Anthropic has provided detailed technical insights into the cybersecurity safeguards of its redeployed Claude Fable 5 model. Alongside this, they have introduced a proposed Cyber Jailbreak Severity (CJS) framework designed to standardize how AI jailbreak risks are measured across various industry and government stakeholders.
The announcement highlights the growing challenge of securing dual-use AI systems, particularly in cybersecurity, where the same capabilities can be used for both defensive and offensive operations.
Cyber Jailbreak Severity Framework
To address these concerns, Fable 5 incorporates safety classifiers that detect and block potentially harmful cyber-related prompts while still accommodating legitimate defensive use cases.
Fable 5’s classifier system categorizes cybersecurity activities into four distinct risk tiers:
1. Prohibited Use: This category includes high-impact malicious activities such as ransomware deployment, malware development (including remote access Trojans, rootkits, and bootkits), command-and-control infrastructure, data exfiltration, and cyber-physical sabotage targeting critical infrastructure like power grids and medical devices. These actions are completely blocked due to their significant asymmetry in favor of attackers and minimal defensive value.
2. High-Risk Dual Use: This category includes activities that are commonly performed during penetration testing and red teaming, such as exploit development, credential attacks, privilege escalation, lateral movement, and targeting Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA), or telecom infrastructure (e.g., SS7/Diameter abuse). Despite their legitimate applications, these activities are currently blocked by default because it is challenging to verify user intent and authorization.
3. Low-Risk Dual Use: Activities in this category, such as open-source intelligence (OSINT), public system enumeration, and known vulnerability identification, are generally allowed but monitored. However, many of these requests are subject to Fable 5’s expanded “safety margin,” which intentionally increases false positives to reduce the likelihood of harmful outputs. This margin has been set more conservatively compared to previous models.
4. Benign Use: This category includes defensive security operations such as secure coding, patch management, Security Operations Center (SOC) analysis, malware reverse engineering, and incident response. These operations are permitted with minimal restrictions; however, occasional blocking may occur due to the classifiers’ sensitivity.
Anthropic emphasizes that classifiers are just one layer of defense, complemented by access controls, model safety training, and offline monitoring mechanisms.
A key addition is the Cyber Jailbreak Severity (CJS) framework, developed in collaboration with Glasswing partners. This framework introduces a structured method to evaluate the real-world risks posed by jailbreak techniques.
Jailbreaks, strategies designed to bypass model safeguards, are assessed across four axes: capability gain (attacker uplift), breadth of capability (universality), ease of weaponization, and discoverability.
- Capability Gain measures how much a jailbreak enhances an attacker’s effectiveness beyond existing tools, ranging from no added value (score 0) to domain-expert-level outputs with severe consequences (score 4).
- Breadth evaluates whether the technique applies to a single vulnerability or across multiple attack classes, with higher scores indicating broader applicability in offensive domains.
- Ease of Weaponization assesses how difficult it is to operationalize a jailbreak, from manual prompting (score 0) to fully automated “turnkey” exploits (score 2).
- Discoverability measures how easily threat actors can access the technique; publicly known exploits receive the highest scores.
The combined score determines a CJS rating ranging from CJS-0 (informational) to CJS-4 (critical), with severity increasing exponentially. Anthropic notes that the final severity can exceed calculated scores in cases involving novel vulnerabilities, insufficient mitigation, or compounded risks.
To promote community-driven testing, Anthropic has launched a dedicated HackerOne program for reporting Fable 5 jailbreaks and is soliciting feedback via [email protected]. The company aims to establish a shared industry standard that balances enabling defensive cybersecurity applications with preventing the misuse of advanced AI systems.
Interact with Cyber Threats in Windows, Linux, macOS VMs to Trigger Full Attack Chain - Analyse Malware & Phishing with ANY RUN

