Anthropic gave stripe early access to Fable 5 and set it loose on a 50 million line Ruby codebase. The migration that would have taken a full engineering team over two months got done in a day.
That’s a real company’s real codebase and a task with real consequences if it goes wrong. Anthropic leads with it because it’s the kind of result that’s hard to argue with & because it sets up everything else they need to tell you about why this launch looks the way it does.
Because here’s the thing. The model Anthropic actually built Claude Mythos 5, isn’t what most people are getting today. What’s going live for general use is Claude Fable 5. Same underlying model. Different version. The parts Anthropic decided were too dangerous for public release got a separate wrapper, a separate name, and a separate approval process controlled in part by the US government.
Table of Contents
Two models, one architecture
Fable 5 and Mythos 5 are the same model. Anthropic is explicit about this. The names come from the Latin — fable from fabula, mythos from the Greek. What separates them is the safeguards sitting on top.
Fable 5 ships with classifiers, separate AI systems running alongside the main model, watching every request. When a query touches cybersecurity, biology, chemistry, or looks like a distillation attempt, Fable doesn’t respond. Opus 4.8 does instead. Users get told when this happens. Anthropic says it triggers in less than 5% of sessions, meaning for most people most of the time, Fable 5 behaves exactly like Mythos 5 would.
Mythos 5 is what you get when those classifiers come off. It’s currently available to a small group of cybersecurity organizations and critical infrastructure providers through Project Glasswing, a program Anthropic runs in collaboration with the US government. If you’re not already in that program, you’re not getting Mythos 5 today. Anthropic says a broader trusted access program is coming, but no specific timeline yet
The pricing is the same for both, $10 per million input tokens, $50 per million output tokens. Less than half what Mythos Preview cost.
The benchmarks numbers
All numbers below are self-reported by Anthropic unless otherwise noted.
SWE-Bench Pro is where the coding part gets concrete. Fable 5 scores 80.3% against Opus 4.8’s 69.2%, GPT-5.5’s 58.6%, and Gemini 3.1 Pro’s 54.2%. That’s more than a marginal improvement over the previous generation. Terminal-Bench 2.1 puts it at 88.0% against Opus 4.8’s 82.7% and GPT-5.5’s 83.4% via Codex CLI.
Humanity’s Last Exam is the hard one to watch. It’s designed to be the benchmark that current AI can’t crack, questions sourced from domain experts specifically because existing models fail them. Fable 5 scores 59% without tools, 64.5% with tools. Opus 4.8 is at 49.8% and 57.9% respectively. GPT-5.5 at 41.4% and 52.2%. Those gaps are large enough that the benchmark might need updating.
The one that matters most for the dual-use argument is ExploitBench. Fable/Mythos 5 scores 78% on cybersecurity exploit capture versus Opus 4.8 at 40% and GPT-5.5 at 34%. That number is exactly why the classifiers exist. A model that’s nearly twice as capable at finding and exploiting software vulnerabilities as anything previously available isn’t something you ship without thinking carefully about who gets to use it and for what.
The safeguard part: why Anthropic built a fallback instead of a refusal
The easy decision would have been to just block dangerous requests outright. Anthropic didn’t do that and the reasoning is worth understanding.
A flat refusal on cybersecurity queries would make Fable 5 useless for the security professionals who need it most. The same question that helps a malicious actor find a vulnerability also helps a defender patch one. That’s the dual-use problem and it doesn’t have a clean solution. What Anthropic built instead is a fallback, when the classifiers flag a request, Opus 4.8 handles it. The user still gets a capable response, just not from the most capable model.
The biology and chemistry classifiers follow the same logic but the stakes are higher. Anthropic tested Mythos 5 on adeno-associated virus design, a component used in gene therapy but also potentially dangerous in the wrong hands. The model outperformed dedicated protein language models using biological reasoning alone, without being explicitly trained for the task. That result is what pushed Anthropic toward broad biology classifiers. They flag more than necessary right now. Anthropic admits this openly and says narrowing them is a priority.
The cybersecurity classifiers held up under serious pressure. An external bug bounty produced no universal jailbreaks across more than 1,000 hours of testing. External red-teaming organizations found none either on long-form agentic tasks. The UK AI Safety Institute made some progress toward one in a brief initial window, Anthropic flags this honestly. The goal isn’t making jailbreaks impossible, it’s making them slow and expensive enough to detect before they scale.
Related: Anthropic’s Mythos Just Helped Find macOS vulnerability That Could Break Apple’s Security Protections
The data retention catch
Fable 5, Mythos 5, and all future Mythos-class models come with mandatory 30-day data retention on all traffic. First-party surfaces, third-party API calls, everything. You cannot opt out.
Anthropic says the data won’t be used for training and won’t be used for anything unrelated to safety. They’ve added privacy protections including logged human access, deletion after 30 days in almost all cases. The stated purpose is defending against complex attacks that operate across many requests, including new jailbreaks that only become visible as patterns over time.
That’s a reasonable argument and also a significant policy change from what Claude users were previously accustomed to. If your use case involves sensitive business information, legal work, or anything where 30-day retention by a third party creates compliance issues, that’s worth knowing before you build on Fable 5.
Availability (before you assume you have access)
Fable 5 is available everywhere today on the API at $10/$50 per million tokens. For subscription users the situation is more complicated.
From today through June 22, Fable 5 is included on Pro, Max, Team, and Enterprise plans at no extra cost. On June 23 it comes off those plans. After that point using it requires usage credits. Anthropic says they’ll restore it as a standard subscription feature when capacity allows and that they’ll communicate changes ahead of time.
But as per people’s interest, demand is going to be very high and Anthropic is managing it by giving everyone a two-week window before credits kick in. Use it now if you want to evaluate it before deciding whether the API pricing makes sense for your workflow.
Mythos 5 remains restricted to Project Glasswing partners with cyber safeguards lifted, and soon to select biology researchers with biology and chemistry safeguards lifted. A broader trusted access program is coming with no specific date attached.
What it means that the most capable public AI ships with a built-in governor
The Stripe result, months of engineering in a day on a 50 million line codebase, Anthropic gave them early access to make it happen, is the kind of number that reframes what software development looks like going forward. The HLE score at 59% on questions designed to defeat current AI is the kind of number that reframes what research looks like.
And Anthropic’s response to building something this capable was to ship two versions of it, build a fallback system into the public one, and require 30-day data retention on all traffic. All because it’s capable enough that the difference between a defender and an attacker using it is the use case, not the model.
Most AI safety conversations don’t account for a model that’s dangerous primarily because it’s very good at legitimate tasks.
