Claude Mythos 5 and Fable 5: Anthropic's Frontier Model Split

Anthropic split its newest frontier model into two faces on June 9, 2026. Claude Fable 5 is the public-API version, gated by safety classifiers that hand high-risk prompts back to Claude Opus 4.8. Claude Mythos 5 is the same underlying model with those classifiers lifted in specific security-research domains — and it ships only to vetted partners inside Project Glasswing.

That distinction is the entire story. One name you can use today through an API key; the other you'll only ever touch if Anthropic decides your organisation can be trusted with an unconstrained model. Below: what each one is, how they were built, the verified vulnerabilities Mythos 5 has surfaced so far, the 30-day retention catch nobody talks about, and how access actually works for each.

Naming note: You may have searched for "Claude Mythos 5" or "Fable 5" — both names are correct. On June 9, 2026, Anthropic released two variants of the same underlying frontier model: Claude Fable 5 (publicly available) and Claude Mythos 5 (restricted access via Project Glasswing). "Mythos 5" is not a rumor — it is the real, access-controlled version. This article covers both.

What Claude Fable 5 and Mythos 5 Are

Fable 5 and Mythos 5 are not two separate models. They are the same underlying "Mythos-class" model — a capability tier that Anthropic places above Claude Opus — packaged with different safety constraints for different audiences.

Claude Fable 5 is the first Mythos-class model available to the general public via the API. It ships with classifiers that intercept high-risk requests and reroute them to Claude Opus 4.8 instead. Claude Mythos 5 is the same model with those classifiers lifted in specific domains — cybersecurity in particular — and is available only to vetted partners through Anthropic's Project Glasswing program.

Think of the naming this way: "Mythos" is the model generation. "Fable 5" is the publicly accessible wrapper; "Mythos 5" is the unrestricted version for trusted operators.

When It Was Announced

Anthropic announced both models on June 9, 2026. The announcement came two months after Project Glasswing's launch on April 7, 2026, during which a preview of the underlying Mythos model (then called Claude Mythos Preview) was given to roughly 50 partner organizations to find software vulnerabilities.

The June 9 release marks the first time the Mythos-class capability tier became accessible outside Glasswing's controlled environment — for Fable 5, at least.

Who Built It

Anthropic, the AI safety company founded in 2021 by former OpenAI researchers including Dario Amodei and Daniela Amodei, built both models. Anthropic has not publicly named a specific research team or individual leads for the Mythos generation. The Constitutional AI training methodology, which Anthropic introduced in its December 2022 paper and has applied across every Claude generation, is part of the lineage — but Anthropic has not published a technical report for Mythos 5 as of this writing.

How It Was Built

Anthropic has not disclosed training specifics for Claude Fable 5 or Mythos 5. No architecture paper, dataset description, or compute budget has been published. What is known from the launch announcement: the model has a 1 million token context window, supports up to 128,000 output tokens per synchronous API request, has a knowledge cutoff of January 2026, and has adaptive thinking always enabled — there is no separate extended-thinking toggle as there was on some earlier models.

The safeguard layer on Fable 5 is implemented as separate AI classifiers — not baked into the model weights — that watch conversations and route flagged requests to Opus 4.8. This means Fable 5's underlying capabilities are not diminished; requests are intercepted before a response is generated.

How It Works and What It Can Do

Fable 5 and Mythos 5 sit in front on the benchmarks Anthropic has published. On SWE-bench Pro, the model scores 80.3%, against 69.2% for Claude Opus 4.8, 58.6% for GPT-5.5, and 54.2% for Gemini 3.1 Pro. That is a meaningful gap on agentic coding, not a marginal improvement.

The model is designed for long-horizon work. It can operate autonomously across multi-day sessions, plan across stages, call tools and sub-agents, inspect its own outputs, and revise. Stripe reported in early enterprise testing that Fable 5 performed a codebase-wide migration across a 50-million-line Ruby codebase in a day — work that would have taken a full team over two months by hand.

For Mythos 5 specifically, the headline capability is security research. With cybersecurity safeguards lifted, Mythos 5 can reason about exploit construction, vulnerability chains, and software internals at a depth that Fable 5 will not engage with. The Project Glasswing findings (covered below) are the primary evidence of what this looks like in practice.

Beyond security, both variants show strong performance in vision tasks, scientific research, and dense knowledge work — though Anthropic has not broken out benchmark numbers by domain beyond SWE-bench.

Verified Strengths

Agentic coding depth. The SWE-bench Pro score of 80.3% is independently reported and represents a 16-point lead over the nearest competitor Anthropic cited. For teams running Claude Code or similar agent harnesses, this is practically significant.

Context window. One million tokens is large enough to hold an entire mid-sized codebase, a year of meeting transcripts, or an entire regulatory filing — in a single prompt. Earlier Claude models topped out at 200,000 tokens.

Security research depth (Mythos 5 only). The Glasswing program produced auditable results: over 10,000 high- or critical-severity vulnerabilities found, including findings in every major operating system and browser. This is not a vague benchmark claim; it is a record of patches submitted and fixed.

