Anthropic Scores AI Jailbreaks Like CVEs With New CJS Scale
Anthropic unveiled the CJS scale for grading AI jailbreak severity like CVEs, launching Claude Fable 5 alongside this new framework for the industry.
Alongside the re-launch of Claude Fable 5, Anthropic introduced something the industry has lacked: a structured way to talk about how severe an AI jailbreak actually is. The Cyber Jailbreak Severity (CJS) scale works much like CVSS does for software vulnerabilities, ranking jailbreaks from CJS-0 (informational, no real uplift) to CJS-4 (critical, producing expert-level output that meaningfully accelerates real attacks). Severity is scored across four axes — capability gain, breadth across attack types, ease of weaponization, and discoverability — with each tier representing an exponential, not linear, jump in seriousness.
For Fable 5 specifically, Anthropic also rolled out a four-tier use-case classifier: prohibited uses like ransomware or malware development are blocked outright; high-risk dual-use tasks such as pentesting or exploit development are blocked by default pending better access controls; low-risk dual-use activities like OSINT are allowed but with an added safety margin; and benign uses such as secure coding remain fully permitted. Notably, Fable 5's safety margin is intentionally wider than in prior models, meaning more legitimate requests may get flagged as Anthropic leans toward caution at launch.
The real significance lies in creating a shared vocabulary that regulators, procurement teams, and incident responders can use when discussing AI-related risk — something that could shape how liability gets framed going forward. Anthropic published the CJS scale as an open draft seeking feedback and launched a HackerOne program for researchers to submit Fable 5 jailbreaks, signaling this is meant as genuine standards-building rather than a PR exercise.
Security researchers now have an official channel through HackerOne, teams evaluating Fable 5 should expect more false positives on cybersecurity-adjacent prompts, and anyone working in AI policy has a window to weigh in on the CJS framework before it solidifies into something harder to change.