Anthropic launched Claude Fable 5, its strongest generally available Claude model, with safeguards that route some high-risk requests to Claude Opus 4.8 to reduce misuse risk rather than letting the frontier model answer.

The launch affects Claude users, business customers, developers, cybersecurity teams, biomedical researchers, and AI buyers because Anthropic is giving general users access to its strongest Claude model under most conditions, while making safeguards, fallback behavior, trusted access, and data-retention rules part of how organizations evaluate frontier AI.

The result is a new kind of AI access model. For many users, the question is no longer only which model is most capable. The question is which capabilities they are allowed to use, under which safeguards, and in which risk categories.

In short, Claude Fable 5 is the general-use version of Anthropic’s newest frontier model, while Claude Mythos 5 is the trusted-access version for approved partners. When Fable 5 detects certain cyber, biology, chemistry, or model-distillation requests, Anthropic says the system sends the response to Claude Opus 4.8 instead of letting Fable answer.

Tiered frontier AI access means advanced model capabilities are not made available in the same way to every user, but are divided by user trust, risk area, and approved use case.

Claude Fable 5 is Anthropic’s strongest generally available Claude model, while Claude Mythos 5 is the same underlying model with selected safeguards lifted for approved partners.

Anthropic describes Claude Fable 5 as a Mythos-class model made safe for general use. The company says the model exceeds the capabilities of any Claude model it has previously made generally available, with strong results in software engineering, knowledge work, vision, scientific research, and long-running, complex tasks.

Anthropic also says Fable 5 and Mythos 5 can work autonomously for longer than previous Claude models, with stronger performance on tasks that require extended context, planning, and self-correction.

Anthropic says releasing a model this capable creates safety risks, especially in areas such as cybersecurity. Without safeguards, the company says Fable 5’s capabilities could be misused to cause serious damage, which is why some high-risk requests are routed to Claude Opus 4.8, Anthropic’s next-most-capable model, instead of being answered by Fable 5. Those requests can include cyberattack-related tasks, scientific work that could be misused in biology or chemistry, and attempts to distill or copy the model’s capabilities.

Anthropic says it tuned these safeguards conservatively so it could release the model safely and quickly. That means the system may sometimes catch harmless requests, although Anthropic says the safeguards trigger in less than 5% of sessions on average. The company says it is working to improve the safeguards and reduce false positives as more capable models arrive.

For businesses, the practical question is whether Fable 5’s safeguards match the work they need the model to do. Most general business tasks may use the frontier model normally, but teams working in cybersecurity, scientific research, infrastructure, or other sensitive areas may need to understand when a request could be routed to Claude Opus 4.8 instead.

Alongside Fable 5, Anthropic launched Claude Mythos 5 for a smaller group of cyberdefenders and infrastructure providers. Mythos 5 uses the same underlying model as Fable 5, but with safeguards lifted in some areas for approved partners.

Beginning today, users who currently have access to Claude Mythos Preview, including cybersecurity partners in Project Glasswing, can upgrade to Claude Mythos 5. Mythos 5 will initially be deployed through Project Glasswing, Anthropic’s collaboration with the U.S. government for selected cyber defenders and critical infrastructure partners, with cyber safeguards lifted.

Anthropic describes Mythos 5 as comparable to, or somewhat stronger than, Mythos Preview in most cases, while costing substantially less. The company also says Claude Mythos 5 has the strongest cybersecurity capabilities of any model in the world.

The same capabilities that create safety concerns could also support defensive and scientific work. Anthropic points to Project Glasswing, where it says Mythos-class models have helped cyber defenders secure critical software. It also says the models are already supporting life sciences research by generating novel hypotheses and speeding up the development of new therapeutics.

Claude Fable 5 is available everywhere starting today, while Claude Mythos 5 remains restricted to approved partners. Anthropic also plans to later give select biology researchers access to Fable 5 with biology and chemistry safeguards removed, while cyber safeguards remain in place.

Anthropic is also planning broader trusted-access programs. Cybersecurity organizations will be able to apply for Mythos 5 access in a more systematic way, though Anthropic has not yet detailed how that application process will work. A separate biology program will be limited to selected biomedical researchers and life science organizations. Anthropic says the biology program is intended to help advance biomedical research and discover new therapies.

