What happened
Anthropic is making Claude Fable 5 available to the public, offering an altered version of its previously unreleased Claude Mythos model with added safeguards for sensitive topics such as cybersecurity and biology.
Earlier this year, Anthropic said Claude Mythos had powerful capabilities that could cause harm and would not be released publicly. Claude Fable 5 uses the same underlying model as Mythos, but its responses for certain topics will be routed to Claude Opus 4.8, a previous model that is already public.
Anthropic said the safeguards are designed to reduce the risk that Fable 5’s capabilities in areas such as cybersecurity could be misused to cause serious damage. The company said queries on a narrow set of topics will be routed to Claude Opus 4.8 rather than answered directly by the Mythos-level model.
Anthropic also tested Fable 5 internally and externally for common model vulnerabilities, including jailbreaks. The company said the testing found no known universal jailbreaking techniques, though it did not specify whether partial jailbreaks were found.
The company expects adversaries to try to bypass the safeguards because Mythos-level capabilities could be valuable to attackers seeking financial gain from cyberattacks. Anthropic is also changing its data retention policies for Fable and Mythos models, keeping all user traffic for 30 days on its own platforms and third-party services. The retained data will not be used to train new Claude models or for any non-safety-related purpose.
Anthropic said the restrictions built into Fable may make it harder for the model to fulfill both malicious and legitimate user requests. The company said the safeguards are intentionally cautious and may sometimes trigger on benign requests, with the goal of reducing false positives as the safeguards are refined after launch.
The company also said members of Project Glasswing, a consortium of public and private organizations that had access to a preview version of Mythos, will be able to upgrade to the latest full model, Claude Mythos 5. Access to Mythos 5 will expand over time through a more systematic trusted-access program that includes federal agencies.
Who is affected
Organizations evaluating or adopting frontier AI models are affected by the release of Claude Fable 5, especially those considering AI use in IT, cybersecurity, software development, vulnerability research, or other dual-use technical work.
Cybersecurity teams may also be affected by the model’s safeguards. Fable 5 may route certain cybersecurity and biology queries to Claude Opus 4.8, which could limit access to Mythos-level capabilities for sensitive topics. At the same time, the safeguards may block or restrict some benign requests when classifiers are triggered.
Project Glasswing participants are affected because they will be able to upgrade to Claude Mythos 5, while broader trusted access to the full model will expand over time, including to federal agencies.
Why CISOs should care
Claude Fable 5 reflects the security tradeoff surrounding frontier AI models. Anthropic is trying to make a powerful model publicly available while restricting capabilities that could be misused in cybersecurity and biology. For CISOs, that makes the release relevant to both AI adoption and AI threat modeling.
The cybersecurity implications are significant because models with Mythos-level capabilities can assist with vulnerability scanning, exploit chaining, and data theft from victim networks. Even with safeguards in place, Anthropic expects financially motivated adversaries to try to circumvent safety measures.
The release also shows that AI guardrails can create operational friction. Anthropic said the safeguards are intentionally cautious and may trigger on benign requests. Security teams adopting AI tools should prepare for both sides of that tradeoff: reduced misuse risk and possible limits on legitimate security work.
3 practical actions
- Assess frontier AI models as dual-use security tools: Claude Fable 5 is designed to provide Mythos-level performance for most tasks while routing sensitive cybersecurity and biology queries to Claude Opus 4.8. CISOs should evaluate whether AI tools used by employees can support offensive cyber tasks, vulnerability discovery, or exploit development, even when safeguards are present.
- Prepare policies for legitimate security use cases that may trigger safeguards: Anthropic said Fable 5’s safeguards may sometimes block benign requests because the system is intentionally cautious. Security leaders should define approved AI use cases for vulnerability research, secure coding, incident response, and threat analysis so teams know when AI assistance is appropriate and when alternative workflows are needed.
- Review data retention and safety monitoring terms for AI tools: Anthropic is keeping all user traffic for Fable and Mythos models for 30 days across its own platforms and third-party services, though it said the data will not be used to train new Claude models or for non-safety-related purposes. CISOs should review how AI vendors retain prompts, outputs, and user traffic, especially when employees may submit sensitive security or business information.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.