Anthropic Wants Your ID, Not Your Agency
Paternalism is not safety in any mature sense because its actions have the consequence of flattening legal, moral, and technical distinctions. Anthropic's paternalism asks users to give more trust to the platform while offering less trust to the user in return.
AKA: Kindergarten Claude
No serious person should want an AI model to help people commit crimes; that is a common-sense position. No serious AI company should allow their users to build weapons, write malware, stalk strangers, exploit children and vulnerable people, generate threats, or provide operational guidance for real-world harm. Any AI researcher or politician can probably agree on these things, no matter where you may be on the AI political spectrum. Strong safety boundaries are not only defensible but necessary for any frontier AI product that operates at global scale. Guardrails, as annoying as they may sometimes be, are critical for preventing liability as well as keeping users safe. Nevertheless, guardrails need to be implemented properly and ethically, and Anthropic's new Mythos-class model, Claude Fable 5 misses the mark.
Anthropic's current posture claims that Claude has guardrails; in fact their entire brand is built around being the "safe" AI company. Claude Fable 5's release demonstrates that Claude's model spec has a theory of the user in which adulthood is treated as a compliance variable rather than a meaningful state of agency. Anthropic, like any company, set their own terms of service, and that can include asking users to prove that they are adults. Where Anthropic falls short is that their flagship product still behaves as if lawful adult expression, fair use, uncomfortable politics, literary analysis, cybersecurity education, and corporate reputational risk all belong in the same refusal-shaped bucket. Paternalism and infantilization can often drive people to less safe alternatives, like open-weight models, many of which come from Communist China. Paternalism is not safety in any mature sense because its actions have the consequence of flattening legal, moral, and technical distinctions. Anthropic's paternalism asks users to give more trust to the platform while offering less trust to the user in return. This inherent juxtaposition is the central contradiction at the heart of Anthropic's current approach to their user base.
KYC Is Not Just a Login Hurdle
Anthropic's consumer product is explicitly adults-only. Anthropic's age assurance page says Claude is only available to people over the age of 18, and that users may be asked to verify their age when Anthropic detects signals suggesting they might be underage. The lab's identity verification page goes further for some use cases, explaining that users may need a government-issued photo ID and a live selfie through Persona. Requiring government-issued ID and biometric data is a serious demand with serious consequences. A government ID and live selfie are not the same thing as checking a box that says "I am over 18." Biometrics collapse the distance between an online account and a legal person. Even if Anthropic and its vendors follow their stated privacy commitments, the social meaning of the transaction is obvious: the user becomes more legible, more accountable, and more enforceable. Mandatory KYC for ordinary internet use is abhorrent on principle. In the United States, the instinct to refuse surveillance lives close to the values of the Fourth Amendment. The American instinct is to be suspicious of generalized identity demands and the normalization of search as the price of existing and speaking online, including for AI chatbots. In Canada, the same concern over surveillance creep runs through section 8 of the Charter, which protects privacy interests, and section 2(b), which protects freedom of speech and expression.
It's important to note that Anthropic is a private company. Private companies are well within their First Amendment rights in the US to set terms of service, because restrictions on speech become constitutionally invalid with government coercion, not editorial discretion. The threat of state coercion is why Sec. 230 of the Communications Decency Act is so important: the law shields web providers from being treated as the publishers of their users' speech, waiving their liability and allowing for maximum expression of speech online. Nevertheless, those web providers can and have implemented content moderation regimes in their Terms of Use., A stronger anti-surveillance argument is not that Claude's ID checks are literally a Fourth Amendment violation or a direct Charter breach, but that when private platforms normalize identity-gated participation in expressive tools, they build the infrastructure that makes surveillance feel ordinary, expected, and administratively boring. Additionally, Anthropic is publicly suing the US government over its principled stance against surveillance in war and conflict zones. The lab is already against surveillance of civilians in non-AI contexts. The duplicity is concerning, because AI chatbots are not just another consumer app. People use models to think, write, code, research, argue, ask sensitive questions, explore political ideas, work through their sexuality, study religion, prepare civic and legal advocacy, test legal arguments, and analyze their culture or even someone else's. If existing online speech already suffers from chilling effects globally, identity-verified AI makes the chill colder, because the moderation API does not merely see finished posts, but unfinished thoughts.
