Anthropic has released Claude Fable 5, a public version of its powerful Mythos-class AI technology, but with new safeguards meant to keep the model from being used for high-risk cyber and biological work.
In other words, Claude Mythos 5 is staying behind the velvet rope.
What matters most is not the model itself, but how access to each version is controlled.
Developer Simon Willison, who tested Fable 5 after launch, described it as Anthropic offering Mythos-class performance with stricter guardrails meant to prevent harmful use. The full-power version, Mythos 5, remains reserved for vetted cyber defenders.
Anthropic describes Fable 5, the broadly available model, and Mythos 5 as the same underlying model — with Mythos 5 the version that runs with some safeguards lifted, reserved for a small group of large infrastructure partners.
With Fable 5, Anthropic is giving the public most of the power of Mythos 5, routing risky prompts away from the sharpest system. It’s betting that trusted access can put advanced cyber capability in defenders’ hands without handing the same tools to everyone else.
For others, the launch looks less like a routine model release than a test of controlled access to a frontier AI model: Can it be abused, and how secure are the guardrails?
Fable is not a fully open Mythos release. It is Mythos with a governor installed.
The governor is the product
In practical terms, Fable 5 gives developers, enterprises and power users access to Anthropic’s most capable generally available model. But when the system detects certain cybersecurity, biology, chemistry or model distillation requests, Anthropic says the query is automatically handled by Claude Opus 4.8 instead.
Anthropic says the safeguards are deliberately conservative and trigger in less than 5% of sessions on average. That means most users will experience Fable 5 as the full-strength model, while users who wander into high-risk territory may be pushed to Opus 4.8.
Bring money, bring tokens
Anthropic says Fable 5 is available through the Claude API, Claude Platform on AWS, Amazon Bedrock, Google Cloud’s Vertex AI and Microsoft Foundry. The company priced both Fable 5 and Mythos 5 at $10 per million input tokens and $50 per million output tokens.
That price point makes Fable 5 an enterprise tool, not a casual chatbot upgrade. Anthropic is aiming at well-funded engineering teams, cloud-native enterprises, AI-heavy security shops and organizations willing to pay a premium for long-running coding, research and agentic workflows.
The model is also built for longer, more autonomous work than previous Claude releases. Anthropic says Fable 5 can handle days-long coding and knowledge-work tasks, plan across stages, delegate work to sub-agents and check its own work. The company is pitching it for large software migrations, complex coding projects, document-heavy enterprise workflows and long-running analysis.
Those features can cut both ways.
A model that can sustain long coding jobs, reason across large codebases and test its own work could help security teams find and patch vulnerabilities faster. Those same capabilities could also help attackers move faster if they can reach them without effective controls.
Glasswing was the warning shot
In its own red-team writeup on Mythos Preview, the company said the same improvements that made the model better at finding and fixing vulnerabilities also made it better at exploiting them.
Jeff Williams, founder of OWASP and founder/CTO of Contrast Security, put the defender problem bluntly: “AI is turning vulnerability discovery into an industrial-scale activity, but most organizations still remediate at human speed.”
Fable 5’s strengths — long coding runs, large-codebase reasoning and self-testing — are exactly what defenders want. They are also exactly what attackers would want if comparable capabilities become easier to access.
Earlier this year, the company said Claude Mythos Preview had reached a level of cybersecurity capability that made broad release too risky. Project Glasswing was Anthropic’s first answer to that problem: limited access for organizations working on critical software and infrastructure.
As of June, Glasswing is expanding beyond its initial partner group. Anthropic says it is extending the program to approximately 150 new organizations in more than 15 countries, with access focused on defenders responsible for critical software, open-source infrastructure and security testing.
Anthropic says the new group is focused on critical infrastructure, open-source maintainers, vendors and safety testers, and each participant must meet its security requirements before receiving access.
“Safe” is doing a lot of work here
Fable 5 is meant to broaden access and blunt the most dangerous edges.
The company says its new classifiers are designed to detect misuse, including jailbreak attempts, and prevent Fable 5 from responding directly.
In its Fable 5 announcement, the company said it chose to release the model quickly “even at the cost of overly broad safeguards,” and that most biology and chemistry requests will temporarily fall back to Opus 4.8.
Axios reported that Dianne Penn, Anthropic’s head of product management, research and labs, said the company is being “deliberately more conservative” at launch. That means some legitimate researchers and defenders may find Fable’s safety layer getting in the way, at least for now.
