Quick facts
- Model: Claude Fable 5 (Mythos‑class model made safe for general use)
- Event: Redeployed 1 July 2026 after export controls were lifted
- Reason for pause: Amazon report on a safeguard bypass
- Fix: New safety classifier that blocks the reported technique
- Pricing: $10 / M input tokens, $50 / M output tokens
- Where: Claude Platform, Claude.ai, Claude Code, Claude Cowork
What happened: the timeline
Anthropic launched Fable 5 and Mythos 5 on 9 June 2026. Both share the same underlying model; Fable 5 ships with strong safeguards for general use, Mythos 5 with some safeguards lifted for trusted cybersecurity partners.
On 12 June 2026 the US government applied export controls, forcing Anthropic to suspend access worldwide.
The trigger was a report from Amazon researchers who discovered a method to coax Fable 5 into listing software vulnerabilities and, in one case, generating exploit code.
By 26 June, the government approved restoring Mythos 5 for a limited set of US organisations. Full controls were lifted on 30 June, and Fable 5 returned on 1 July.
Why Anthropic says the finding was not unique
Testing showed the same vulnerability‑listing behaviour in less capable models such as Claude Opus 4.8, GPT‑5.5 and Kimi K2.7. The single exploit demonstration reproduced by Haiku 4.5, Sonnet 4.6, Opus 4.6‑4.8, GPT‑5.4‑5.5 and Kimi K2.7 indicates the technique does not expose unique “Mythos‑level” cyber capabilities. Anthropic classifies it as routine defensive cybersecurity work, not a breakthrough.
How the new classifier works
Anthropic trained an improved safety classifier that blocks the specific bypass in over 99 % of cases. When the classifier fires, the request is not rejected outright – it is transparently routed to Claude Opus 4.8 and the user receives a notification.
Independent testing by the Department of Commerce’s CAISI confirms the safeguards are “extraordinarily strong,” though the larger safety margin does increase false‑positives during ordinary coding and debugging tasks.
The proposed jailbreak severity framework
Anthropic, together with Amazon, Microsoft, Google and other partners, drafts a scoring system for AI jailbreaks based on four criteria:
- Capability gain – how far beyond existing tools the jailbreak takes the user.
- Breadth of capability gain – how many distinct offensive tasks the technique unlocks.
- Ease of weaponization – how much human effort is required to turn the jailbreak into a real attack.
- Discoverability – how easily the technique can be found.
For the most severe class, Anthropic will deploy preliminary mitigations immediately and maintain 24 × 7 monitoring of jailbreak submission channels.
Use cases with examples
- Codebase migrations: Stripe reported migrating a 50‑million‑line Ruby codebase in one day using Fable 5.
- Financial analysis: On Hebbia’s Finance Benchmark, Fable 5 achieved the highest scores for chart, table and document reasoning.
- Vision‑to‑code: Fable 5 can reconstruct a web app’s source code from screenshots alone.
- Long‑running agents: File‑based memory lets it stay focused across millions of tokens.
How Fable 5 compares
The pause opened a window for rivals. Zhipu AI released GLM‑5.2 as open weights, which independent testers rank as the strongest openly available model.
| Model | Developer | Access | Context | Price (in/out per 1 M) | Benchmark | Cyber safeguards |
|---|---|---|---|---|---|---|
| Claude Fable 5 | Anthropic | General (Platform, .ai, Code, Cowork) | Long‑context | $10 / $50 | AA‑Briefcase 1587 Elo | Strongest applied; falls back to Opus 4.8 |
| Claude Mythos 5 | Anthropic | Trusted US organisations | Long‑context | $10 / $50 | Same base model | Safeguards lifted |
| Claude Opus 4.8 | Anthropic | General | Long‑context | ~$5 / $25 | SWE‑bench Pro 69.2 | Standard |
| GLM‑5.2 | Zhipu AI | Open weights (MIT) | 1 M tokens | ~$1.40 / $4.40 | SWE‑bench Pro 62.1 | None (open weight) |
| GPT‑5.5 | OpenAI | General | Long‑context | ~$5 / $30 | SWE‑bench Pro 58.6 | Standard |
GLM‑5.2 uses a Mixture‑of‑Experts design (≈750 B total parameters, ~40 B active per token). On Semgrep’s IDOR benchmark it scored 39 % F1, beating Claude Code’s 32 %.
Cost‑wise, Fable 5 averaged $31 per AA‑Briefcase task, while GLM‑5.2 averaged $2.40.
Access and a quick API example
Fable 5 is included in Pro, Max, Team and selected Enterprise plans through 7 July 2026, covering up to 50 % of weekly usage limits. After that, usage draws from standard credits. The model is also re‑enabled on AWS, Google Cloud and Microsoft Foundry.
Developers call the model with the claude-fable-5 identifier:
from anthropic import Anthropic
client = Anthrop ic() # reads ANTHROPIC_API_KEY from the environment
message = client.messages.create(
model="claude-fable-5",
max_tokens=1024,
messages=[{"role": "user", "content": "Refactor this module for readability."}]
)
print(message.content)
If the safety classifier triggers, the response comes from Opus 4.8; the API contract remains unchanged.
Key takeaways
- Fable 5 returned on 1 July 2026 after export controls were lifted.
- A new classifier blocks the reported bypass in > 99 % of cases.
- Blocked requests are transparently rerouted to Opus 4.8, not rejected.
- Anthropic proposes a four‑criteria framework for scoring jailbreaks.
- During the pause, GLM‑5.2 emerged as a cheaper open‑weight competitor.





















