Claude Fable 5 Launches With Tight Safety

Anthropic had been building Mythos into something of a legend — a model so capable it warranted its own mythology around whether it should ever be released publicly. What actually landed is Claude Fable 5, officially described as a "Mythos class model made safe for general use." Whether you read that as responsible deployment or strategic repositioning probably says more about your priors than theirs.

The naming alone is worth sitting with. The Mythos narrative that Anthropic had been cultivating — a model that found decades-old software vulnerabilities, that broke benchmark ceilings — gets quietly repackaged into something called Fable. A fable, of course, is a story that teaches a lesson. Whether that's intentional branding or a coincidence, it landed with a thud for some observers.

Developer Sam Witteveen, who put out an early hands-on assessment within a day of launch, frames it plainly: "What we're getting is not the full Mythos 5 release." The full Mythos 5 exists, apparently, and is being made available through something called Project Glass Wing — which by Witteveen's read means enterprise customers with both serious spend and credible use cases. Everyone else gets Fable 5.

What the benchmarks actually show

On paper, the performance story is compelling. Fable 5 clears Opus 4.8 by substantial margins on coding benchmarks, and edges out GPT-5.5 across several categories — not a small claim given that GPT-5.5's own benchmark dominance didn't translate cleanly to felt experience for most users. On the new Frontier Code benchmark from Ignition, Fable 5 scores more than double what Opus 4.8 managed, which is genuinely notable for agentic coding workflows.

But Witteveen is careful not to over-sell it, and I think that's the right instinct. On tool use and computer use benchmarks, the gap over Opus 4.8 is modest. Legal reasoning is apparently a standout — nearly 30% better than Opus 4.8, meaningfully ahead of GPT-5.5 — but that raises the question Witteveen asks directly: "This makes me wonder how much they're actually cherrypicking which benchmarks they're doing well at versus which they aren't."

The cherrypicking concern is legitimate and isn't unique to Anthropic. Every frontier lab publishes the benchmarks that flatter their model. The more honest framing, which Witteveen also offers, is that real-world evaluation takes days or weeks — particularly for complex agentic tasks where token efficiency and reasoning consistency matter as much as raw benchmark scores.

Pricing came in lower than many expected. Fable 5 is $10 per million tokens input, $50 per million tokens output — double Opus 4.8, but reportedly less than half the price of the Mythos preview. Witteveen attributes the relative affordability to a compute deal that gave Anthropic more inference capacity at scale, which is plausible. Double the price of the previous flagship is still not trivial for high-volume API users trying to decide whether the capability gains actually justify the spend.

The safety question is more interesting than it looks

Here's where things get genuinely complicated. Fable 5 ships with aggressive safety classifiers covering three domains: cybersecurity and malware-related queries, life sciences and biology, and — this one is unusual — attempts to elicit the model's chain-of-thought reasoning. When the classifier triggers, the model doesn't refuse and explain. It silently switches the conversation to Opus 4.8 and keeps going, with a UI notification that safety measures flagged the message.

The cybersecurity restrictions are predictable enough. Witteveen acknowledges this: "If you've hyped up Mythos so much that it can basically go and hack everything, probably one of the first things that people are going to try is, hey, go and hack something for me." Fair. Anyone who has watched AI security discourse for more than a few months knows the pattern — capability claims invite immediate adversarial probing. Locking down the most obvious attack vectors at launch isn't paranoia, it's hygiene.

The biology restrictions are harder to defend at their current sensitivity level. Witteveen's test query asked Fable 5 to break down current Ebola outbreaks and assess the risks for the World Cup. Public health epidemiology, in other words. The model switched to Opus 4.8 anyway. Adjusted phrasing, same result. "The fact that I haven't really asked for any sort of recipe about Ebola or anything like that," Witteveen notes. "I've just asked it to break down the current Ebola outbreaks, what are the key risks for the World Cup in the US and how they could be mitigated."

That's a failure mode with real consequences. If a biology-adjacent query about a public health risk at a major sporting event triggers the same classifier as a request for pathogen synthesis routes, the classifier isn't doing precision work — it's doing pattern matching on topic proximity. For researchers, public health communicators, science journalists, or anyone using the API to build health information tools, a hair-trigger biology classifier isn't a minor inconvenience. It breaks entire use cases.

The chain-of-thought restriction is the most technically interesting signal. Anthropic has apparently trained a classifier specifically to block attempts to extract the model's extended reasoning. Witteveen's read is that this suggests chain-of-thought quality might be a significant part of what makes Fable 5 work — and that Anthropic wants to protect that mechanism both from reverse engineering and from prompt injection attacks. The classifier reportedly reviews the full conversation context, not just the latest message, which closes some obvious file-upload and memory-injection workarounds.

The data retention shift deserves more attention

Buried under the benchmark coverage is a policy change with potentially significant enterprise implications. Anthropic now requires 30-day data retention for all traffic on Mythos-class models, including on third-party surfaces. Previously, enterprise customers running Anthropic models through cloud providers like Google Cloud could operate with the understanding that Anthropic didn't have access to their data. That understanding no longer holds for Fable 5.

Anthropic states the retained data won't be used for training new models or for non-safety purposes — specifically, it wants to capture jailbreak attempts quickly enough to patch them. That's a coherent operational reason. Whether enterprise customers find it sufficient depends heavily on their own compliance posture, their contractual obligations to their users, and frankly their level of trust in how AI companies handle "derivatives of data" — a concern Witteveen raises explicitly, and one that has come up repeatedly in how labs have navigated the gap between policy language and actual data handling. The early Mythos leak reporting raised similar questions about what Anthropic chooses to disclose versus withhold about how its most capable models actually operate.

Healthcare, legal, and financial sector customers in particular should read the updated terms before routing Fable 5 traffic through their existing infrastructure. This isn't alarmism — it's the kind of thing that tends to surface during audit cycles at the worst possible moment.

The subscription math

Fable 5 is currently included in Anthropic's Pro and Max plans through June 22. After that, it shifts to API token pricing. Anthropic says it aims to restore Fable 5 to subscription plans, but hasn't committed to timeline or tiers. Witteveen's bet: it probably returns to Max only, not Pro.

Reading between the lines, Anthropic is signaling that the all-you-can-eat subscription model faces structural limits as these models get more expensive to serve. That's not surprising — it's a version of the same conversation OpenAI has been having about compute economics. What it means practically is that organizations doing high-volume inference with Fable 5 should model their costs against API pricing now, rather than assuming subscription parity will return soon or at the same price point.

For individual developers evaluating the model, the honest question is whether Fable 5 does enough more than Opus 4.8 — at double the cost and with more restrictive behavior — to justify the switch for their specific workload. On complex reasoning and advanced coding tasks, possibly yes. For anything touching biology, cybersecurity research, or use cases that require understanding the model's reasoning process, the current restrictions may make the capability gains academic until Anthropic recalibrates its classifiers.

The version of this model that actually matters — the one where the safety systems are tuned precisely enough to distinguish epidemic risk assessment from bioweapon synthesis, or CTF challenge walkthroughs from attack planning — isn't here yet. Whether it gets there, and how fast, is probably the more important story than the launch itself.

Rachel "Rach" Kovacs is Buzzrag's cybersecurity and privacy correspondent.