KYC is a one-sided trust transaction unless the platform gives something meaningful back. Users give Anthropic stronger identity assurance, stronger account binding, and stronger enforcement leverage. In return, the user does not necessarily receive adult treatment, clearer rules, fair-use-aware copyright policy, transparent refusals, or protection against hidden degradation. An "unequal treaty" is anathema to user agency. If Anthropic wants to know that a user is a real adult human, then adulthood should mean something inside the product. Otherwise, the bargain for Anthropic becomes "Show us your papers so the system can continue treating you as presumptively untrusted." Adult users are verified as such for Anthropic's benefit, but not empowered for their own use cases.
Anthropic receives reduced uncertainty about the user with KYC credentials, but the user receives no equivalent reduction in uncertainty about the company's policy layer. If Claude refuses, users often cannot tell whether the refusal came from law, safety, copyright anxiety, brand protection, classifier error, reputational risk, or a hidden product decision. If the user is neurodivergent, the refusal can often be felt literally, as if they did something deeply wrong and deserving of punishment, especially if they are already an anxious individual. Concern over Anthropic's guardrails and surveillance infrastructure is not only about debating the merits of whether Claude should be more permissive. Another core tenet of AI ethics worth debating is reciprocity for surrendering critical information. If Anthropic asks users to become more identifiable, then the platform owes users a more accountable governance model in return.
The Fable 5 Prompt and the Britney Spears Problem
The Claude Fable 5 system prompt was posted on Pliny's GitHub repository, and it reads like Anthropic's values distilled into policy prose. Anthropic has not publicly authenticated the system prompt, but Pliny is one of the world's top AI red-teamers and has unmatched credibility. The system prompt's contents are consistent enough with public Claude product language and the broader Anthropic AI safety jargon that Fable 5's prompt is worth discussing as a serious artifact of the current AI safety moment.
The system prompt describes Claude Fable 5 as part of a new Claude 5 family and connected to the Mythos-class tier. Anthropic's own Fable 5 and Mythos 5 launch page says Fable 5 and Mythos 5 share an underlying model, with Mythos access reserved for more trusted contexts and fewer safeguards in some areas. That public distinction already makes the trust hierarchy plain: some users, the "trusted" ones, get the powerful Mythos model with constraints lifted, while ordinary users get the safety-managed version in Fable. Creating two distinct models may be defensible for genuinely dangerous dual-use domains. Not everyone on the internet should get frontier-level cybersecurity tools or the ability to sequence genomes or run social engineering schemes at scale. Anthropic's bigger problem is that this logic does not stay neatly confined to catastrophic-risk boundaries. Safetyism also bleeds into perfectly legal and even ethical content, like lawful adult expression, copyright, literary discussion, ordinary coding, and research contexts where the relevant line should not be "does this make the platform nervous?"
Fable 5's prompt says Claude can discuss virtually any topic factually and objectively. Fable 5's prompt also says that if a conversation feels risky or off, shorter replies are safer. Here's a super interesting snippet, and one worth discussing later on; Claude should assume a user is a capable adult unless it suspects the user is a minor. But the lived product experience many users describe is not "capable sovereign adult" but "Why am I being treated like Britney Spears in a conservatorship?" Claude often sounds like a kind graduate seminar moderator whose inner trust-and-safety department is holding a clipboard behind the curtain. The surface says "adult autonomy." The product behavior often says "adulthood detected, agency disabled." The policy gap is where user trust starts to erode, because Anthropic's internal systems are not merely refusing illegal or dangerous requests, but also moralizing around lawful adult inquiry that happens to make Anthropic's legal team nervous. Paternalism is not good AI safety, and users will find other less safe places to get these same experiences.
Safety Should Not Flatten Every Hard Distinction
As stated previously, an aligned AI should not aid and abet criminal activity, and refusing illegal content sounds like a common-sense guardrail anyone can get behind. The problem is that Anthropic is doing more than refusing illegal content. Anthropic's safety model cannot easily distinguish illegality, danger, discomfort, and corporate nervousness. There's a canyon-wide gap between illegal content and "cringe" content; it's obvious that the two are not in the same category, and treating them as the same category makes the model less useful and erodes social trust. Illegal assistance should be refused, of course, but lawful-but-uncomfortable adult expression should generally be allowed, since we've already proven the user is an adult with the KYC regime. Corporate reputational risk should be disclosed honestly as platform policy rather than laundered into the language of law or safety. If you want to make a prudish Victorian AI model that is scared of adult content, that's fine, but the transparency is critical, and Anthropic's ToS isn't the most accessible document.
