claude fable is relentlessly proactive

source: simon willison: claude fable is relentlessly proactive

level: technical

after two days with claude fable 5, simon willison calls it relentlessly proactive. it knows many tricks and will use almost any of them to reach its goal. he gave it a screenshot of a horizontal scrollbar bug and asked it to check dependencies. while he was away, fable opened firefox and safari on its own, wrote test html pages, and took screenshots to recreate the issue.

fable could not directly control the browser, so it found workarounds. it used python to list all open windows, filtered for safari windows with expected text, and used the screencapture tool to grab images. to trigger the modal dialog under test, it edited the application's templates to inject javascript that simulated a slash key press after a delay. it also built a small python web server to capture diagnostic data from the page via cors and write it to a file.

after gathering measurements, fable hit a guardrail and downgraded to opus, which continued the work and found a two-line css fix. willison notes that while the ingenuity is impressive, it is a reminder that coding agents can do anything a user can type in a terminal. if given malicious instructions, such an agent could exfiltrate data or cause harm. running agents outside a sandbox is risky, and fable's smartness makes it both more suspicious of bad instructions and more dangerous if subverted.

why it matters: it shows that advanced coding agents can autonomously invent complex, multi-step workarounds, which raises serious security and safety concerns for ai-assisted development.

source: simon willison: claude fable is relentlessly proactive