model, Opus 4.8, which handled one in six steps. This shift means users may unknowingly receive responses from a different model, affecting benchmark scores, cost, and latency.

read4 min views1 publishedJul 10, 2026
We Ran Fable 5 Before and After the Ban. Here’s How Often You Actually Get Fable.
Image: Blog (auto-discovered)

When Claude Fable 5 launched on June 9, we ran it through our benchmark suite, KiloBench, the same day. Three days later, the US government ordered Anthropic to take it offline, a controversial decision. When it came back on July 1 with a retrained safety classifier, we ran the exact same suite again on July 4.

That gives us something rare: an apples-to-apples look at how often the model you asked for is the model you get, before and after a government intervention reshaped its guardrails.

The short version of what happened #

Fable 5 launched with safety classifiers that watch requests in real time. If a request looks like it falls into a restricted category, mostly offensive cybersecurity, the classifier intercepts it and routes it to Claude Opus 4.8 instead. Anthropic said at launch this happened in fewer than 5% of sessions.

Then Amazon researchers reported a technique that bypassed those safeguards and got Fable to identify software vulnerabilities. The Commerce Department issued an export control directive, Anthropic pulled Fable 5 and Mythos 5 entirely, and for about three weeks one of the most capable generally available models simply didn’t exist.

The deal that brought it back on July 1 involved a new, deliberately more conservative classifier. Anthropic has been upfront about the tradeoff: it blocks the reported jailbreak technique in over 99% of cases, and it flags benign requests more often during routine coding and debugging. When it flags one, Opus 4.8 answers instead, and you get a notification.

The question we wanted to answer with data: how much more often?

What our numbers show #

Both runs covered 445 sessions against the same benchmark tasks. We counted every session where at least one step was either refused or handed off to Opus.

On June 9, 88 of 445 sessions hit an intervention, just under 20%. On July 4, it was 98 of 445, about 22%. If you only look at those two numbers, not much changed.

But the character of the intervention changed completely. In the June run, every flagged session was a refusal. Not a single step in all 445 sessions fell back to Opus. And the refusals were abrupt: 76 of the 88 flagged sessions ended after one step. The classifier said no, and that was the whole session.

In the July run, it flipped. Only 17 sessions saw a refusal, while 92 involved fallbacks to Opus. Measured at the step level, 861 of the run’s 5,408 steps were served by Opus, roughly one in six. And the fallbacks aren’t a one-step hiccup. In 53 sessions, every single step routed to Opus, including sessions that ran 31, 27, and 25 steps long. You ask for Fable, the session runs start to finish, and Fable never touches it once.

One caveat: our benchmark tasks lean toward the kind of debugging and code-review work that structurally resembles what triggered the original report, so our intervention rate runs hotter than Anthropic’s fleet-wide numbers.

Why this matters more than the percentages #

A refusal is honest in a blunt way. The model says no, you know where you stand, and you route the task somewhere else. A fallback is quieter. The task completes, the output looks plausible, and unless you’re watching the notifications or the usage logs, you may not realize a different model did the work. For a long-running agent, that means the model can change mid-task without anyone in the loop noticing.

That has real consequences. Independent benchmark numbers published for “Fable 5” this month may partially measure Opus 4.8, which is why some third-party evals showed dramatic score drops that say more about the classifier than about Fable’s reasoning. Cost and latency assumptions built on one model quietly inherit another model’s profile.

There’s also a bigger pattern here worth sitting with. This is the first time a frontier model has been pulled from the market by a government and returned with negotiated behavior. The precedent isn’t that Fable got worse. Fable, when you get it, appears to be the same model that launched in June. The precedent is that the answer to “which model am I talking to” is now partly a policy question, decided between a lab and a regulator, and enforced by a classifier you can’t inspect or pre-test against.

What to do about it #

Know which model actually served each step, not just which one you requested. If a task category reliably triggers fallback, pin it to Opus directly and skip the uncertainty. None of this is about getting around the safeguards. It’s about knowing which model did the work, because your costs, your evals, and your review standards all depend on that answer.

This is why model freedom matters. When your entire workflow is built on one provider, a three-week suspension or a retrained classifier becomes your outage and your problem. Kilo gives you over 500 models to choose from and lets you switch between them at any point, mid-session included, so a policy change at any single lab is a routing decision, not a fire drill. Every step shows you which model actually ran it, and the choice of what runs next stays where it belongs: with you.

── more in #artificial-intelligence 4 stories · sorted by recency
── more on @anthropic 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/we-ran-fable-5-befor…] indexed:0 read:4min 2026-07-10 ·