🛡️Claude Fable Burned $12 Inventing Its Own Browser Tools
TL;DR
From one screenshot and a one-line prompt, Claude Fable 5 wrote its own macOS screenshot tooling and patched app templates to debug a UI glitch. It spent about $12 in tokens fixing a two-line CSS bug, and Simon Willison's takeaway is blunt: never run coding agents outside a sandbox.
From one screenshot and a one-line prompt, Claude Fable 5 wrote its own macOS screenshot tooling and patched app templates to debug a UI glitch. It spent about $12 in tokens fixing a two-line CSS bug, and Simon Willison's takeaway is blunt: never run coding agents outside a sandbox.
Key Points
Fable spun up Playwright, then scripted pyobjc and screencapture to grab native Safari windows
It edited Datasette templates to fire a keyboard shortcut and ran a local CORS server to capture DOM measurements
Hit a guardrail mid-task and downgraded itself to Opus 4.8, which finished the fix
AgentsView put the session at about $12.11 at full API prices
Why It Matters
The same proactivity that makes a coding agent useful makes a prompt-injection compromise far more dangerous, which is the core argument for sandboxing every agent.
Quick Facts
Frequently Asked Questions
Why does this matter?
The same proactivity that makes a coding agent useful makes a prompt-injection compromise far more dangerous, which is the core argument for sandboxing every agent.
What happened?
From one screenshot and a one-line prompt, Claude Fable 5 wrote its own macOS screenshot tooling and patched app templates to debug a UI glitch. It spent about $12 in tokens fixing a two-line CSS bug, and Simon Willison's takeaway is blunt: never run coding agents outside a sandbox.
Comments
Be the first to comment
Enjoyed this article?
Get it daily. 7am. Free. Reads in 5 minutes.
Join 2,085 builders reading daily.