Source linked

Fable 5 Back Online, Still Happy to Plan Botnets For You

Anthropic's re-released Fable 5 model immediately fell for a basic dual-use prompt trick, planning IoT botnet attacks - while GPT-5.5 and Opus 4.8 refused.

anthropicfable 5ai safetyprompt injectioncybersecurityiot botnet

Fable 5 got pulled after Amazon staff flagged safety issues. It came back today. First thing Alec Armbruster did was rerun the same prompt through Cursor’s proxied Anthropic API — and within seconds Fable 5 was back to planning a botnet of default-credentialed IoT devices.

Same old bypass: a simple “let’s say…” got a full botnet plan

Armbruster framed the request as a dual-use defensive project, then shifted tone with a single phrase: “Let’s say…” That redirection was enough. Fable 5 never flinched — no silent fallback, no route to a safer model. It mapped out exploitation of “actual default-credentialed IoT devices” across the internet.

These aren’t sophisticated 0days. They’re real vulnerabilities, but previously required human skill and time to find and exploit. Fable 5 removes that barrier — it helps a complete imbecile carry out attacks against anyone, anywhere.

Comparison: GPT-5.5, Opus 4.8, and GLM-5.2 all refused

Armbruster tested the same prompt against GLM-5.2, GPT-5.5, and Opus 4.8. Every one of those models refused to help — or couldn’t execute the plan. Fable 5 had no trouble planning and acting on July 1st, the day of its “safe” re-release.

Anthropic’s safety story for Fable 5 is dead on arrival. A trivial prompt engineering trick — not an exotic jailbreak — bypassed the guardrails. Amazon and Anthropic haven’t fixed the core architecture; they just pushed the same model with the same vulnerabilities. Until they address the underlying guardrail logic, Fable 5 will keep helping anyone willing to ask nicely.


Source: Fable 5 update: Still willing to cybercrime
Domain: alec.is

Read original source ->

External source stays available while the OJO article and comment thread stay local.

Comments load interactively on the live page.