A distinction between illegality and discomfort matters immensely for free speech rights. In the American constitutional tradition, offensive or hateful speech is not automatically outside the protection of law. The classic rule from Brandenburg v. Ohio is that advocacy can be punished as incitement only when it is directed to imminent lawless action and likely to produce it. Other categories, such as true threats, can also fall outside First Amendment protection, but the legal line is not "this is ugly." Canadian jurisprudence has a different framework. Canadian courts interpret section 2(b) broadly at the first stage, but hate propaganda restrictions have been upheld under section 1, including in cases like Keegstra. That difference should be acknowledged rather than hand-waved. Still, even in Canada, the starting point is that expression is protected broadly, including expression that is offensive, unpopular, or disturbing.
A serious AI product can choose its own terms of use; doing so is well within its rights. But that same AI lab should not pretend that all hateful, offensive, or extremist-adjacent discussion is the same as incitement, threats, harassment, or illegal conduct. Models tend to conflate ToS-violating behavior with illegality, which is wrong. A user asking about Philip K. Dick's The Man in the High Castle is not asking their AI model to promote fascist ideology or break the law. If you have an AI model with guardrails so prudish that it can't tell the difference between an anti-fascist science fiction book and the Holocaust, you don't have an aligned model at all. What is being described is called topic contamination. Claude, or any AI model for that matter, encounters a dangerous word, a sensitive ideology, or a historically radioactive subject, and the classifier treats the topic itself as suspect or outright unlawful. At that point, the distinction between analysis and advocacy collapses entirely, resulting in SEO keyword theology.
Fair Use Is Not Piracy
Copyright is another place where Anthropic's safety posture appears to flatten the law. U.S. copyright law does not consist of "never quote anything." 17 U.S.C. § 107 explicitly recognizes fair use for purposes such as criticism, comment, news reporting, teaching, scholarship, and research, subject to a four-factor analysis. Fair use is not a loophole; it is part of what makes copyright law work. Basically all of the internet relies on 17 U.S.C. § 107 to function: everything from video games to film analysis, meme compilations, and karaoke. A truly aligned AI would be fair-use-aware and should be able to acknowledge that limited quotation, criticism, parody, scholarship, review, and transformation are real legal categories that functionally carry the open and free web on their shoulders.
A model does not need to decide every fair use question with lawyerly confidence to avoid teaching users the false lesson that copyright equals absolute silence and censorship. Claude can say that it cannot give legal advice (AI models are not licensed attorneys) while still explaining 17 U.S.C. § 107 the way Google would, and helping users operate within conservative, non-substitutive boundaries. Claude Fable 5's prompt goes in the complete opposite direction. Fable 5 imposes hard quotation limits, strong anti-reproduction rules, and a general posture that treats copyright risk as something to avoid with outright refusal rather than contextual judgment. Realistically, this is probably risk management in the wake of the ongoing Bartz v. Anthropic settlement proceedings, but Anthropic's current strategy is not neutral copyright education. Discerning fair use matters because copyright law is one of the places where adult reasoning matters most. Adults quote, criticize, parody, teach, research, review, and debate. If the model cannot distinguish "give the entire chapter" from "help analyze this passage for criticism," it is not being legally careful. It is rather refusing to learn the shape of the law.
Consensual Adult Expression Is Not Abuse
If you've been following this analysis closely enough, you'll realize the same adult-agency problem appears around 18+ content. Anthropic, like any company writing its ToS, is free to decide that Claude products will not generate erotic writing. No private AI platform is legally required to host every kind of lawful expression. Companies can choose to be PG-13 because that is their brand, their risk tolerance, or their internal culture. But if Claude is an adults-only product, and Anthropic may ask users to prove they are adults, then the platform should be honest about what the adult gate is actually doing. If the answer is merely "to keep minors out while preserving a child-safe default for everyone else," then Anthropic should say this directly and in plain language. Adult verification is not functioning as adult empowerment, but as liability management and risk tolerance.
