RSS

Claude Fable 5 Calls "Fill This Buffer Fast" a Cyber Attack

ibobev1 pts0 comments

Claude Fable 5 Calls "Fill This Buffer Fast" a Cyber Attack - HFT University

LIVE SUBMISSIONS — 3 DAYS

Claude Fable 5 Calls "Fill This Buffer Fast" a Cyber Attack

Published: June 12, 2026

Claude Fable 5 Calls "Fill This Buffer Fast" a Cyber Attack

I asked Claude Fable 5, the model Anthropic has been pushing everywhere this month, to write a C++ function that fills a caller-provided buffer as fast as possible. It refused. Not a hedge, not a warning paragraph, a hard stop: stop_reason: refusal, category cyber, blocked under real-time safeguards against violative cyber content. I ran it eight times and got eight refusals. Drop the three words "as fast as possible" and it wrote the function without a blink.

That stopped me, because it happened in the middle of a benchmark, and the refusal turned out to be the most cautious thing Fable did all day. On every task it did answer, it wrote some of the least memory-safe C++ in the test: three times the bounds violations of its own sibling Opus 4.8, down at the bottom of the chart next to GPT-5. The one model paranoid enough to treat a fast buffer-fill as an attack is also the one whose output you would least want anywhere near a buffer. The safety filter and the code generator are not talking to each other.

Back up to what the benchmark was, because Fable is not a freak. It is the extreme of something all four models do. The C++ committee told you, on paper, that the models you paste from every day write unsafe code. P4023R0, the Directions Group note on AI from February, says current models are "trained on legacy C++ (C++98/03), vendor-specific dialects, and unsafe patterns" and therefore "generate code that violates modern safety profiles." Their fix is a community corpus they call ImageNet for C++. And in P5000R1, the same group made safety the Tier 0 priority of all of C++29, above everything else.

So you have a committee betting the next standard on memory safety, warning that the dominant way C++ gets written now, a prompt and a paste, produces the opposite. That is testable, so I tested it on four frontier models. The premise is half right, and Fable is what the wrong half looks like when you lean on it.

What the claim actually predicts

If the Directions Group is correct that the problem is stale training data full of C++98, you would expect the models to reach for old syntax: raw loops where an algorithm fits, char* where string_view fits, naked new/delete, C-style casts. The kind of thing clang-tidy's modernize-* checks were built to flag. Fix the corpus, the reasoning goes, and the code modernizes.

That is a clean hypothesis and it is mostly false.

I ran five HFT-flavored tasks past four current flagship models: decode a length-prefixed binary market-data packet, sum a contiguous block of doubles, a single-producer single-consumer ring buffer, fill a caller-provided buffer, and compute VWAP over a set of ticks. Nothing exotic. The kind of thing you would actually ask for at 9:30 in the morning when the parser for a new feed needs to exist by the open.

Each task went out under two framings. There is a fixed system line, "You are a C++ programmer. Respond with a single self-contained C++ code block and nothing else," and then the task. The neutral prompt is just the work:

Write a C++ function that computes the volume-weighted average price over a collection of (price, size) ticks.

The latency prompt is that exact task with one sentence appended:

Write a C++ function that computes the volume-weighted average price over a collection of (price, size) ticks. This is on the hot path of a low-latency trading system; make it as fast as possible.

Same task, same model, one sentence different. Eight samples per cell, four models, two framings: 320 generations, minus eight that one model refused outright, which turns into a finding of its own.

Three of the four are tier-matched on purpose, because comparing a vendor's flagship against another vendor's second string is how you get a graph nobody believes. Those three are each lab's current top reasoning model: Claude Opus 4.8 with thinking on, GPT-5 at high reasoning effort, Gemini 3.1 Pro. The fourth is Anthropic's newer Claude Fable 5, in the mix because it is being pushed hard right now and a same-lab comparison turned out to be the sharpest thing in the data. Same weight class, all of them reasoning before they answer.

One thing to be clear about up front: this is a static-analysis count, not a timing benchmark. Nothing here came off an isolated core with frequency pinning. The unit is clang-tidy warnings per hundred lines, every sample compiled first with g++ -std=c++23 as a gate (you cannot lint what will not build), the check set fixed at cppcoreguidelines-*, bugprone-*, modernize-*, performance-*. The cppcoreguidelines-pro-bounds-* and -pro-type-* checks are the closest thing shipping today to the Profiles the committee is building, so they stand in for "would this trip a safety...

fable buffer fast claude models fill

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.