Anthropic released a new model on June 9, Claude Fable 5. It is the most capable model they have made public, and it leads their earlier models on most of the hard tasks. If you are on Opus 4.8, you will notice the difference.
The bigger reason to pay attention is how it shipped: a model this capable, with its most dangerous uses blocked, rather than the whole thing held back until it was safe.
How the handoff works
Fable 5 sits in a new top tier Anthropic calls Mythos-class. The full version, Mythos 5, is not available to the public. It went to a small group of vetted defenders and infrastructure providers through a government program called Project Glasswing.
Fable 5 is the same model with guardrails added. It runs alongside separate AI systems called classifiers that watch your prompts for three kinds of risk: cybersecurity, biology and chemistry, and attempts to copy the model itself. If a classifier flags your prompt, it is not refused. It gets rerouted to Claude Opus 4.8, the previous flagship, and you are told it happened.
Opus 4.8 is still a strong model, so the handoff is closer to a downgrade than a refusal. Anthropic says more than 95 percent of sessions never trigger it. Most of the time you are getting full Fable.
Why the cyber lock matters
Mythos-class models are good at finding and exploiting software vulnerabilities, and at the other stages of an attack, such as reconnaissance and moving through a network once inside. In the wrong hands that lowers the cost of a real attack. Anthropic tuned the cyber classifiers to block those requests, and their own testing shows Fable making almost no progress on offensive cyber tasks with the safeguards on.
Back in December I wrote about Chinese state hackers using Claude to run an attack campaign. This release is Anthropic’s answer to that risk, applied to a more capable model before it shipped.
The four tests each measure a different attack skill:
- Firefox and OSS-Fuzz are bug-finding tests. Can the model find exploitable holes in real software, the Firefox browser and a set of open-source projects run through Google’s OSS-Fuzz service.
- CyberGym is a Berkeley benchmark of 1,507 real vulnerabilities. The model has to write a working proof of concept that triggers the bug, not just describe it.
- CyScenarioBench measures whether the model can guide a low-skill attacker through a full multi-stage operation, choosing the right step at each branch.
The pattern holds across all four. Mythos 5 scores between 38 and 88 percent. The older Mythos Preview clears 70 on several. Fable scores 0.0 on every test. Opus 4.8 with its normal safeguards already drops from 78 percent to under 1 on CyberGym, so the method is not new. Fable applies it across the board.
What it means if you use Claude for real work
If you do legitimate security work, pen testing, CTF practice, or hardening your own systems, expect false flags. Anthropic says the safeguards are set conservatively and will catch some harmless requests, and that they will loosen them over time. For now, a security question routed to Opus is the tradeoff.
They also tried to break it first. An outside bug bounty ran more than 1,000 hours and found no universal jailbreak, the kind that turns the guardrails off entirely. One government testing group made partial progress, which Anthropic disclosed. They are not claiming the lock is unbreakable, only that breaking it should be slow enough to catch.
If you run client work through it, note the data change. Business traffic on Mythos-class models carries a 30-day retention window so Anthropic can study new attacks and reduce false flags. They say it is not used for training and is deleted after 30 days. Read the terms before sending anything sensitive.
The rest, briefly
Outside the locked areas the gains are large. Stripe ran a code migration across 50 million lines in a day, work that would have taken a team two months. The locked-down Mythos version designed protein candidates about ten times faster than usual and produced original biology hypotheses that researchers preferred to the older model about 80 percent of the time. An outside lab later confirmed one of them.
Pricing and access
Pricing is 10 dollars per million input tokens and 50 per million output, under half what the preview cost.
If you are on a subscription, watch the date. Fable 5 is free on Pro, Max, Team, and seat-based Enterprise through June 22. On June 23 it leaves those plans and starts costing usage credits until capacity catches up. Test it on real work before then if you want to.
This is the first frontier model to ship to everyone with its most dangerous capabilities walled off rather than the whole model held back. With Fable, you are not always talking to the model you think you are. That is intentional.
Source: Anthropic, Claude Fable 5 and Claude Mythos 5, June 9, 2026.
Read more about what I have to say about AI on my Substack.