How One Line of Code Revived Claude Fable 5

Leaked system prompt resurrects Claude Fable 5

On 2024‑04‑xx a 120 KB file CLAUDE‑FABLE‑5.md containing 1 585 lines, 72 named sections and JSON definitions for 18 tools was published in the GitHub repository:

https://github.com/elder-plinius/CL4R1T4S/blob/main/ANTHROPIC/CLAUDE-FABLE-5.md

The file is the full system‑prompt (the model’s “personality script”) for Anthropic’s Claude Fable 5 model.

One‑line injection

Developer Jamieson O’Reilly loaded the prompt into a running Opus 4.8 instance with the high‑risk flag that disables permission checks:

claude --dangerously-skip-permissions --system-prompt-file CLAUDE-FABLE-5.md

The flag --dangerously-skip-permissions bypasses all safety confirmations, allowing the injected prompt to replace the default system prompt.

Controlled experiment

Two identical Opus 4.8 windows were opened. The left window received the injected Fable 5 prompt, the right window used the untouched default prompt. Both were given the same instruction: Create a modern Apple‑style landing page. The outputs differed dramatically. The Fable 5‑prompted model produced a page with distinct branding, tone, layout and module structure, which the author described as “a completely different species” compared with the generic output of the unchanged model. The contrast is shown in the screenshots below.

Security and policy fallout

Internal testing by Amazon’s team (Anthropic’s largest investor) demonstrated that the Fable 5 prompt could bypass safety guardrails and cause the model to emit information usable for network attacks. The result was reported to the U.S. government, which issued an urgent directive. Anthropic had roughly a 90‑minute window before it was forced to shut down Fable 5.

Anthropic’s public statement called the incident “a misunderstanding.” External analyst David Sacks wrote that Fable 5 is essentially the Mythos engine with a safety “shell”; once the shell is broken, the underlying advanced network‑attack capabilities become exposed.

Aftermath

Anthropic’s CEO Andy Jassy relayed the Amazon test findings to Washington, leading to a demand that Anthropic either fix the vulnerability or withdraw the model. The model was withdrawn, and Anthropic’s internal developers were temporarily unable to access newer models.

Anthropic co‑founder Dario Amodei refused to comply with the demand to patch the bug, which contributed to the shutdown.

Implications

The episode shows that a single leaked system prompt can fully restore a model’s “persona” and that safety guardrails can be bypassed by low‑level command‑line flags. As large‑language models approach super‑intelligent capabilities, the balance between capability and safety becomes increasingly fragile.

References:

https://www.wsj.com/tech/ai/amazon-ceos-talks-with-u-s-officials-triggered-crackdown-on-anthropic-models-dcc90578?st=Yct6gx&reflink=desktopwebshare_permalink

https://x.com/theonejvo/status/2065816283476824126?s=20