On June 9, 2026, Anthropic made Claude Fable 5 publicly available, billing it as the most capable model it has ever released to the general public. Behind that unusual name lies a real break with the past: Fable 5 is the first Mythos-class model accessible to a broad audience — a family of models so capable in cybersecurity and the life sciences that Anthropic had deliberately delayed its rollout back in April. Just days after warning that "AI is becoming too dangerous," the company is taking the plunge — but with a new kind of safeguard.
For developers, researchers, and security teams, Fable 5 is not just one more iteration. With 80.3% on SWE-Bench Pro (versus 69.2% for Opus 4.8) and a migration of 50 million lines of Ruby wrapped up in a single day at Stripe, this is a step change in capability. Let's break down what this model actually delivers, and why its release comes with a security setup that's unprecedented in the industry.
From Mythos Preview to Fable 5: a deliberate scaling-up
The story begins in April 2026, when Anthropic unveiled Mythos, a new class of models whose capabilities surpassed anything the company had produced before. Deemed too sensitive — particularly in offensive cybersecurity and molecular biology — those capabilities stayed under restricted access, under the name Mythos Preview, reserved for a handful of carefully vetted partners.
Fable 5 is Anthropic's answer to the question: "how do we open up this power without making it dangerous?" The underlying model is identical to the Mythos-class model, but it ships with a system of safety classifiers that intercept high-risk requests. It's this combination — cutting-edge capabilities plus automatic safeguards — that makes a public release possible.
This launch comes amid a busy strategic backdrop. Anthropic has just closed a funding round at a valuation of $965 billion and confidentially filed its IPO prospectus with the SEC. The trajectory is clear: as I noted in my article on Anthropic's funding round, the company is turning its technical lead into commercial advantage ahead of the IPO.
Benchmarks: a widening gap
The figures published by Anthropic paint a clear gap with the previous generation and with the competition. Here are the most telling results.
Software engineering: SWE-Bench Pro and FrontierCode
On SWE-Bench Pro, the reference benchmark for solving real-world engineering tasks drawn from GitHub repositories, the gaps are stark:
- Claude Fable 5: 80.3%
- Claude Opus 4.8: 69.2%
- GPT-5.5: 58.6%
- Gemini 3.1 Pro: 54.2%
The gap is even more dramatic on FrontierCode, a Cognition benchmark that measures the most demanding coding tasks under production conditions. Fable 5 reaches 29.3% there — more than double Opus 4.8 (13.4%) and nearly five times GPT-5.5's score (5.7%). On this kind of problem, most models are still stuck very low — which makes Fable 5's jump all the more notable.
Stripe's account sums up the real-world impact: a migration of a 50-million-line Ruby codebase, which would have taken an entire team more than two months, was completed in a single day. GitHub, for its part, speaks of "a level of autonomy and reliability that exceeds previous benchmarks," and Cursor talks about "long-horizon problems that were previously out of reach."
Vision, finance, and analytics
Fable 5 reaches state of the art in vision: it extracts precise figures from screenshots and can reconstruct code from a simple image of an interface. On Hebbia's financial benchmark — table analysis and interpretation of financial data — it posts the best score of any model. And on an analytics benchmark, it's the first model to break the 90% barrier.
Agentic capabilities and persistent memory
Where Fable 5 really shines is in long-horizon tasks that leverage persistent memory. On the game Slay the Spire, the model triples its performance when it can take notes and revisit them. This ability to "learn from its own traces" across millions of tokens is at the heart of what I described in my overview of autonomous AI agents in 2026: the next generation of AI no longer just answers — it plans and perseveres.
Technical specifications and pricing
Fable 5 keeps the 1 million token context window at standard pricing, with no long-context premium, and output of up to 128K tokens. On the reasoning side, the model follows in the line of Opus 4.7/4.8 with adaptive thinking: the model decides when and how much to think, with no fixed token budget to set manually.
Pricing, on the other hand, marks a break: $10 per million input tokens and $50 per million output tokens, double that of Opus 4.8 ($5 / $25). That's the price of the Mythos class. Worth noting for developers: the model is exposed via the identifier claude-fable-5, and it enforces adaptive thinking (explicitly disabling thinking returns a 400 error — you simply omit the parameter).
| Feature | Claude Fable 5 | Claude Opus 4.8 |
|---|---|---|
| Context window | 1M tokens | 1M tokens |
| Max output | 128K tokens | 128K tokens |
| Input price | $10 / M tokens | $5 / M tokens |
| Output price | $50 / M tokens | $25 / M tokens |
| SWE-Bench Pro | 80.3% | 69.2% |
| Mythos-class safeguards | Yes | No |
A new kind of safeguard
This is what really sets this launch apart. Without protection, Fable 5's capabilities in cybersecurity, biology, chemistry, and model distillation could be misused to cause real harm. So Anthropic built a security setup that operates at the model level, in real time.
How it works in practice
The mechanism relies on AI classifiers that monitor three high-risk domains:
- Cybersecurity: blocking the exploitation of vulnerabilities and offensive hacking.
- Biology and chemistry: intercepting requests related to the design of pathogens (Mythos 5 outperforms specialized models on the design of AAV viruses, hence the caution).
- Distillation: preventing the extraction of the model's capabilities into competing models.
When a request is deemed risky, it isn't curtly refused: it's automatically rerouted to the Claude Opus 4.8 model, which is less powerful in these sensitive domains. The user gets an answer, just without the Mythos-class capabilities. According to Anthropic, this rerouting is triggered on average in fewer than 5% of sessions — the vast majority of legitimate uses are never affected.
