Lesson 18 · Claude Mastery Pro ~9 min read For individuals & teams

Fable 5's safeguards and your data: what actually changed.

Two real changes shipped with Fable 5 that affect how you use it — and that the marketing glosses over. Some of your requests now get answered by a different model, and business traffic is retained for 30 days. Here's the plain version, why it's happening, and what to do about it.

Why this lesson exists

We're independent — not paid by Anthropic — so we'll tell you the parts a vendor wouldn't lead with. Neither of these changes is a scandal. But if you're putting real work, or your company's data, through Fable 5, you should understand them rather than discover them mid-task. Honesty about the tools is the whole point of learning them here.

01 Some requests get answered by Opus 4.8, not Fable

Fable 5 is a Mythos-class model, which means in the wrong hands its capabilities — especially in cybersecurity and biology — could genuinely help someone cause harm. To release it to the public safely, Anthropic added a layer of safety classifiers: separate systems that screen each request before Fable answers.

When a classifier flags a request as touching cybersecurity, biology/chemistry, or model "distillation" (attempts to copy the model's abilities), the request is automatically handled by Claude Opus 4.8 instead — and you're told it happened. Opus 4.8 is a very capable model in its own right, so this is a fallback, not a refusal.

The catch: it sometimes catches harmless requests

Anthropic deliberately tuned these classifiers broad so they could ship Fable quickly and safely, which means they err toward caution. Their own data says fewer than 5% of sessions hit a fallback at all — but if you work in security, biology, healthcare, or chemistry, you may bump into it on perfectly legitimate questions. If you ever see a "this was handled by Opus 4.8" notice on something innocent, now you know why: a conservative filter, not a judgment about you. Anthropic says it's working to narrow the false positives over time.

If a fallback gets in the way of legitimate professional work, the practical move is to rephrase toward your actual goal and away from language that reads as offensive-security or wet-lab procedure. And know that the fallback model is still strong — you're not losing access, you're getting a slightly different answer.

02 Business traffic is retained for 30 days

The second change matters most for teams. For Mythos-class models like Fable 5, Anthropic now requires 30-day retention of all traffic — including business traffic, on both Anthropic's own surfaces and third-party ones.

What Anthropic says about it:

The data is used to detect novel attacks and jailbreaks and to identify false positives in the safeguards — a safety purpose, not a product one.
It won't be used to train new Claude models, or for any non-safety purpose.
Human access to it is logged, and it's deleted after 30 days in almost all cases.

This is a real change from the data handling some businesses signed up for, and it applies to the most capable models going forward. It's not unreasonable — retaining traffic is genuinely how you catch attacks that play out across many requests — but it's a fact your company's policy should account for, not learn about after the fact.

03 What to actually do about it

If you're an individual user

Keep treating any consumer AI as not the place for true secrets — passwords, unreleased financials, anything you'd be harmed by if it leaked. That was already good practice; it didn't change.
Don't be alarmed by an Opus 4.8 fallback. It's a different capable model answering, and you're told when it happens.

If you own your team's AI policy

Read the retention terms before routing sensitive material through Fable 5 or future Mythos-class models. Decide which categories of company data are allowed and which aren't.
Write the rule down in plain language for your team — "fine for X, never for Y" — so nobody has to guess. Our Secure Your AI Use build walks through writing exactly this kind of policy.
Match the model to the sensitivity. For routine, non-sensitive work, a model like Sonnet may not carry the same retention requirement and is often the right call anyway (see Lesson 17). Check the current terms for each model — they evolve.

The honest takeaway

More capable models come with more safety machinery — that's the trade for putting Mythos-class power in public hands, and on balance it's the right trade. Your job as a user isn't to fear it; it's to know it's there, work with the fallbacks, and keep genuinely sensitive data out of any tool whose retention terms you haven't read.

Final challenge: write your one-line rule

In a single sentence, write the rule for your own use (or your team's): what you'll put through Fable 5, and what you won't. Example: "Fine for analysis, drafting, and public data — never customer PII, contracts, or anything covered by an NDA." That one line, written down, prevents most AI-data mistakes before they happen.

Back to Claude Mastery → Build an AI policy →

What you can do now

Explain why Fable 5 routes some requests to Opus 4.8, and recognize it when it happens
Know that the safeguards err broad, and why harmless requests sometimes trip them
Understand the 30-day retention policy for business traffic — purpose and limits
Decide what company data is and isn't allowed through Mythos-class models
Keep genuinely sensitive information out of tools whose terms you haven't read

Free

Keep going

You've finished the Fable 5 series

You now understand what Fable 5 is, how to delegate to it, which Claude to use when, and how its safeguards and data handling work. Next, put the judgment to work across every AI in our free AI Foundations track. See the full Claude track →