Anthropic has officially released Claude Fable 5, its most capable AI model to date, alongside a restricted twin model called Claude Mythos 5, designed specifically for vetted cybersecurity use cases.

Unlike previous model releases, the two versions are not differentiated by underlying capability, but by security and misuse prevention layers.

Two Models, One Core System

Anthropic is shipping a single foundation model in two operational modes:

  • Claude Fable 5 – publicly available model with cybersecurity safeguards enabled
  • Claude Mythos 5 – restricted version for approved cybersecurity and critical infrastructure users

Both models share the same architecture and pricing:

  • $10 per million input tokens
  • $50 per million output tokens

However, Mythos 5 retains full cybersecurity capabilities that are otherwise filtered or redirected in the public version.

Cybersecurity Classifier System

Fable 5 introduces a new safety architecture based on specialized misuse classifiers.

These classifiers monitor requests across categories such as:

  • Cybersecurity attack planning
  • Exploit development
  • Biological and chemical risk domains
  • Model distillation attempts

When a request is flagged, Fable 5 does not directly respond. Instead, it routes the request to a less capable model (Claude Opus 4.8) or blocks the response depending on severity.

Anthropic reports that:

  • More than 95% of sessions are unaffected
  • Fewer than 5% trigger fallback or intervention
  • The system successfully blocks known jailbreak attempts in testing environments

Security vs Capability Tradeoff

The cybersecurity classifier is designed to prevent offensive use cases such as:

  • Vulnerability discovery at scale
  • Exploit chain development
  • Automated attack planning
  • Lateral movement modeling

However, Anthropic acknowledges that this introduces false positives, where legitimate security research queries may be restricted or downgraded.

The company plans to refine classifier accuracy post-launch.

Why Mythos 5 Exists

Anthropic states that models in the Mythos class demonstrate:

  • Advanced vulnerability discovery
  • Autonomous exploit generation
  • Cross-platform zero-day identification capabilities

Internal evaluations reportedly showed the model identifying and exploiting vulnerabilities across major operating systems and browsers, including long-standing legacy flaws.

Because of this capability level, Anthropic limits access to vetted users through its Cyber Verification Program.

Defensive Findings From Project Glasswing

During large-scale testing with partners:

  • Over 10,000 high or critical vulnerabilities were identified
  • Cloudflare reported 2,000 issues (400 high/critical)
  • Mozilla fixed 271 vulnerabilities in a single release cycle

Anthropic estimates that a high-severity vulnerability can now be turned into a working exploit in hours to days, rather than weeks.

This significantly compresses the traditional patch window between disclosure and exploitation.

The New Security Bottleneck

The core issue is no longer vulnerability discovery.

Instead, the bottleneck has shifted to:

  • Patch development
  • Validation
  • Deployment across production systems

Open-source maintainers have reportedly struggled with the volume of AI-assisted vulnerability reports and required remediation work.

New Data Retention Policy

Anthropic has introduced a 30-day retention policy for all traffic processed by Fable 5 and Mythos 5.

Key points:

  • Data is not used for model training
  • Logs are retained only for security analysis
  • Extended retention applies only for investigations or legal requirements

The goal is to improve detection of emerging attack patterns and jailbreak techniques.

Industry Implications

Anthropic warns that similar high-capability models are emerging across the industry, and not all will include comparable safeguards.

The key concern is asymmetry:

  • AI can now find vulnerabilities faster than humans can patch them
  • Exploit development time is shrinking dramatically
  • Defensive coordination becomes the limiting factor

Conclusion

Claude Fable 5 and Mythos 5 represent a new phase in AI development where capability and security are explicitly separated at the product level.

While Fable 5 is designed for general use with safeguards, Mythos 5 highlights the dual-use nature of modern AI systems in cybersecurity contexts.

The broader challenge for defenders is no longer identifying vulnerabilities—but responding to them before they can be operationalized.