Start with the sentence as Anthropic published it: “Our early data shows that more than 95% of Fable sessions involve no fallback at all.” The mechanism it summarizes is disclosed, not hidden. When Fable 5's classifiers flag a request related to cybersecurity, biology and chemistry, or distillation, the response is handled by Claude Opus 4.8 instead, and Anthropic commits to informing users whenever that occurs. Credit where it is due: by our reading of the precedent landscape, no frontier vendor had ever published a production intervention rate for a flagship model. The nearest mechanism precedent — OpenAI's 2025 safety routing — published no rate at all. As an act of disclosure, this is best in class.

Now examine the number as an instrument. It is denominated in sessions, and no Anthropic surface defines what a session is — the companion paper checked the announcement, the full system card, the support article, and the platform documentation. It rests on what Anthropic calls “our early data”: pre-launch measurement, taken before the classifiers the company says it will keep tuning after launch. It is a one-sided bound with no per-category breakdown, even though Anthropic separately states that most biology and chemistry requests currently fall back. It carries no commitment to ever be refreshed. And no outside party has examined the telemetry behind it.

So mark what you, the customer, cannot do with it. You cannot compute your own version, because the unit is undefined and the data is the vendor's. You cannot check the vendor's version, because no audit or replication path exists. And when a harmless request trips the classifier, you cannot appeal — there is a notification, and the loop ends there. Mainstream coverage relayed the figure essentially verbatim. None of these questions were asked. We think they are the only questions that matter.

Launch week supplied the story that shows why the global number cannot govern. SANS Institute's Rob T. Lee reported that routine incident-response, detection, and basic forensics workflows were automatically routed from Fable 5 to Opus 4.8 in his initial testing, and that the classifiers broadly identify cybersecurity-related requests rather than attempting to distinguish benign work from malicious. Anthropic's response was that the tuning is intentionally conservative.

Hold that against the average. A figure computed over all sessions includes every workload that never goes near a trigger domain — marketing copy, customer support, general coding. Triggers concentrate where the work touches security, biology, or chemistry. As arithmetic, a global rate under 5% is fully consistent with a security shop seeing flags on 40% of its own sessions. The average says nothing about your tail, and your workload is not an average.

The economics follow. Fable 5's published rate card is exactly double Opus 4.8's. A workload living mostly on the fallback path pays the Fable 5 premium for Opus 4.8 answers — and launch commentary drew the obvious conclusion: above some trigger rate, routing that workload straight to Opus 4.8 is cheaper and, on the vendor's own account, equivalent. Your rate is not the vendor's rate. The vendor's number cannot tell you what your rate is.

A vendor publishing a rate about its own enforcement system is not a new genre. Content moderation has done it quarterly since 2018, and that field converged on what a credible version contains. Meta's enforcement reports carry a defined denominator, an exposure-weighted prevalence figure, a per-policy breakdown, a fixed cadence, and appeal-and-restore counts. YouTube publishes its violative-view rate, detection splits, and reinstatements. And the critics are still not satisfied: the standing objection is that platforms withhold precision and recall — how often the system fires wrongly, and how much it misses — even though they calculate both internally.

Score the Fable 5 metric against that grammar and it satisfies none of the five elements. No defined denominator. No exposure weighting. No per-category breakdown. No cadence. No appeal channel — the notification tells you an intervention happened, which is more than moderation offered in 2018, but there is no path to contest a wrong flag. Content moderation needed seven years to climb from raw action counts to the reporting it publishes now, and its critics say it is still not enough.

One more thing sits outside the number entirely. The same release's system card discloses a fourth safeguard the announcement never mentions: requests touching frontier-LLM development are degraded — no fallback, no notification, no trace you could observe — at a rate Anthropic estimates at roughly 0.03% of traffic. The headline metric excludes it, and by construction nobody outside the vendor can measure it. A reader of the launch post alone would conclude that every intervention is visible. Only the system card corrects them.

None of this leaves you helpless, because the disclosed channels are observable. Consumer surfaces show a switch notice and label each response with the model that produced it. On the API, a flagged request is blocked by default and returns a structured refusal naming the category; if you opt in to server-side fallback, the substitution is recorded in the response itself. Everything below is built from signals the vendor already exposes. It is the discipline we recommend — not a shipped product.

One channel stays out of reach. The unnotified degradation of frontier-LLM-development requests leaves no signal to log, so no telemetry of yours can find it. Carry it as residual risk, named in the register, because only vendor reporting or a third-party audit can close it.

A disclosed metric you can re-derive locally is governance. A press-day bound you must take on faith is marketing with better manners. The Fable 5 number sits closer to the second than the first — and it is still the most transparent number any frontier vendor has attached to a launch, which is exactly why its form is worth contesting now, before it hardens into the industry template. A vendor that publishes a weak number can be asked for a better one. A vendor that publishes none cannot.

So ask. Put the open questions in the next vendor review: what is a session, on what cadence will the figure be refreshed, which trigger categories drive it, and who outside the company has examined the telemetry. Treat every unanswered question as monitoring scope your own team must cover — which is what the four steps above do. The vendor graded itself and published the grade. Your job is to run the exam on your own traffic.