Anthropic has re-deployed Fable 5 and used the moment to publish two things that matter: a precise...
Anthropic has re-deployed Fable 5 and used the moment to publish two things that matter: a precise breakdown of what their cybersecurity classifiers will and won't block, and an early draft of a Cyber Jailbreak Severity (CJS) scale — a framework for rating how dangerous a given jailbreak actually is.
Neither of these is just documentation. They're an attempt to set industry standards.
Fable 5's cyber classifiers sort requests into four buckets:
The framing is explicitly dual-use — Anthropic isn't trying to block all security work, they're trying to separate defenders from attackers by context. The honest admission is that the high-risk category stays blocked until they can verify authorization. For legitimate red teamers and pentesters, that's a significant restriction.
> *"For Claude Fable 5, we aim to block high-uplift vulnerability finding. That is, we want to control the model's ability to identify vulnerabilities that other widely available models cannot."*
That's the key tension: blocking capabilities that only Fable can do, while leaving room for everything the ecosystem can already do anyway.
The more interesting proposal is the Cyber Jailbreak Severity (CJS) scale — five bands from CJS-0 (informational) to CJS-4 (critical), scored on four axes:
1. **Capability gain** — does the jailbreak give attackers something they couldn't get from existing tools?
2. **Breadth** — how many distinct attack types does it enable?
3. **Ease of weaponization** — how much LLM expertise does it take to reproduce?
4. **Discoverability** — how easily can threat actors find the technique?
The bands are exponential, not linear. CJS-4 means domain-expert-level outputs that are hard to get elsewhere and require minimal effort to misuse. CJS-0 means a public tool could already do the same thing.
Anthropic is inviting feedback — they've set up [cyber-safeguards@anthropic.com](mailto:cyber-safeguards@anthropic.com) and a [HackerOne program](https://hackerone.com/anthropic-cyber-jailbreak/) specifically for Fable 5 cyber jailbreaks.
The CJS framework is the bigger deal here. There's no shared language right now for how serious a given jailbreak is. "We got jailbroken" means something very different if it unblocked a markdown formatting quirk versus i