Anthropic said external and internal testing found no universal jailbreaks after more than 1,000 hours of bug bounty testing. But the company was careful not to claim perfection. It said completely preventing universal jailbreaks is likely impossible, and the goal is to make bypasses slow and costly enough to detect before they can be used at scale.
Welcome to the access-control era
The release also puts Anthropic in the middle of a larger industry fight over who gets access to the most cyber-capable AI systems.
OpenAI has taken a similar route with its Trusted Access for Cyber program, which gives verified defenders more permissive access for approved defensive work while keeping stronger controls around general use. Its current cyber-specific tier, GPT-5.5-Cyber, is in limited preview for defenders responsible for securing critical infrastructure.
That may be prudent. Anthropic says Mythos-class capabilities are risky enough to require safeguards and limited access, while OpenAI says its Trusted Access for Cyber program gives more powerful cyber capabilities only to verified defenders and selected teams.
But that model also puts private AI labs in the gatekeeper role, deciding who gets access to the next generation of cyber capability and under what conditions.
Justin Beals, CEO and founder of Strike Graph, framed it as a transparency problem. “Controlled rollout of frontier AI is the right instinct. But opacity is not a security strategy,” he said in comments provided to Security Point Break. “Whoever gets access, the standard should be verifiable transparency, not curated receipts.”
That leaves Anthropic in an uncomfortable position, deciding who gets the sharpest tools and who does not. For defenders, the stakes are less philosophical and more urgent: patch faster, or watch AI-assisted attackers move first.
The bottleneck moved
Anthropic’s own guidance points in that direction.
The company has said the security bottleneck is shifting from finding vulnerabilities to verifying, disclosing, fixing and deploying patches at scale. If models can surface bugs faster, then vulnerability management programs built around quarterly patch cycles, manual triage and slow disclosure workflows will look increasingly outmatched.
Martin Roesch, head of cloud at Vectra AI, said the safeguard debate should not distract companies from the bigger shift.
“It’s nice that Anthropic has put safeguards on the model’s capabilities, but Pandora’s Box has been opened,” Roesch said in a statement provided to Security Point Break. “In the next six months, we’ll see open-source models that can do the same thing with similar levels of efficacy, and that are able to run on commodity hardware.”
Roesch said motivated attackers will soon be able to point similar tools at a software stack or targeted organization and “expect success.”
“Having serious capabilities to operate in post-compromise environments is something that all companies should be including in their security architectures today, while they still have some time to work in a considered environment,” he said.
Builders, meanwhile, are looking at Fable 5 and seeing something very different: a machine that can turn vague ideas into working software with far less waiting around.
Builders are already giddy
For developers, the reaction has been more excited than alarmed.
In a post on X reacting to the launch, Andrej Karpathy, the former Tesla AI director and OpenAI researcher, described software increasingly “coming out on a tap.” He said demand for custom software grows once users realize they can ask for explainers, dashboards, test suites, research projects and single-use apps on demand.
Writing up his initial impressions on his blog, Willison called Fable 5 “a beast,” describing it as slow, expensive and able to crunch through nearly everything he threw at it.
That excitement matters because Fable 5 is not being pitched as a cybersecurity product. Anthropic is selling it as a workhorse for coding, research and long-running enterprise tasks.
The cyber concern comes from the same things that make it useful: better code, longer memory, more autonomy and a stronger habit of checking its own work.
CISOs don’t get to wait this out
For CISOs, the practical takeaway is not to wait for perfect clarity on whether Fable’s safeguards hold.
The safer assumption is that Mythos-class AI will not stay rare for long. Anthropic has warned that other AI labs may soon develop comparable cyber-capable models, and not all of them may release those systems with the same safeguards.
The signal to CISOs is AI-assisted vulnerability discovery is here, and remediation has to catch up. Anthropic says the bottleneck is moving from finding bugs to validating, disclosing and deploying fixes at scale.
Williams’ warning is that discovery alone does not equal security. The hard part is turning a faster stream of findings into validated, prioritized and deployed fixes.
The speed bump is disappearing
The security world has long relied on a grim kind of friction. Exploits did not write themselves. Vulnerability queues still needed humans to separate real danger from scanner slop. Attackers had the upper hand often enough, but deep expertise still slowed the game down.
Anthropic’s Fable 5 launch is an attempt to release the productivity upside without handing everyone the exploit-development downside. Maybe the guardrails hold well enough. Maybe they do not.
Either way, the message for defenders is the same.
The next race is not who can find the bug.
It is who can fix it first.
