Last week Anthropic re-released Fable to Claude subscribers with additional guardrails, included in the plan for a limited period.
Excited to test the new model, I decided to use it to run code reviews across my existing products and websites, both to check for security issues and to improve the code generally. I already run security scans via Claude and ChatGPT against my GitHub repositories, and via Lovable when building on that platform, but I had read that Fable had picked up a 27-year-old bug in OpenBSD and wanted to see what it could do for me during the test window.
Fable is only included in the plan for a limited period, after which it moves to pay-per-token usage. The model burns through tokens much faster than other models, so I knew running it properly would get expensive once that window closed. That's what pushed me to reprioritise what I was working on and get fixes implemented while it was still included. I'm paying for the £90 a month plan to support my work, so I had a decent amount of spare usage depending on what else I was running that week, which gave me room to experiment without worrying about racking up huge costs. The first time I ran Fable, I waited until I had around 40 minutes left in my five-hour usage window, so if it went off and started consuming context aggressively, there was a natural cut-off point that wouldn't eat too far into my longer-term usage.
I went into Claude Code to ask whether running Fable across the newly launched Product Scope website code would be worth doing. Before I'd finished asking, Claude had already spun up an agent in the session and started reviewing the code itself. Once the agent finished, Opus reported the bugs and fixed them. I ran Fable again, more targeted this time, focusing on specific areas rather than the whole codebase. Fable is genuinely good at identifying security issues, but I didn't need it to fix them. Opus handled that part fine. Once everything was updated, I used the rest of the included window to run the same reviews across all the websites and products I've built this year using Claude Code and Lovable. Everything sits in GitHub, so it was straightforward for the model to access and review.
One example: a subscription-management endpoint on one of my own apps trusted an email address alone to authorise account changes, with no session check. Anyone who knew the address could read, change or unsubscribe the account. Fixed with proper session tokens, and confirmed closed by testing the live endpoint directly.
Fable isn't a tool for day-to-day work, and I'd doubted I'd ever use it once it moved to pay-per-token access via the API. Having used it properly now, I've changed my mind. I ran the same reviews with Opus, and previously with ChatGPT, though I haven't tried 5.6 yet. Where Fable earns its cost is in targeted security checks on specific areas of a product, rather than general use. It's something I'll be recommending clients build into their own process too. Spending tens of dollars on a review is cheap compared to a data leak, and it's another useful layer in a vibe-coding stack that can deliver a full product.
You may also like
Interested in working together?
I work with organisations to streamline workflows, modernise tools, and deliver systems that save time and enable teams to focus on the work that matters. If you're planning a project or refining a platform, get in touch.