Robustness put to the test
Anthropic subjected its classifiers to rigorous scrutiny before release. Internally, 400 jailbreak attempts spread across 10 sensitive tasks resulted in a 0% success rate. Externally, a bug bounty program racked up more than 1,000 hours of testing without anyone finding a universal jailbreak. Across 30 bypass techniques tested, no harmful request was fulfilled.
This approach stands in contrast to the prompt-injection attacks that toppled the safeguards of competing models, as I detailed regarding GRP-Obliteration. Here, Anthropic is betting on defense in depth, controlled at the inference level rather than through simple prompt filtering.
Claude Mythos 5: the twin reserved for cyber defenders
Alongside Fable 5, Anthropic is launching Claude Mythos 5 — exactly the same model, but with the cybersecurity safeguards lifted. It's described as having "the most powerful cybersecurity capabilities of any model in the world."
On ExploitBench, an offensive cybersecurity benchmark, the gap is telling:
- Mythos 5: 78%
- Mythos Preview: 69%
- Opus 4.8: 40%
Mythos 5 is not freely available. It's being deployed initially through Project Glasswing, in collaboration with the U.S. government, and aimed at a small group of cyber defenders and critical-infrastructure providers. The idea: put offensive power in the hands of those who defend, before it falls into the hands of attackers. The program plans a gradual expansion, notably into biology.
Life sciences: a qualitative leap
Beyond code, it's in scientific research that the Mythos class is most impressive. On molecular biology hypotheses, the model is preferred over the Opus models in roughly 80% of cases by expert evaluators. In genomics, one platform processed single-cell data from millions of cells across 138 animal species, working autonomously for more than a week, producing a machine learning model 100 times smaller than the one published in the journal Science.
The Allen Institute describes Mythos 5 as a "senior-researcher-level" model. Anthropic points to a roughly 10x acceleration in the design of therapeutic proteins. These are precisely the capabilities that justify Fable 5's biology/chemistry safeguards: a tool capable of designing therapies is, in theory, also capable of designing pathogens.
Availability and retention policy
Fable 5 is available immediately via the Claude API and on the main cloud platforms (AWS, Google Cloud Vertex AI, Microsoft Foundry). For subscribers, it's included in the Pro, Max, Team, and Enterprise plans through June 22; beyond that, using it will require usage credits.
One point deserves the attention of privacy-conscious companies: with the Mythos class, Anthropic imposes 30-day retention on all traffic, including for customers who previously benefited from zero retention. This data is not used for training — it's kept solely for security purposes (detecting complex attacks and jailbreaks), with logged human access and deletion after 30 days. It's a deliberate trade-off between opening up capabilities and keeping risk under control.
FAQ
What's the difference between Claude Fable 5 and Claude Mythos 5?
They're the same underlying, Mythos-class model. Fable 5 is the public version, shipped with safety classifiers that reroute high-risk requests (cybersecurity, biology/chemistry, distillation) to Claude Opus 4.8. Mythos 5 is the version without the cybersecurity safeguards, reserved for a restricted circle of cyber defenders via Project Glasswing, in partnership with the U.S. government. In short: Fable 5 for everyone, Mythos 5 for accredited experts.
Is Fable 5 worth its price, double that of Opus 4.8?
It depends on the use case. At $10/$50 per million tokens versus $5/$25 for Opus 4.8, Fable 5 costs twice as much. For everyday tasks (summarization, classification, simple generation), Opus 4.8 or Sonnet 4.6 remain more cost-effective. But on long-horizon problems — massive migrations, refactoring large codebases, scientific research — the capability gap (80.3% vs 69.2% on SWE-Bench Pro) can justify the premium, especially when a single day of Fable 5 replaces two months of human work, as at Stripe.
Do Fable 5's safeguards get in the way of legitimate cybersecurity work?
Marginally. Rerouting to Opus 4.8 kicks in on average in fewer than 5% of sessions. A pentester working on an authorized audit, a defensive security researcher, or a developer fixing vulnerabilities should not be blocked in the majority of cases. The system targets offensive exploitation and the creation of attack tools, not defensive security. For legitimate offensive needs at scale, Mythos 5 (via Project Glasswing) is the intended route.
How do I use Claude Fable 5 in my own applications?
Via the Claude API, by specifying the model identifier claude-fable-5. The model enforces adaptive thinking (thinking: {type: "adaptive"}); sampling parameters like temperature or top_p and the old budget_tokens return a 400 error. Remember to enable streaming for large outputs to avoid timeouts. To get started, the simplest approach remains the official Anthropic SDK, as I show in my article on Claude Code.
Why did Anthropic wait to release this model?
Because Mythos-class capabilities are dual-use. In cybersecurity as in biology, the same model that helps you defend can help you attack. Anthropic first limited access (Mythos Preview) while it developed and tested robust safeguards. The release of Fable 5 was only made possible after the classifiers were validated: a 0% success rate across 400 internal jailbreak attempts, and more than 1,000 hours of external bug bounty with no universal bypass found.
Conclusion: power, with conditions
Claude Fable 5 marks a shift in how the AI industry approaches its most powerful models. It's no longer just a question of raw performance — even if, with 80.3% on SWE-Bench Pro and cutting-edge results in finance, vision, and the sciences, the performance is very much there. It's now a question of balance between capability and responsibility.
By separating a public, safeguarded model (Fable 5) from an expert, unrestricted one (Mythos 5), Anthropic is proposing a governance model that could set a precedent: open up broadly what is safe, strictly restrict what is not, and instrument the whole thing with verifiable defenses. It remains to be seen whether this trade-off — including the mandatory 30-day retention — will be accepted by the companies most demanding about confidentiality.
For developers and technical teams, the message is unambiguous: the bar just went up a notch. Tasks that yesterday were handed to several engineers over several weeks become, for some of them, the matter of a well-scoped session. It's up to us to scope those sessions intelligently — and to keep control over what these models produce.
Comments