The Anthropic Mythos model, which has been waiting for nearly two months and has dominated social media, is finally officially released today. Two months ago, Anthropic said its strongest model was too dangerous to be made public, and only sent it to more than a hundred institutions. Today, such capabilities are open to everyone: the publicly released version is called Claude Fable 5; the truly "unrestricted" Mythos 5 is still reserved for only a few partners.In other words, the most powerful Claude you can use is a Mythos with added boundaries.
The design of this guardrail is more worthy of mentioning than the words "public release" itself: its way of ensuring safety is not to reject you.
Anthropic released two models in one go this time: Claude Fable 5 and Claude Mythos 5. They are actually the same underlying model, with only one difference - the safety guardrail.
Fable 5 provides a complete set of security classifiers for all users; Mythos 5 removes some of these restrictions and only provides them to network security partners in Project Glasswing.
To put it bluntly,Fable 5 is a "Mythos with guardrails".
Like Anthropic's usual style, the model name itself also hides some thought.
According to Anthropic, Fable comes from the Latin fabula, which means "story being told," and has the same origin as the Greek mythos. The two names refer to the same thing, the only difference is that one of them has a boundary.
Pull the timeline back a bit. In April this year, Anthropic launched Project Glasswing, and when it first released the Mythos-level model (Claude Mythos Preview), it was only given to a small group of cybersecurity and critical infrastructure institutions. By last week, the list had expanded to more than a dozen countries and more than a hundred institutions. The official statement at the time was that such models could cause serious damage once they fell into the wrong hands, so they could not be made public.
In two months, it went from "too dangerous to publish" to "available to everyone." What happens in between is the real protagonist of this release.
The safety mechanism of most AIs is "deny" - you ask a question it shouldn't answer, and it tells you "Sorry, I can't help you."
Fable 5 takes a different approach.Safety is not about learning to reject it, but about replacing it when danger arises.
Specifically, Fable 5 has a set of independent classifiers hanging behind it.
When this set of classifiers determine that your request falls in three high-risk areas - cyber attacks, biochemical weapons, and model distillation (which refers to "stealing" the capabilities of a model to train your own model) - it will not let Fable 5 answer, but will quietly transfer the question to Opus 4.8, and tell you: A downgrade just occurred.
What’s interesting about this design is that it separates “security” and “capability” into two different things.You're buying Mythos-level power, but in the three most dangerous realms, you're actually talking to Opus.Anthropic's own statement is that the experience of downgrading to Opus 4.8 is better than being directly rejected by Fable - after all, Opus 4.8 itself is also a quite strong model.
According to Anthropic, more than 95% of conversations will not trigger a downgrade at all. In other words, for most people, the experience of the Fable 5 you use is almost the same as the "complete" Mythos 5 in the hands of your partner.
So is this set of guardrails strong? Anthropic said that they did more than a thousand hours of external red team testing, and no one found a "universal jailbreak" method that could bypass it (a universal method that allows the model to completely ignore all security restrictions).
Of course, they also leave some room: It is probably impossible to completely eliminate jailbreaks. The goal is just to make any vulnerability "too slow and expensive" to be exploited on a large scale.
But this mechanism has a price, and Anthropic itself said it first: the classifier is now adjusted too strictly, which will accidentally damage normal requests. A biologist who studies viruses or a security engineer who does penetration testing may be inexplicably "downgraded" in the course of a legitimate job. The official admitted that this would annoy some users and promised to gradually narrow it down and reduce false alarms in the future.
I thought about this for a while and felt that it was actually a very clever but also quite helpless compromise. The clever thing is that it does not choose between "shooting" and "not sending", but makes a cut in the ability; but unfortunately, this cut is not precise - in order to get online before something goes wrong, Anthropic would rather kill by mistake than miss.
Only those who are dangerously strong deserve this set of guardrails.
After talking about security for a long time, you may ask: How powerful is it, and is it worth being so vulnerable to the enemy?
I originally wanted to skip the benchmark test - reading too many benchmarks will make you numb, not to mention Anthropic has a long list, almost ranking first in every category.
The most bluffing one comes from Stripe. According to Anthropic, Stripe used Fable 5 to perform a full database migration on a 50 million-line Ruby code base, which was completed in one day. This task originally took an entire team to do manually for more than two months. What's more critical is efficiency: In Cognition's FrontierCode programming test, Fable 5 got the highest score under "medium computing power consumption", and the Token efficiency is significantly better than the previous Claude.
This also explains why Anthropic repeatedly emphasizes Token efficiency - a model that can work autonomously for a long time and consume millions of Tokens at every turn, if it is still "nonsense", the cost will be so high that no one can afford to use it.
The progress in vision is more intuitive. In the past, when Claude played Pokémon Fire Red, he had to rely on a complete set of auxiliary tool chains to advance stumblingly; Fable 5 only used the most basic visual interface to complete the level on his own. It can also restore the source code of a web application with just a few screenshots.
Anthropic’s in-house protein design experts used Mythos 5 to speed up some aspects of the drug design process by about ten times. The second one is even more exaggerated: In a genomics study, Mythos 5 worked continuously for more than a week in an almost completely autonomous state, training a machine learning model on its own - the performance of this model exceeded that of a similar model published in Science, and its volume was only one percent of the latter.