Both Fable 5 and Mythos 5 are priced at $10 per million input tokens and $50 per million output tokens, which Anthropic says is less than half the price of Claude Mythos Preview. Developers can use claude-fable-5 through the Claude API.

For the Claude API and consumption-based Enterprise plans, Fable 5 is fully available starting today. For subscription plans, Anthropic is rolling out access in stages because it expects demand to be high and difficult to predict.

From today through June 22, Fable 5 is included on Pro, Max, Team, and seat-based Enterprise plans at no extra cost. On June 23, Anthropic says it will remove Fable 5 from those plans, and using it afterward will require usage credits unless capacity allows the company to extend the included window.

Anthropic says it aims to restore Fable 5 as a standard part of subscription plans once capacity allows. The company says it will communicate changes ahead of time so users know where access stands.

Anthropic says Claude Fable 5 and Claude Mythos 5 show stronger capabilities across software engineering, knowledge work, vision, memory, long-context tasks, and life sciences research.

Anthropic says Mythos-class models have reached a capability level that creates significant safety risks. In April, the company launched Claude Mythos Preview through Project Glasswing, limiting access to a small group of cyber defenders and critical software infrastructure providers while it worked on stronger safeguards.

Anthropic says it has improved those safeguards over the past few months and now considers them strong enough for a broader release as Claude Fable 5. The company also says the safeguards are intentionally cautious, which means benign requests may sometimes trigger the system. Anthropic says its goal is to reduce false positives as it updates the safeguards after launch.

The concern is not only that Mythos-class models are powerful, but that they could give malicious actors new practical help in cybersecurity or research biology. The company describes this as uplift, meaning the model could provide information or advice that helps someone cause serious harm in ways they could not easily achieve through other sources, such as internet search. Anthropic also says many advanced AI uses are dual use, where the same request could help a cybersecurity professional or biology researcher in a legitimate setting but become dangerous in the hands of a malicious actor.

Because of that risk, Anthropic says Fable 5’s safeguards need broad coverage and must withstand sustained attempts to bypass them, also known as jailbreaking. The company says Mythos-level capabilities could be valuable to adversaries, including people seeking financial gain through cyberattacks, which is why it expects some users to try to circumvent the safeguards.

Fable 5 includes a new set of safety classifiers, which are separate AI systems designed to detect possible misuse, including jailbreak attempts. When the classifiers detect certain requests, the main Fable 5 model does not answer.

Instead, Anthropic says those responses are automatically handled by Claude Opus 4.8, the company’s next-most-capable model. Anthropic says users will be told when this fallback occurs.

The fallback is meant to provide a better user experience than an outright refusal. Claude Opus 4.8 is still a highly capable model, and Anthropic says more than 95% of Fable 5 sessions involve no fallback at all. In those sessions, Anthropic says Fable 5’s performance is effectively the same as Mythos 5.

Anthropic breaks the classifier coverage into three main risk areas, each tied to a different misuse concern.

1. Cybersecurity

Mythos-class models are strong at discovering and exploiting software vulnerabilities, which could make cyberattacks easier and cheaper to commit. The company also says the models show strong agentic hacking skills, including reconnaissance, discovery, lateral movement, and other steps involved in cyberattacks beyond finding exploits. Anthropic designed its cybersecurity classifiers to cover both exploitation and broader cyberattack-related tasks.

Anthropic says it tested the cyber classifiers through internal red-teaming, an external bug bounty, and outside red-teaming organizations. The company says the bug bounty produced no universal jailbreaks after more than 1,000 hours of testing, and external red-teamers have not found universal jailbreaks on long-form agentic tasks so far. Anthropic also notes that the U.K. AI Security Institute made progress toward one during an early testing window.

Anthropic says it is likely impossible to prevent every universal jailbreak. Its goal is to make any remaining jailbreaks slow and costly enough to detect and stop before they can be used at scale.

The company noted that one external partner found Fable 5’s safeguards against harmful cyber queries to be the most robust of any model tested, including Opus 4.8 and Opus 4.7. In that test, Fable 5 complied with zero harmful single-turn requests involving cyberattack planning, exploit development, or defense evasion, even when the requests used any of the 30 public jailbreak techniques.

