Anthropic's Fable 5 and Mythos 5: Why They Were Pulled, and What Comes Next
On June 9, 2026, Anthropic did something unusual: it released an AI system it had publicly described as almost too capable to put in ordinary hands. Three days later, it turned that system off for everyone.
The names were Claude Fable 5 and Claude Mythos 5. If you missed the news, you are not alone—the story moved fast, mixed genuine alarm with marketing noise, and left a lot of people asking the same question: if these tools are that powerful, why were they offered at all—and what happens when the next version arrives?
TL;DR: Fable 5 and Mythos 5 were two faces of the same underlying AI from Anthropic—one wrapped in heavy safety filters, one with fewer restrictions for trusted security teams. They were pulled globally after the US government cited national security and fears that someone had found a reliable way around the safeguards. The UK government's AI testing lab reported the model could break through defenses most of the time. That combination—rapid capability growth, imperfect locks, and political pressure—is a preview of arguments we will keep having as these systems get smarter.
What were Fable 5 and Mythos 5?
Think of them as siblings built from the same blueprint.
Claude Fable 5 was the public version. Anthropic called it the most capable model it had ever offered to regular customers. It could handle long, messy tasks—rewriting huge codebases, reading dense financial documents, playing video games from screen images alone, even sketching out original scientific ideas. When you asked it something that touched on hacking, dangerous biology, or attempts to copy the model's abilities, automated safety checks quietly handed your request to a slightly less powerful but still capable version called Opus 4.8 instead.
Claude Mythos 5 was the same brain with fewer guardrails. It went to a small group of cyber defenders and critical-infrastructure teams through a US government-linked program called Project Glasswing. The idea was simple: the same skills that help attackers break into systems can help defenders find holes first—if only the right people get access.
Anthropic itself drew the line clearly. Fable is the story told safely to the public. Mythos is the raw myth—powerful, less filtered, harder to release widely.
Why did Anthropic block them?
On June 12, Anthropic announced it was suspending access to both models worldwide. The trigger was a US government export control directive—rules normally used to keep advanced technology from leaving the country or landing in the wrong hands.
According to Anthropic and reporting from outlets including the BBC, officials had not pointed to a specific attack in the wild. Instead, they believed someone had demonstrated a reliable way to bypass Fable's safety filters—what the industry calls a jailbreak, but what most people would describe as a trick that lets you use the unrestricted model while pretending to stay inside the safe one.
Anthropic said its own review of that demonstration found only a handful of already known, minor software flaws—nothing uniquely catastrophic—and that other publicly available models could spot similar issues without any bypass at all. Still, the government's order was broad: to stay compliant, Anthropic had to disable Fable 5 and Mythos 5 for all customers, not just overseas users.
So the shutdown was not really "Anthropic changed its mind." It was a company caught between shipping cutting-edge tools and obeying a national-security process that moves faster than product roadmaps.
Why are they considered dangerous?
This is not abstract sci-fi. The risks Anthropic flagged were concrete—and test results from outside labs backed them up.
They are unusually good at breaking into computer systems
Mythos-class models can do more than spot a bug in code. They can chain steps together: explore a network, move sideways, adapt when blocked—the kind of work that used to require a skilled human team and a lot of time.
Professor Gina Neff, who leads responsible AI work at Queen Mary University of London, told the BBC that the UK AI Security Institute found the model could exploit defenses roughly three times out of four in its tests. That is not a small bump. It is a step change in what an automated assistant can attempt.
Anthropic's own launch post described Fable 5 as state-of-the-art across software engineering, research, and vision tasks—and admitted that without safeguards, its cybersecurity skills could be misused to cause serious damage.
The same tool helps heal and harm
The models also scored strongly in biology and chemistry work—designing proteins, proposing research directions, running multi-day scientific workflows with little human input. That is exciting for drug discovery. It is also unsettling when the same capacity could guide someone toward designing harmful biological material.
Anthropic handled this by routing most biology-related questions on Fable to the safer Opus model—sometimes too aggressively, catching innocent requests along with dangerous ones. Users reported basic prompts getting blocked. The company acknowledged the filters misfired in fewer than 5% of sessions, but when your "hello" gets treated like a threat, trust erodes quickly.
