Claude Fable 5 is the first Mythos-class AI released to the public, built on the same model family that helped uncover 271 security vulnerabilities buried in Firefox's code for up to 20 years

Anthropic released Claude Fable 5 on Tuesday, the first model in the company’s Mythos class made available to the general public. The launch comes two months after Anthropic announced it would not release its Mythos Preview model due to concerns about its cybersecurity capabilities, and follows an earlier period in which Mythos Preview was deployed only to a managed group of infrastructure partners.

Fable 5 shares its underlying architecture with Claude Mythos 5, a model Anthropic released simultaneously but kept restricted to participants in Project Glasswing, the company’s managed security programme. The two models are, in Anthropic’s description, the same underlying system. The difference is the presence of classifiers in Fable 5 that intercept queries touching cybersecurity, biology, chemistry, and what Anthropic identifies as attempts to extract the model’s capabilities for competitive use. Those queries are handed to Claude Opus 4.8 rather than answered by Fable 5 directly. Anthropic says the handoff triggers in fewer than 5 per cent of sessions.

Fable 5 is priced at USD 10 per million input tokens and USD 50 per million output tokens, less than half the pricing applied to Mythos Preview since April. Subscribers on Pro, Max, Team, and seat-based Enterprise plans have access without additional charge through 22 June, after which Anthropic will move to a credits-based model while demand and supply stabilise.

What Glasswing found

The reason the capabilities of these models require classifier-level management, rather than ordinary content policy, is visible in what Mythos Preview produced during the months it was in restricted use. When Anthropic announced Project Glasswing on 7 April, it described Mythos Preview as the first general-purpose AI model capable of surpassing all but the most skilled human researchers at finding and exploiting software vulnerabilities. That claim was not abstract. In its first month of partner use, the model helped organisations including Cloudflare, Mozilla, and Palo Alto Networks find what Anthropic says amounts to more than ten thousand high- or critical-severity vulnerabilities across their systems.

Mozilla’s experience is the most detailed publicly available account. In a post on the Mozilla Blog from 21 April, Bobby Holley described applying Mythos Preview to the Firefox codebase; a subsequent technical post from Mozilla’s security engineers described an agentic pipeline in which the model built and ran its own test cases to verify findings before reporting them. The result was 271 vulnerabilities fixed in Firefox 150, compared with 22 found by Claude Opus 4.6 in Firefox 148. The subsequent technical writeup from Mozilla’s developers noted that among the fixed bugs were a 15-year-old flaw in the HTML <legend> element and a 20-year-old vulnerability in the XSLT engine, both of which had survived years of internal fuzzing and manual review.

Separately, Anthropic reported in a May update on Glasswing that it had scanned more than 1,000 open-source software projects using Mythos Preview and found what it estimates to be 6,202 high- or critical-severity vulnerabilities. Triaging those findings has become its own constraint: several open-source maintainers have told Anthropic they cannot absorb incoming reports quickly enough. On average, a high- or critical-severity bug confirmed by Mythos Preview takes two weeks to patch.

What Fable 5 is actually for

The version most users and developers will encounter is not a cybersecurity tool. Anthropic describes Fable 5 as state-of-the-art across software engineering, knowledge work, vision, and scientific research, with performance advantages that compound on longer and more complex tasks. Stripe reported during early testing that Fable 5 completed a codebase-wide migration across a 50-million-line Ruby codebase in a day that would otherwise have taken a whole team more than two months. On Hebbia’s senior-level finance reasoning benchmark, Fable 5 scored highest of any model tested.

The vision capabilities are new in their degree. According to Anthropic’s launch materials, the model can extract precise figures from detailed scientific charts and reconstruct a web application’s source code from screenshots alone, with no additional scaffolding. These are the kinds of tasks that have typically required custom integration work against structured APIs; Fable 5 does them from visual input.

For general users, the cybersecurity side of the model is largely invisible. That, in some ways, is the point of the Fable/Mythos split: Anthropic is attempting to deploy the capability without deploying the risk, by keeping the unrestricted version in a programme it controls while releasing a guardrailed version to everyone else.

The stronger model stays restricted

Claude Mythos 5 also launched on Tuesday, and it is, in Anthropic’s own description, the same underlying model as Fable 5 with the classifiers lifted in specific areas. Access remains limited to organisations that cleared the Glasswing approval process and, separately, to a small group of biology researchers. Anthropic has said it intends to expand the Mythos 5 trusted access programme beyond the current Glasswing cohort but has not given a timeline.

The gap between Mythos Preview and Mythos 5 matters here. Fable 5 and Mythos 5 represent a new generation: they are more capable than Mythos Preview, the model responsible for the Firefox findings. Whether the next generation’s cybersecurity capabilities scale proportionately with its other capabilities is not yet clear from public information, though Anthropic describes Mythos 5 as carrying “the strongest cybersecurity capabilities of any model in the world.”

The launch also follows a public statement from Anthropic urging major AI laboratories to establish coordinated limits on frontier model development. The company warned that current systems are advancing toward the capacity to improve themselves autonomously without human intervention. Fable 5 and Mythos 5 are the first large-scale commercial deployment of the model class that prompted that warning.

What to watch next

The immediate question is whether Anthropic’s classifier architecture holds under adversarial use at scale. The company says an external bug bounty logged over 1,000 hours of testing with no universal jailbreaks found, and separate external red-teaming organisations also found none. It acknowledges that novel attacks remain possible. Anthropic has specifically noted that the UK AI Security Institute made early progress toward a universal jailbreak within an initial testing window, though none was completed.

Beyond that, the Glasswing programme itself is still running. Anthropic’s dashboard of open-source vulnerability disclosures is public, and the company has said its scanning of open-source projects will continue. The bottleneck has shifted from finding vulnerabilities to patching them, and the pace at which maintainers can absorb and fix AI-identified bugs will be the next measure of whether the programme translates into durable security improvements rather than an accumulation of disclosed but unresolved findings.

Anthropic has also indicated it intends to expand Mythos 5 access through a broader trusted-access programme. When that expansion happens, and what criteria it applies, will give the clearest signal yet of how the company plans to manage the tension between deploying a capable model and limiting its most dangerous applications.