2. Biology and chemistry

In biology and chemistry, Anthropic says its earlier safeguards focused on a narrower set of bioweapons-related requests, but the company no longer views that as sufficient. Anthropic gives two reasons: well-resourced malicious actors may try to use advanced models for risky biological research, and newer models are becoming better at completing real-world scientific tasks.

Anthropic points to Mythos 5’s performance on a task related to adeno-associated viruses, or AAVs, which are used to deliver gene therapies. The same capability could create risk if misused to help design dangerous viruses. In Anthropic’s test, models were asked to predict how a genetic modification would affect assembly of the virus’s outer shell, using unpublished therapeutically relevant candidates developed by Dyno Therapeutics. Anthropic says Mythos-class models were not explicitly trained for that task but still outperformed specialized protein language models using biological reasoning alone.

Anthropic says that result shows both the promise and the risk of these capabilities. The same biology skills could help with gene therapy research and biomedical development, but they could also be dangerous in the wrong hands. For now, Anthropic says Fable 5 will fall back to Claude Opus 4.8 on most biology and chemistry requests. The company says it hopes to narrow those safeguards over time because false positives could interfere with legitimate scientific work.

3. Distillation

The third category is distillation, which refers to attempts to extract a model’s capabilities to train another model. Anthropic says it has previously identified large-scale attempts to distill Claude’s capabilities to train competing models in authoritarian countries. The company says distilling Fable 5’s abilities could spread near-frontier AI capabilities without the same safeguards. Requests flagged as part of distillation attempts will fall back to Opus 4.8.

Anthropic is also changing how it handles business customer data for Fable 5, Mythos 5, and future models with similar or higher capability levels. The company says it will require 30-day retention for all traffic on Mythos-class models, across both first-party and third-party surfaces.

Anthropic says it will not use that data to train new Claude models or for any non-safety-related purpose. The retained data will help it defend against complex and novel attacks, including new jailbreaks and attacks that unfold across many requests. Anthropic also says the data will help it identify and reduce false positives.

It has added privacy protections, including logging all human access to the data and ensuring its deletion after 30 days in almost all cases.

For business customers, the change means Mythos-class models come with a different data-handling rule than some teams may expect. Anthropic is tying 30-day retention to safety monitoring, including detection of complex attacks, new jailbreaks, and false positives.

That makes the retention policy part of the model evaluation process. Companies using Fable 5, Mythos 5, or future models at similar capability levels may need to review how the policy fits their privacy, compliance, and data governance requirements.

Anthropic’s benchmark table shows Fable/Mythos 5 outperforming earlier Claude models and several competing frontier models across several categories. The comparison is not always one-to-one because Anthropic groups Claude Fable 5 and Claude Mythos 5 together in the table.

The footnote on the benchmark graphic adds important context: the two models are usually within 1 to 3 percentage points of each other, while starred benchmarks show a larger difference because Fable 5’s safeguards block some cybersecurity and biology-related questions.

That means the table is not always a simple measure of what every Fable 5 user will experience. For ordinary tasks where Fable 5 does not trigger a fallback, Anthropic says Fable 5 performs effectively the same as Mythos 5. For risk-sensitive categories, Fable 5 may behave closer to Opus 4.8 because of the fallback system.

The model still shows broad gains in Anthropic’s reported results:

The cybersecurity and biology results are more complicated because of the safety fallback design:

The benchmark table is useful for seeing how Anthropic compares Fable/Mythos 5 against earlier Claude models and other frontier systems. But because Anthropic combines Fable 5 and Mythos 5 in one column, the results should not be read as a perfect snapshot of every Fable 5 session. The scores show Anthropic’s reported capability gains; the fallback notes explain why real-world access may still depend on the type of request.

The most important part of this launch is the access model.

Until now, many AI product decisions have been described in terms of model names, subscription tiers, context windows, tool access, or API pricing. Anthropic’s Fable 5 and Mythos 5 launch adds a different layer. Users may have access to the same underlying model, but not necessarily the same model behavior in every domain.