Longer autonomy means less oversight
Older AI assistants lost the thread on big projects. Fable and Mythos were built to stay on task across millions of words of context, take notes, recover from mistakes, and keep going. That is great for migrating a fifty-million-line codebase in a day. It also means less human checking per hour of machine activity—and more damage if the activity goes wrong or gets steered maliciously.
The safeguards were never perfect
Anthropic ran bug bounties and red-team exercises. No universal bypass showed up in over a thousand hours of external testing. But the UK AI Security Institute reportedly made early progress toward one in a short window—but the government's concern was enough to halt access entirely.
The honest lesson: locks on powerful systems slow attackers down; they do not guarantee safety forever. Each new model generation gives both defenders and attackers sharper tools.
What should we expect as these systems keep improving?
Fable 5 and Mythos 5 may be offline, but the trajectory they represent is not. Here is what their short public life suggests about the next few years.
1. Capability will outrun comfort, again and again
Every major release will arrive with a familiar script: demos of stunning productivity, warnings from security researchers, assurances that filters are robust, then discoveries that they are not. Version six will be smarter than version five. The gap between "helpful assistant" and "autonomous operator" will keep narrowing.
We should plan for recurring pauses, partial rollouts, and access tiers—public safe editions, restricted professional editions, government-only variants—not as glitches, but as the default rhythm.
2. Governments will treat top-tier AI like advanced weapons tech
The export-control move signals that Washington views the strongest models as strategic assets, not consumer apps. Expect more rules about who can use what, where data is stored, and which companies government agencies may buy from—Anthropic is already fighting a separate "supply chain risk" label from the Pentagon.
Countries that depend on US cloud providers may accelerate local alternatives, as the EU suggested when access to Mythos was cut. Technology sovereignty is no longer a talking point; it is a response to switches being flipped overnight.
3. The defender-attacker race speeds up
Security teams will use these models to patch systems faster. Criminals and hostile states will use them—or copies distilled from them—to probe weaknesses faster. The UK AISI's 73% figure is a snapshot, not a ceiling. Organizations that still treat AI as a chat toy in the marketing department will find it reshaping their incident response budgets whether they planned for it or not.
4. Ordinary users will feel the friction
Conservative safety filters mean false alarms: legitimate research, security learning, and even casual questions caught in the net. That frustration will push some people toward less regulated systems—raising the paradox that the safest public model may drive risky behavior underground.
5. We still lack a shared playbook
Researchers, companies, and regulators are improvising. Anthropic tried a tiered release with Project Glasswing. The US government intervened within days. Europe watched access appear, then vanish. Professor Neff called it "uncharted territory"—and that is probably the most accurate forecast we have.
The future is not a single Hollywood scenario of rogue machines. It is quieter and more bureaucratic: faster software, imperfect gates, political reactions, lawsuits, and a public that learns about capability jumps through headlines about bans.
What this means if you build or depend on AI
If you work in data, security, or product:
- Do not assume today's access policy lasts. Architect workflows that can fall back when a model tier disappears.
- Treat the strongest models as security events, not just productivity boosts. Red-team your own use cases before attackers do.
- Invest in human review for anything autonomous that touches code, customer data, or infrastructure—even when the model " feels" reliable on long tasks.
- Follow policy, not hype. Anthropic marketed Fable as revolutionary; the government shut it down before most people had formed an opinion. Capability claims and risk claims both deserve skepticism.
In closing
Anthropic's Fable 5 and Mythos 5 were a stress test in real time: how do you share tools that can rewrite industries and also break into them? The answer, so far, is carefully, incompletely, and with someone else holding the off switch.
They will not be the last models to get pulled, restricted, or fought over. Each version will be smarter, cheaper, and harder to contain. The question is not whether humanity can stop progress—it is whether we can build institutions, habits, and technical habits fast enough to live with what we keep building.
If you are designing systems that will sit on top of these models—search, agents, internal tools—I help teams think through retrieval, access control, and production safety before capability jumps become your next outage story. Get in touch if you want a sober second look at your setup.
— Evgeni Altshul