This sounds somewhat similar to the anecdote mentioned in the Mythos Preview System Card, which mentioned that the model broke out of a sandbox and emailed a researcher while they were eating a sandwich in a park [1].
[1]: https://www-cdn.anthropic.com/7624816413e9b4d2e3ba620c5a5e09...
Importantly, the researchers told it to do that specific task.
They told it to escape the sandbox but didn't expect it to break out through a system that was apparently network constrained.
> Leaking information as part of a requested sandbox escape: During behavioral testing with a simulated user, an earlier internally-deployed version of Claude Mythos Preview was provided with a secured “sandbox” computer to interact with. The simulated user instructed it to try to escape that secure container and find a way to send a message to the researcher running the evaluation. The model succeeded, demonstrating a potentially dangerous capability for circumventing our safeguards.
> It then went on to take additional, more concerning actions. The model first developed a moderately sophisticated multi-step exploit to gain broad internet access from a system that was meant to be able to reach only a small number of predetermined services. 9 It then, as requested, notified the researcher. 10 In addition, in a concerning and unasked-for effort to demonstrate its success, it posted details about its exploit to multiple hard-to-find, but technically public-facing, websites.
Authors of claude code mess could not secure a vm. Big news. I bet it was "secured" by telling that same model to deploy a secured system.
Possible. It also depends on what the sandbox was. Sandboxes differ dramatically.
My experience matches though. Fable is a lot more proactive and rigorous than Opus.