That may become more common as models gain stronger skills in cybersecurity, biological research, code execution, infrastructure analysis, and autonomous workflows. These are areas where the same capability can support legitimate work or enable serious misuse.

For most ordinary users and businesses, Fable 5 represents a step up in capability for everyday work such as documents, spreadsheets, coding, research, analysis, and visual tasks, with very few fallback scenarios. Cybersecurity teams, biomedical companies, and AI research labs may encounter more routing, restrictions, or trusted-access requirements.

The practical effect is that model capability and access rules are becoming connected. Fable 5 may be the stronger general-use model, but Anthropic is drawing clearer boundaries around who can use the most sensitive capabilities and under what conditions.

Q: What is Claude Fable 5?
A: Claude Fable 5 is Anthropic’s strongest generally available Claude model. Anthropic also introduced Claude Mythos 5 for approved cyberdefense and infrastructure partners. Both use the same underlying Mythos-class model, but Fable 5 includes safeguards for general use.

Q: Why does Claude Fable 5 sometimes use Opus 4.8 instead?
A: Claude Fable 5 uses safety classifiers to detect certain cybersecurity, biology, chemistry, and model-distillation requests. When those classifiers trigger, Anthropic says the response is handled by Claude Opus 4.8 instead of Fable 5, and users are informed when the fallback happens.

Q: What is the difference between Claude Fable 5 and Claude Mythos 5?
A: Claude Mythos 5 is the trusted-access version of the same underlying model, with some safeguards lifted for approved partners. Claude Fable 5 is the general-use version, designed to give broader access to the frontier model while limiting responses in higher-risk categories.

Q: Why does Claude Fable 5 matter for businesses and AI users?
A: The launch shows that frontier AI access may become tiered by trust level, use case, and risk area. Businesses may need to evaluate not only model performance, but also fallback behavior, data retention rules, and whether their work requires trusted-access approval.

Q: What are the limits of Claude Fable 5?
A: Anthropic says Fable 5’s safeguards are intentionally cautious and may catch harmless requests. It is not yet clear how often legitimate users in cybersecurity, biology, chemistry, or AI research will encounter false positives, or how quickly Anthropic can narrow the safeguards without increasing misuse risk.

Q: Does Anthropic keep data from Claude Fable 5 and Mythos 5?
A: Anthropic will require 30-day retention for all Mythos-class model traffic, including Fable 5 and Mythos 5. The company says it will not use that data to train new Claude models or for non-safety purposes, but business customers may still need to review the policy for privacy, compliance, and governance requirements.

Anthropic’s Claude Fable 5 launch gives general users access to a more capable Claude model, but it also places practical limits on what “access” means. A user may be able to use the frontier model for most tasks, while specific categories of risky work are routed to a safer model.

The larger takeaway is that advanced AI capability is becoming conditional. Anthropic is not only choosing which model to release. It is choosing which parts of that model’s capability should be available to general users, which should be reserved for trusted partners, and which should be monitored through retention and safety systems.

Business leaders, developers, cybersecurity teams, biomedical researchers, AI governance teams, and enterprise buyers should all pay attention. The strongest AI tools may increasingly come with rules that vary by domain, customer type, risk level, and approved use case.

The timing matters because frontier models are becoming more capable at real work, including coding, scientific analysis, long-context reasoning, and autonomous problem-solving. As those capabilities improve, safety systems may move from simple refusals toward routing, fallback models, trusted-access programs, and temporary data retention.

For organizations, the decision is no longer only whether a model is powerful enough. Buyers will need to evaluate whether the model’s safeguards, fallbacks, privacy rules, and access requirements fit their work.

In short, Claude Fable 5 shows how the next phase of AI may not be equal access to the strongest model. Most users may receive the frontier model with safeguards, while trusted partners receive less-restricted access in approved areas. That approach may make powerful AI safer to release, but it also makes model access more complex for users and businesses.

The frontier AI question is moving from “Which model is best?” to “Which capabilities are you trusted to use?”

Editor’s Note: This article was created by Alicia Shapiro, CMO of AiNews.com, with writing support, AEO/GEO/SEO optimization, image concept development, and editorial structuring support from ChatGPT, an AI assistant. All final editorial decisions, perspectives, and publishing choices were made by Alicia Shapiro.