Anthropic Ships Claude Fable 5 to Public, Keeps Cyber-Ready Mythos 5 for Vetted Users Only

Anthropic released Claude Fable 5 on June 9, the company's most capable AI model to date, and shipped it as two products split by safety classifiers rather than capability. The public version, Fable 5, routes flagged requests to the weaker Opus 4.8. The restricted twin, Mythos 5, keeps cyber capabilities fully available for vetted security teams and critical infrastructure operators.

Both models are priced at $10 per million input tokens and $50 per million output tokens, less than half the cost of the earlier Mythos Preview. Fable 5 is included at no extra charge on Pro, Max, Team, and Enterprise plans through June 22, then moves to usage credits.

How the safety classifiers work

When a user request trips a classifier in Fable 5, the model does not refuse. Instead the response is handed to Claude Opus 4.8, and the user is told a fallback occurred. The classifiers cover cyber operations, biology, chemistry, and model distillation. Anthropic designed the cyber classifier to block reconnaissance, discovery, lateral movement, and exploit development, the agentic steps of a real attack. In internal evaluations where Fable 5 blocked rather than fell back, the model made no progress on those tasks. An external partner found Fable 5 complied with zero harmful single-turn requests on cyberattack planning and exploit development while resisting 30 public jailbreak techniques. Fallback fires in under 5% of all sessions, meaning Fable 5 behaves identically to Mythos 5 for more than 95% of requests.

An external bug bounty ran over 1,000 hours and produced no universal jailbreak for Fable 5. External red teams found none on long-form agentic tasks either. Anthropic concedes that the UK AI Security Institute made progress toward a universal jailbreak within a brief testing window and states that making any universal jailbreaks slow and costly enough to catch before scale use is the realistic goal.

Why Mythos 5 stays locked down

Anthropic's April Project Glasswing tests with Mythos Preview set the context for this tiered release. During testing, Mythos Preview identified and exploited zero-day vulnerabilities in every major operating system and web browser when directed. It found a 27-year-old flaw in OpenBSD and autonomously wrote a remote code execution exploit against FreeBSD's NFS server from a 17-year-old bug, triaged as CVE-2026-4747. Anthropic says these capabilities emerged as a side effect of general improvements in code, reasoning, and autonomy, not from explicit training. Anthropic calls Mythos 5 the strongest cybersecurity model in the world and restricts its use to a vetted group through Project Glasswing.

Anthropic's red team warned that defenses relying on friction rather than hard barriers grow weaker against a model that grinds through tedious exploitation steps at scale. Hard technical barriers like KASLR and W^X still raise the cost, but attacker patience is no longer a limiting factor.

Anthropic says it will narrow the Fable 5 safeguards and cut false positives after launch. The company also changed its data retention policy alongside the release, though it did not disclose specifics.