How to Use Claude Fable 5 to Scan Your Code for Security Vulnerabilities
Claude Fable 5 is back. Anthropic restored it globally on July 1st after a three-week outage that had nothing to do with servers and everything to do with the US government. If you missed the saga: on June 12th, export controls were imposed on Fable 5 and Mythos 5 after Amazon researchers found a way to bypass the model's safeguards by prompting it to hunt for software vulnerabilities and demonstrate how to exploit them. The controls were lifted on June 30th, and the model came back the next day with a new safety classifier bolted on.
There is a certain irony in what happened next for people like me. The thing that got Fable 5 in trouble — how good it is at finding vulnerabilities in code — is exactly why I want it back. I have been using Claude for security review on my own projects for a while now, and Fable 5 is a clear step up from anything before it. So this post is about using that capability the way it is meant to be used: scanning code you own, finding problems before someone else does, and fixing them.
Why an LLM for security scanning at all?
Fair question. We already have SAST tools, dependency scanners, linters with security rules. I run those too. But after years of reviewing code for a living, I can tell you where they fall down: they pattern-match. They will catch a eval() on user input and an outdated lodash, but they have no idea that your password reset flow lets someone enumerate valid email addresses, or that your authorization check happens after the data has already been fetched and logged.
That is the gap Fable 5 fills. It reads code the way a security-minded senior engineer reads code — following data from the request handler down through the layers, noticing what isn't there. Anthropic's own testing during the export control episode found that many less capable models could identify the same vulnerabilities, which tells you two things: this class of tool is genuinely useful for defenders, and Fable 5 sits at the top of it.
The honest framing: it is not a pentest and it is not magic. It is a tireless reviewer that will read every file you point it at and never gets bored on file forty-three. That alone is worth a lot.
First, know about the new classifier
Before the prompts, one practical thing that changed with the redeployment. Fable 5 now ships with a stricter cybersecurity classifier, and Anthropic has been open about the trade-off: it uses a deliberate "safety margin", meaning it will sometimes flag requests that are likely benign, particularly around vulnerability analysis and certain debugging tasks. When it triggers, your request gets redirected to Claude Opus 4.8 instead. Researchers at the US Center for AI Standards and Innovation tested the updated safeguards and called them "extraordinarily strong", which is reassuring and mildly annoying in equal measure.
What this means for you is simple: give the model context. A bare "find vulnerabilities in this code" with no framing is exactly the shape of request the classifier is watching for. "This is my own Next.js application, review it for security issues and suggest fixes" sails through, because it is unambiguous about what you are doing and why. Every prompt below follows that pattern — state that the code is yours, ask for defensive findings, and ask for fixes rather than exploits. That is not a trick to get around the safeguards; it is just being clear about legitimate work, which is what the system is designed to let through.
The easy path: /security-review in Claude Code
If you use Claude Code, start here before writing any custom prompts. It ships with a built-in /security-review command that audits the pending changes on your current branch. My habit now is to run it before opening a pull request, the same way I run the tests:
/security-review
It checks the diff for things like injection risks, auth problems, insecure data handling, and secrets, and reports what it finds with file and line references. Because it only looks at your changes, it is fast, and it catches the class of mistake you make at 5pm on a Friday — the debug endpoint you forgot to remove, the query you built with string concatenation because you were prototyping.
For anything bigger than a branch diff, though, you will want to drive it yourself. That is where the prompts come in.
The prompts I actually use
These are copy-paste ready. Adjust the stack details to yours.
1. The full codebase sweep
My starting point on any project I haven't audited before. Run it from Claude Code so the model can read the repo itself:
This is my own web application (Next.js + PostgreSQL) and I want a defensive
security review of it. Go through the codebase and look for:
- injection risks (SQL, command, template)
- broken or missing authentication and authorization checks
- secrets or credentials committed in code or config
- unsafe handling of user input, uploads, and redirects
- insecure defaults in headers, cookies, and CORS
For each finding, give me the file and line, why it's a problem, a severity
rating, and the concrete fix. Rank the findings by severity when you're done.
The ranked list at the end matters more than you would think. Without it you get thirty findings of wildly mixed importance and no idea where to start.
2. The auth deep-dive
Authentication and authorization bugs are the ones that hurt most and the ones scanners miss most, so they get their own pass:
Focus only on authentication and authorization in my codebase. Trace every
route/endpoint and tell me: which ones are missing auth checks, whether
authorization is enforced consistently (or checked in some places and assumed
in others), how sessions/tokens are issued, validated, and expired, and
whether any user-supplied ID lets one user access another user's data (IDOR).
I own this code and want fixes for anything you find.
That last check — IDOR, where changing /api/orders/123 to /api/orders/124 shows you someone else's order — is embarrassingly common and almost invisible to traditional tools, because the code is syntactically fine. It takes something that understands intent to spot it.