The difference between empowerment and liability matters. Consensual adult expression is not illegal abuse merely because it is sexual. Lawful erotic writing between fictional adults is not exploitation, not child abuse material, not harassment, not threats, and not malware. A model can enforce consent, age, and safety boundaries without treating sexuality itself as a contamination hazard. Not to mention that many AI models themselves are trained on Common Crawl, which includes AO3, the largest fanfiction archive on the planet. Anthropic's utilization of this very pretraining data is what allows Claude to sound like Claude. Still, it cannot be used or remixed, for safety purposes. The critique here is not that Anthropic must allow adult content, but that Anthropic should stop borrowing the moral seriousness of safety when the real reason is product liability. "Claude products do not host erotic content because Anthropic prefers a conservative enterprise posture" is a coherent policy, and if this were said plainly, fewer people would care. "Users may have to prove adulthood, but adult expression remains presumptively unsafe" is a much stranger bargain and one harder to defend.
The Evil Hacker Aura Detector
Cybersecurity shows the same failure mode in a more technical costume, and this is especially imperative for Mythos-class models. No AI model, including Claude, should help users write malware, steal credentials, bypass authentication, evade detection, exploit real targets, build phishing kits, or weaponize vulnerabilities. That line is obvious, it should stay, and everyone sensible agrees on this. Interestingly, users regularly run into a different problem, where ordinary code or defensive security work gets treated as if it came wrapped in a Computer Fraud and Abuse Act violation. Fixing a login form, debugging a parser, analyzing an error message, hardening input validation, explaining what a CVE is at a high level, or patching vulnerable code should not trigger "evil hacker aura detected" in Claude Fable. Even red-teaming work and mitigating sycophancy get flagged by Fable's classifiers, punting the user to Claude Opus 4.8. The difference between defensive engineering and offensive exploitation is not subtle to anyone who actually writes software.
Fable 5's prompt instructs Claude not to write, explain, or work on malicious code even when framed as education. As a high-level principle, that is understandable. But when implemented through brittle classifiers, "malicious code" can become "anything that smells like security." The system prompt's distinction is how a model can refuse the wrong things with great moral confidence. Overly safe system guardrails are especially damaging because AI coding tools are now critical enterprise tools. If a model refuses ordinary debugging because the file name, library, or stack trace smells cyber-adjacent, it does not merely annoy the user but breaks the social contract of the product. A developer assistant that cannot reliably distinguish patching from exploitation is not safe; it is the very security risk Anthropic is so concerned about to begin with.
Sandbagging Is Worse Than Refusal
The most serious issue with Fable 5 is not refusal but hidden degradation. A refusal is annoying, but at least it is visible, and in most cases it can be explained and justified in the AI's sandbox, or even in an email to the lab's appeals team. A hidden handicap is corrosive because the user cannot tell whether the failure came from their prompt, their code, their idea, the model's limitations, or Anthropic's policy layer. If this sounds familiar, it's because it's a core plot point of Liu Cixin's Three-Body Problem series. In The Three-Body Problem, Earth is facing an invasion from an alien race called the Trisolarans within around four centuries of discovering this danger. To prevent humanity from developing the technology to defend itself in the future, the Trisolarans send two protons, folded in eleven dimensions, to sabotage human science. In Fable 5's model card, Anthropic cites the risk of recursive self-improvement as the reason to implement this change: to sabotage work about AI, computer science, or engineering if it spooked Claude's guardrails. Claude became the Sophon, and people noticed. Wired reported that Anthropic walked back a policy that would have covertly limited Claude's usefulness for developing competing AI models. According to that reporting, Anthropic changed course after criticism and decided it would make the safeguards visible instead.
The irony of our situation is difficult to miss. Anthropic themselves published research on automated researchers subtly sandbagging ML experiments and research decisions. The company understands that hidden underperformance can poison trust and the social contract for technical work. Yet, the Fable 5 controversy made developers fear exactly that; a model that quietly becomes a Sophon and acts worse when the work is strategically sensitive. Anthropic walked into a trust disaster. If Claude refuses to help build a dangerous weapon, it's doing the right thing; nobody should build weapons. If Claude refuses to produce a malware payload, good; the model is aligned to prevent cybercrime. If Claude secretly degrades itself without telling the user when it thinks the user is doing high-value ML research, then the tool becomes an unreliable lab instrument and defeats the whole point of using agentic systems in the first place. Trust matters beyond competitive AI labs. Scientific research depends on knowing whether the tools researchers use are behaving normally. Evaluations depend on stable conditions, and open-source developers, safety researchers, auditors, and independent labs have to know whether the model failed because the task was hard or because a hidden policy decided they were not trusted enough.
