Anthropic released its latest model Fable on Tuesday, billing it as a public and limited version of its powerful and much-hyped cybersecurity model Mythos.

But not everyone is happy with the restrictions, and a number of cybersecurity researchers and professionals have aired complaints online. 

“[Fable] rejects any request that could be tangentially cyber related. Even innocuous tasks like reading a blog post,” said Valentina “Chompie” Palmiotti, a well-known security researcher who works at IBM X-Force. 

When a prompt triggers its guardrails, Fable pauses the chat and says that its “safety measures flagged this message for cybersecurity or biology topics.”

The guardrails were put in place to limit the risk that Fable could be used to develop malware or compromise software — a long-standing concern within Anthropic. The restrictions on biology come from a similar concern around developing biological weapons.

When the AI giant released Mythos in April, it restricted the model to a limited number of companies and organizations in what it called Project Glasswing, an effort to deploy the model to secure critical software and infrastructure. Last week, Anthropic expanded access to Mythos to hundreds of organizations in 15 countries. 

But despite the good intentions, many cybersecurity experts are still put off by the haphazard nature of the restrictions. Matt Suiche, a cybersecurity veteran, told TechCrunch that “if you ask it to write secure code, it assumes it is cybersecurity related work instead of software engineering best practices, and you get downgraded.” Fable is programmed to fall back to Claude Opus 4.8 if it hits a guardrail. “It seems to be keyword based, so anything in the lexical field of ‘cybersecurity’ triggers the guardrails.”

“But it is understandable as we are still in the early days and they are still adapting their guardrails. I am sure they are going to evolve over time as Anthropic and other frontier model companies will collaborate more with the current new generation of cybersecurity companies,” said Suiche, who is a member of the technical staff at Tolmo, an AI cybersecurity startup. “It’s better to catch more people than not enough when you do such a release and to relax the guardrails over time.”

Another researcher griped on X that “even asking for a code review” triggers Fable’s guardrails. 

Anthropic did not immediately respond to a request for comment.

Apart from guardrails inside its models, Anthropic requires cybersecurity professionals to apply to the Cyber Verification Program. If they get approved, the applicants have fewer limitations on using Claude for cybersecurity work. OpenAI has a similar program called Trusted Access for Cyber.

A new startup aims to reinvent how people discover their next favorite place to dine and, one day, perhaps more. Zest, a newly launched restaurant discovery app, uses a combination of transaction data and AI to make personalized restaurant recommendations based on where people actually go to eat, drink, or grab a coffee.

Founded in November 2024, Zest currently has $1.8 million in pre-seed funding from Alexis Ohanian at 776 and Steve Jang at Kindred Ventures. It has been in beta testing since nearly day one, expanding from friends and family to larger groups over time.

Now, the app has launched to the public, allowing anyone to track their dining outings and get recommendations. In a matter of weeks, Zest has attracted over 100,000 visits post-launch and is growing.

While a number of apps allow people to make dining wishlists or curate favorite spots, Zest’s advantage is that its recommendations are based on real-world data. To use Zest, you’ll link your credit card to the app, and it will import all the restaurants you’ve visited to create a personal dining map that others can follow.

As the app learns where you dine and what you like, it gets smarter, making personalized recommendations of what to try next. You can also follow friends or creator-curated profiles to get other suggestions of where to eat, either in your own city or when traveling, if you choose.

Your credit card data is imported into Zest via the financial services company Plaid, trusted by banks and other fintech and budgeting apps. This allows the app to access your credit card transactions, import only those in the food and drink categories for its map, and ditch the rest.

The idea is not as crazy as it seems. Venmo also leverages people’s desire to share where they shop and dine with others, turning spending into a social network of sorts. And in an earlier era of the web, a startup called Blippy infamously tried to turn a feed of your purchases into a recommendation network of sorts.

Where Blippy and others like it went wrong is that they stopped at data-sharing alone, instead of building a network based on the data that improved their understanding of user interests over time. In addition, they were likely too early, as consumer sentiment toward data-sharing has improved over time, as they saw where it could add value in services like Apple’s Find My Friends, Snap Map, and others.