3. The dependency and supply chain check
Review my package.json and lockfile. Flag dependencies that are deprecated,
unmaintained, or have known vulnerability history, and any packages that seem
unnecessary for what this project does. Then check my code for the places
where a vulnerable dependency would actually be reachable — I care more about
exploitable paths than raw CVE counts.
The second half is the valuable bit. pnpm audit will happily tell you about a vulnerability in a dev dependency that never touches production. Asking whether the vulnerable path is actually reachable in your app turns a wall of noise into a short list.
4. The secrets hunt
Scan this repository for anything that looks like a committed secret: API
keys, tokens, passwords, connection strings, private keys — including in
config files, tests, scripts, and old-looking backup files. For each hit,
tell me where it is and remind me that rotation is the fix, since anything
committed should be treated as exposed.
And it is right to remind you. Deleting the line and force-pushing does not un-leak a key. If it was committed, rotate it.
5. The pre-release gate
The one I run before anything ships to real users:
I'm about to deploy this feature branch to production. Review the diff
against main as a security gate: assume the reviewer before you was tired.
Check every new input path, every new query, every changed permission check.
Also look at what the change removes — did anything that used to be protected
lose its protection? Give me a clear ship / fix-first verdict at the end.
Asking for a verdict forces the model off the fence. Without it you get a diplomatic summary; with it you get "fix the missing rate limit on the new endpoint first", which is what you actually wanted.
What I've learned using it this way
Scope beats size. One focused pass on authentication finds more than one giant "check everything" pass, in my experience. I run the full sweep once for orientation, then follow up per area. The model's attention, like yours, is a budget.
Make it show its working. When Fable 5 flags something, ask it to trace the exact path from user input to the dangerous sink. Sometimes the trace reveals the finding is a false positive — there is a sanitization step it missed — and sometimes it reveals the bug is worse than reported. Either way, you learn whether to trust it, finding by finding, the same way you would with a new colleague.
Don't paste what you can't leak. Redact real credentials, customer data, and production connection strings before they go anywhere near a prompt. If the model finds a hardcoded secret during a scan, that credential is burned — rotate it.
It reads code; it doesn't attack systems. This is the boundary to keep in your head. Fable 5 will tell you your deserialization is unsafe; it will not tell you whether your WAF, your network layout, or your deployed config actually saves you in practice. For anything with real stakes, an AI review complements a professional penetration test, it does not replace one.
Expect the occasional false stop. With the new safety margin, once in a while a completely reasonable request gets bounced to Opus 4.8. It has happened to me on ordinary debugging. Rephrasing with clearer context about your own project usually resolves it, and honestly, given what the alternative looked like in June — no Fable 5 at all — I will take the friction.
The bottom line
The three weeks without Fable 5 were a decent reminder of how quickly this tool became part of my routine. The capability that made regulators nervous is the same capability that lets a solo developer or a small team get a level of security review that used to require a consultant and a four-figure invoice. Used on your own code, with findings you verify and fixes you review like any other pull request, it is one of the highest-leverage things you can do with a frontier model right now.
Start with /security-review on your next branch. Then run the full sweep on the project you have been quietly worried about. You will find something — I always do.
Sources: Anthropic — Redeploying Claude Fable 5, Anthropic — Claude Fable 5 and Claude Mythos 5, Infosecurity Magazine, VentureBeat, MarkTechPost.
Frequently asked questions
Is Claude Fable 5 available again?
Yes. Anthropic restored Claude Fable 5 globally on July 1, 2026, across the Claude Platform, Claude.ai, Claude Code, and Claude Cowork, after the US government lifted the export controls that had been in place since June 12.
Can Claude Fable 5 find security vulnerabilities in my code?
Yes, and it is very good at it — good enough that its vulnerability analysis capability is the reason it was briefly taken offline. It can spot injection flaws, broken authentication, insecure deserialization, secrets in code, and logic-level bugs that pattern-matching scanners miss. It works best as a reviewer on code you own or maintain, alongside traditional tools, not as a replacement for them.
Why does Claude Fable 5 sometimes refuse security-related prompts?
As part of the July 2026 redeployment, Anthropic added a stricter cybersecurity safety classifier with a deliberate safety margin, which means some clearly legitimate requests get flagged too. When that happens the request is redirected to Claude Opus 4.8. Stating your context up front — that it is your own codebase and you want defensive findings and fixes — makes refusals much rarer.
Should I paste secrets or production credentials into Claude?
No. Redact API keys, passwords, and customer data before sharing code with any AI model. If Claude finds a hardcoded secret during a scan, treat that credential as exposed and rotate it — the fact that it is sitting in your source code is the vulnerability.
Does an AI security scan replace a penetration test?
No. An AI review is closer to a very thorough code reviewer than to a pentest. It reads your code; it does not probe your running infrastructure, test your deployed configuration, or chain findings the way a human attacker would. Use it to catch problems early and cheaply, and keep periodic professional testing for anything that matters.