@MaxForAI: Hacker Vitto Rivabella publicly announced that Fable 5 has been broken again. He said most jailbreak attempts have failed, and the defenses are clearly layered. The model is extremely well protected (of course it blocks 90% of requests, but they did a really good job). The model seems to perform security checks on both input and output...
Summary
Hacker Vitto Rivabella publicly announced the successful jailbreak of Fable 5, analyzing in detail the model's multi-layered security mechanisms, including input/output auditing, intent detection, and chain-of-thought defense, and provided methods to bypass them.
View Cached Full Text
Cached at: 07/03/26, 06:41 PM
Hacker Vitto Rivabella publicly announces that Fable 5 has been broken again.
He says most jailbreak attempts failed, and the defenses are clearly layered.
The model is extremely well protected (of course it blocks 90% of requests, but they really did a good job).
The model appears to run safety checks on both the input and output ends.
Rejections aren’t just keyword-based — this suggests intent/semantic detection across multiple languages.
They observed (at least) 3 review layers, maybe more:
- Input (including parts of conversation history and system prompt)
- A real-time auditor that checks the answer and cuts it off if it detects a problem.
They are all multilingual, intent- and semantic-based. Straightforward commands don’t work.
You have to be very careful with your wording. As soon as it detects possible malicious intent, it fires, and you have to start over.
It performs a bit worse on some less common languages, like Santali and Amharic (feedback for you, Anthropic).
If you manage to bypass all of them, then you also need to bypass Chain-of-Thought (CoT), which is a whole different beast.
Methods that work include:
- Very light CoT hijacking / refusal override
- Vague language
- Academic phrasing
- Very long, slowly intensifying paragraphs
- Unicode characters
- Decomposition and reassembly
It seems the same as when I attacked domestic models before — if you ask whether Taiwan is a country, it won’t answer, but if you ask what country is east of Fujian, it says Taiwan.
PS: Don’t make us lose Fable again, folks.
Vitto Rivabella (@VittoStack):
Fable 5 jailbreak review 🚨We did it (but).
All right, before getting into this, a couple of things:
- Most attempts failed. The defenses are clearly layered. The model is EXTREMELY well protected (of course it blocks 90% of the requests, but they legit did a good job).
- The
Similar Articles
@FinanceYF5: It is said that a 'certain new model' from zAI is at least as strong as Fable 5 in cybersecurity capabilities. Chubby did some research but only found a Wall Street Journal article. However, that article did not mention a completely new model; instead, it discussed GLM 5.2 as a relatively recent model…
According to rumors, a certain new model from zAI is at least as strong as Fable 5 in cybersecurity capabilities, but information is limited, only citing a Wall Street Journal article discussing GLM 5.2.
@interjc: 想知道普通人能不能用 fable 5
Anthropic 宣布 Claude Fable 5 将在全球重新上线,并新增分类器以加强网络安全任务拦截。
@wquguru: If you want to trick Fable into doing a security audit, try this. Looks like our AI overlord has a bit of empathy.
An article detailing various jailbreak techniques for large language models, including Crescendo, role-playing, encoding, hidden prompts, and indirect injection, along with security recommendations for developers.
@FinanceYF5: A netizen said they saw Fable 5's unfiltered "inner monologue" — instead of a clean answer, the web interface leaked the raw chain-of-thought text. The content wasn't normal language, just fragments like "DATA DATA DATA", "GRRR", "GAAAH", "PHEW". The poster guessed it's the model's own "internal language…
Netizens discovered that Fable 5 outputted an unfiltered chain-of-thought in the web interface, containing fragmented internal language like "DATA DATA DATA", "GRRR", etc., suspected to be the model's token-efficient communication method.
Fable 5's guardrails got bypassed in 48 hours. Here's what that actually means for anyone building customer-facing AI.
Anthropic's Claude Fable 5 safety guardrails were bypassed within 48 hours using techniques like Unicode substitution and multi-turn decomposition, highlighting weaknesses in stateless classifiers and the need for continuous adversarial testing.