When a model can independently complete a week of scientific research and do better than human results published in top journals, "whether it will be used to design viruses" is no longer a groundless worry.This is exactly why Anthropic locks the field of biochemistry separately - the same ability is an antidote in the hands of researchers, but it may be something else in another pair of hands.
Power and danger are two sides of the same coin here. The guardrails are not added because the model is not good, but precisely because it is so good.
It can be seen that Anthropic describes Mythos as a dangerous object that requires full supervision. But outside of the official narrative, there are also different voices.
An X user with the ID @zekramu, who claims to have participated in an enterprise pilot of Mythos, recently posted to share his feelings after using it for a whole day - his description is not entirely consistent with the narrative at the press conference.
According to him, Mythos is really strong, especially in security research tasks. It is obviously better than the highest configuration of Opus and GPT-5.5, as if it has been specially tuned for this kind of work. But "strong" and "threatening humanity" are two different things. He gave a detail: This model, which was officially said to be amazing, got stuck in front of his company's process based on Bazel (a code construction tool) and changed a lot of custom logic. In the end, he had to compile the code first and then let the model run.
Even more intriguing is the guardrail itself. According to his description, what Anthropic sent with the model was not the familiar Claude Code, but a set of operating environments specifically designed to "prevent model escape" - the so-called Project Glasswing, in his opinion, it is largely this sandbox. However, he felt that the environment was quite rough, and even suspected that some of the restrictions did not really take effect at all; he also said that he bypassed the official boundaries and ran the model outside the sandbox.
As for the record, he said that Mythos found a large number of previously undiscovered security vulnerabilities in their products, enough to make the team rethink their security strategies.
His conclusion is worth pondering: This model does have two brushes in terms of safety offense and defense, but in his eyes, it is more like an extremely expensive and extremely specialized tool, rather than the kind of existence that "hangs over everyone's head" as Anthropic implies.
Let’s get back to what ordinary people are most concerned about: how much it costs and when it can be used.
In terms of price, the API pricing of Fable 5 and Mythos 5 is US$10 per million input Tokens and US$50 per million outputs. The horizontal comparison is interesting: compared with Mythos Preview's 25/125 US dollars, it is 60% lower; but it is fully twice as expensive as Opus 4.8's 5/25 US dollars; compared with OpenAI's GPT-5.5 (5/30 US dollars), the input is twice as expensive and the output is about 67% more expensive.
in other words,It is the most powerful Claude yet and one of the most expensive Claude models.Strong, but not cheap.
The aforementioned @zekramu can also be considered as circumstantial evidence: According to his estimation, the investment in the pilot phase alone has reached the level of millions of dollars; "too expensive" is a sentence he repeatedly repeats.
Subscribers also have to pay attention to a time window. From today to June 22, Pro, Max, Team and Enterprise edition users can use Fable 5 for free; starting from June 23, you will have to purchase additional usage credits to continue using it.
Anthropic said that when production capacity catches up, it will make Fable 5 a subscription standard again - but did not give a specific time. API and pay-as-you-go enterprise customers are not affected by this rhythm and will continue to call as usual starting today.
This slightly awkward "free first, then charge, and then talk about it later" actually reveals a signal: insufficient production capacity. By its own admission, Anthropic expects demand for the Fable 5 to be "very high and difficult to predict." The strongest model that is open to everyone must first pass the computing power level.
In this release, what is really easy to pass over, but the most worthy of stopping and looking at, is another policy.
Starting with Fable 5, traffic for all Mythos-level models will be mandated to be retained for 30 days, covering both first- and third-party platforms.
Anthropic promises not to use this data to train models, but only to use it for security monitoring, such as identifying new types of jailbreaks and complex attacks that are scattered among many requests and each one looks normal. To this end, they have also added new privacy protection: every manual visit is recorded and basically deleted after 30 days.
Sounds reasonable. butFor those enterprise customers who originally chose Anthropic because of "zero data retention", this is a change that needs to be re-evaluated.
The cost of using the strongest model is not only a more expensive bill, but also: your data will stay on Anthropic's servers for an extra month.
Security and privacy are put on the same scale here. The answer given by Anthropic is: in order to prevent unprecedented attacks, everyone's traffic must be monitored for 30 days. This account is not cost-effective, and I’m afraid each company has to make its own calculations.
Putting these together, the real novelty of Fable 5 may not be how powerful it is, but that it has taken a new path in Anthropic——How to take a capability that is too dangerous to be disclosed and turn it into a product that everyone can use.
The method is: use a classifier to cut across capabilities, use downgrade instead of rejection, and then use 30 days of retention as a covert monitoring network.
It's not perfect. It will cause accidental damage, it will become more expensive, and it will make some people worry about their data. But it at least answers a question that all cutting-edge laboratories will face sooner or later: When something in your hand is strong enough to hurt people, do you lock it in a room where only a few people can enter, or do you install a strong enough guardrail on it and put it in the hands of everyone?
Anthropic chose the latter.
As for whether this guardrail is strong enough - this time, it is no longer the more than 100 institutions that are doing the stress test for it, but everyone.