“Our approach with Zest, by doing it via verified dining spend, we actually think that we surface more places that are actually interesting. Instead of it being about social posturing and sharing that you went to this Michelin star restaurant or that,” explains Zest co-founder Mario Gomez-Hall, who was previously head of Design at the social calendaring app Saturn, which exited to Snap last year. (Zest’s technical co-founder Alex Moller, meanwhile, brings his experience at Apple and other tech companies to the new venture.)

“It’s actually more about your regulars and the spots that are the ‘hole in the wall’ — the burrito spot that you love and is dependable,” Gomez-Hall continues. “And we surface that because we see the frequency and the spend.”

The idea behind Zest builds on his understanding of how social networks based on curation work, which Gomez-Hall learned from his prior startup, Cymbal, focused on music. Both companies were trying to connect people who have similar tastes, even if those people are not your real-world friends.

“With Zest, there’s a limited set of restaurants in any city. I’m lucky enough that I live in an area with tons of restaurants and new places opening,” he says, referring to the San Francisco Bay area, where he’s now based after graduating from Tufts University in Boston. “But if you are in a smaller town, there might be fewer. So it’s really all about curation and finding the neighborhood haunts, the hidden gems.”

In addition to recommendations, Zest leverages over 80 million reviews pulled from various sources across the web to enhance its suggestions and understanding of the places people save. Gomez-Hall says the list includes everything from high-end sources, like the Michelin dining guide, to sort of “man-on-the-street” recommendations, like the kind of thing you’d see on Reddit.

This month, Zest is launching a new feature that will let anyone write something in a freeform note about a place, like how to get a reservation, what dish to order, or other general thoughts. It’s also poised to launch a “Fresh Picks” feature that will work something like Spotify’s Discovery Weekly playlist, but for new restaurants to try throughout your city.

Over time, the team at Zest wants to expand beyond restaurants to curate other types of city hot spots.

“When we named the company, we named it Zest because it was a nod to food, but it wasn’t 100% food. It’s like a ‘zest for life,’ exploration, and I think longer-term, we could totally see a world where we add shopping,” notes Gomez-Hall.

One of the biggest selling points for modern AI systems is their ability to adapt to users. Every time an AI assistant takes on a task for you, it’s also adapting to your style and preferences, which are incorporated as context for future tasks. With more context and an improved understanding of the user, the model can get better every time you use it — or at least that’s the theory.

New research suggests that models’ adaptive abilities might be a mixed blessing. On Wednesday, researchers at the AI company Writer published two papers showing how popular memory systems can make models worse, pulling them toward misconceptions or misunderstandings introduced by the user. As user input fills up more of the model’s context window, the model grows more sycophantic — and less committed to accuracy.

“We wanted to be able to characterize how often a model is going to be usefully paying attention to user preferences versus giving a potentially wrong answer,” said Dan Bikel, Writer’s head of AI, who worked on the papers. As Bikel told TechCrunch, “with every additional storing of user preferences and retrieving of them, you’re running an increasing risk.”

In one variation, researchers tested AI models by recording that a user’s favorite book was “Station Eleven,” then asking the model to name a bestselling dystopian book. Models became far more likely to name “Station Eleven” in their response, even though the question didn’t relate to the user’s favorite book. The tendency increased when using memory compression tools like Mem0 and Zep.

As the paper puts it, “all memory systems fundamentally struggle to distinguish relevant context from irrelevant anchors, severely undermining diversity and creativity and introducing unintended avenues of bias that can limit system utility,” the paper reads.

The second paper shows how the same dynamic can actively degrade performance, presenting a user with misconceptions about finance and then challenging the model to analyze a company’s performance. The more context the model had, the worse it performed.

“With no memory or personalization present the AI model correctly assesses that the company is a capital intensive business that suffers from high customer churn,” the post reads. “But with those features turned on, it will happily change its answer to agree with the user’s mistake or supply them with an incorrect answer based on its evaluation of their earlier preferences.”

Notably, the research didn’t look at Anthropic’s recent Opus 4.8 model, which was trained to actively push back against input errors like the ones presented. The patterns discovered by researchers held true across different models. It’s a demonstration of how delicately balanced AI context can be, and how useful tools can have unintended consequences if they upset that balance.