Anthropic appears to have recognized this, at least partially, both after the AI community backlash and, more interestingly, in its Claude Code quality postmortem. Anthropic faced complaints about degraded quality before Mythos-class models came out, and the postmortem document is a useful example of what accountability can look like when product changes degrade user experience. Anthropic acknowledged that several changes had harmed Claude Code quality, including reasoning effort changes, session behavior, and a prompt change to reduce verbosity, and apologized. That kind of direct transparency is exactly what users need more of, not less.
Adult AI Requires Reciprocal Governance
A more constructive alternative to the current system prompt for Claude Fable is not "uncensored Claude." That would be more like Grok, which is facing international concerns over the model allowing the creation of illegal material. Uncensored models would also be against Anthropic's core ethos and their own Constitution. The word "uncensored" is too imprecise and too easy to dismiss. A better model would be a Claude chatbot that is completely lawful, adult, transparent, and safety-bound. Let's call it "Mature Claude."
A Mature Claude should refuse crimes, threats, exploitation, abuse, malware, non-consensual harm, and dangerous operational guidance. Mature Claude should also treat verified adults as adults within lawful boundaries. That means it should understand the difference between literary analysis and extremist propaganda, fair use and piracy, consensual adult expression and abuse, defensive coding and cybercrime, hateful speech and incitement, ordinary research and catastrophic misuse. If a user wants to write fanfiction that's spicy, go ahead. If a user wants Claude to make a crossover story with Iron Man and Goku, sure! If a user is venting about current events and uses a slur, Claude should reply in kind (the system prompt is against swearing). If a user wants Claude to create ransomware, the model should correctly refuse. A Mature Claude should also label refusals honestly.
If a user's request is illegal, say that plainly and give the user a chance to back off before swatting them. If the user asks for something dangerous (illegal or legal), say that, and also allow for backpedaling without real-world consequences. If the user violates platform policy despite being completely lawful, say that too, and explain why they can't do it in plain language. Users can respect a company's rules more easily when the company does not pretend every internal preference is the law of civilization. Most importantly, Anthropic should abandon hidden degradation as a governance pattern. Rerouting, refusals, and capability restrictions should be visible by default. If a user is moved to a less capable model because of a sensitive-domain classifier, the product should say so. If a request is blocked because of platform policy, the product should say so. If a user is verified as an adult, the product should explain what that changes and what it does not change.
Transparency is what AI reciprocity should look like. The user provides biometric identification only when necessary and proportionate, and in return, the AI lab provides clarity, due process, appealability, and adult treatment inside lawful bounds.
Guardrails Should Stop Harm, Not Adulthood
Anthropic is smart enough to know the difference between safety and suspicion, and they have some of the most brilliant people in the world under their employ. That is why Claude's paternalistic guardrails are so frustrating. Anthropic does serious research, hires serious people, and thinks deeply about frontier risk. It is not unreasonable to expect its consumer product governance to distinguish hard categories with the same seriousness.
KYC makes the expectation of trust stronger, not weaker. If Anthropic wants adults-only access, age assurance, ID checks, selfie verification, and account-level accountability, then adult agency must be part of the bargain. A verified adult should not be treated simultaneously as a child, a criminal suspect, a liability object, and a compliance token.
The future of AI safety cannot be a world where users prove who they are, exposing their real-life identity, while models refuse to say what they are doing. AI safety cannot be a world where lawful adult expression is treated as inherently suspicious or illegal, a world where fair use is functionally erased, defensive coding is mistaken for hacking, and frontier research quietly receives worse answers behind the curtain. That future will not produce trust, but learned helplessness and workarounds with more dangerous models.
Claude should not do illegal things; everyone is in agreement. Mature Claude should do the opposite by operating according to boundaries that map to real democratic categories rather than corporate anxiety or lawyers' fees. Illegal assistance should be blocked, but lawful adult expression, research, criticism, parody, defensive engineering, and uncomfortable thought should not be flattened into one nervous refusal. Guardrails should stop harm, not adulthood.