Broad platform availability for Fable 5. The model is available on the Claude API, Amazon Bedrock, Vertex AI, and Microsoft Foundry. GitHub Copilot users also got access on June 9, 2026. For developers, there is no deployment friction on Fable 5.

Real Limitations

Mythos 5 is not publicly available. Access to Mythos 5 requires being a Project Glasswing partner — a vetting process run in coordination with the US government and large infrastructure providers. There is no public signup, no waitlist form, and no API key you can purchase. If you need the unrestricted model for security research, you apply through Glasswing or wait for a future trusted-access program.

Mandatory 30-day data retention on Fable 5. Every prompt and output sent to Fable 5 is retained by Anthropic for 30 days, with active safety classifiers running over that data. Critically, existing enterprise zero-data-retention agreements do not cover Fable 5 — this is a new policy applied regardless of prior contractual arrangements. Anthropic employees with scoped access may review flagged conversations. For teams in regulated industries (fintech, healthcare, legal), this is a material compliance consideration, not a footnote.

Safeguard false positives on Fable 5. The classifiers trigger in under 5% of sessions on average, but "on average" hides variance. Developers building security tooling, vulnerability disclosure workflows, or chemistry research tools may find legitimate requests routed to Opus 4.8 more often than that figure implies. Anthropic acknowledges the current classifiers were tuned conservatively.

Model distillation is blocked. Anthropic's classifiers on Fable 5 will intercept attempts to extract the model's capabilities for use in training competing systems. This is by design, but it constrains a category of research and evaluation use cases.

High price point. At $10 per million input tokens and $50 per million output tokens, Fable 5 is double the price of Claude Opus 4.8 and double GPT-5.5 on input. The rate is justified if you are running tasks where the capability gap translates to real output quality gains — but it is not a drop-in upgrade for cost-sensitive pipelines.

Verified Examples: What Mythos Found in the Wild

During the Project Glasswing preview (April–June 2026), Claude Mythos Preview — the predecessor to Mythos 5 — produced findings that have been publicly confirmed:

• A 27-year-old TCP SACK vulnerability in OpenBSD that allowed remote crash by initiating a TCP connection. No exploit required beyond a standard connection handshake.
• A 16-year-old vulnerability in FFmpeg, the video processing library that runs inside virtually every video pipeline on the internet.
• A wolfSSL cryptography library flaw affecting billions of devices. The model constructed a working proof-of-concept exploit that could allow certificate forgery, meaning an attacker could convincingly impersonate a bank or email provider's domain.
• A FreeBSD NFS remote code execution vulnerability, assigned CVE-2026-4747.

Over 99% of the vulnerabilities found were unpatched at the time of the April 7 announcement. Partners have since been working through coordinated disclosure with maintainers. Anthropic committed up to $100M in usage credits for Mythos across these efforts, plus $4M in direct donations to open-source security organizations.

How Partners Actually Use Mythos 5

Project Glasswing partners — which include AWS, Apple, Google, Microsoft, Cisco, CrowdStrike, JPMorgan Chase, NVIDIA, Palo Alto Networks, Broadcom, and the Linux Foundation — access Mythos 5 through Anthropic's managed infrastructure. There is no public API endpoint. Partners integrate against Anthropic's platform under a usage agreement that includes the mandatory 30-day retention and safety monitoring terms.

In practice, the workflow is: a partner's security team defines scope (a codebase, binary, or library), submits it to a Mythos-backed analysis pipeline, and receives structured findings — vulnerability class, affected component, severity, and in many cases a working proof of concept. The model can also propose patches. Disclosure coordination then happens through the partner's existing process with the relevant maintainer.

For Fable 5, enterprise use follows standard API integration: the model ID is claude-fable-5 on the Claude API. It is available on Pro, Max, Team, and Enterprise subscription plans.

Access Path: What Is and Is Not Available

Claude Fable 5 (public):
- API: model ID claude-fable-5, available now
- Platforms: Claude.ai, Amazon Bedrock, Google Vertex AI, Microsoft Foundry, GitHub Copilot
- Pricing: $10/M input tokens, $50/M output tokens; batch API at $5/M and $25/M respectively
- Subscription plans (Pro, Max, Team, Enterprise): included through June 22, 2026; usage credits may apply after

Claude Mythos 5 (restricted):
- Not available on the public API
- Not available on any subscription plan
- Access only through Project Glasswing partner vetting — contact Anthropic directly if you represent a critical infrastructure provider or government-affiliated cyber defense organization
- A broader trusted-access program is described as forthcoming; no date has been announced

There is no pip install or npm install path to Mythos 5. Anyone claiming to offer Mythos 5 API access outside of the official Anthropic channels should be treated with skepticism.

What to Watch

• Trusted-access expansion. Anthropic has said a broader Mythos 5 program beyond Glasswing is planned. What the vetting bar looks like, and whether independent security researchers outside large enterprises can qualify, will determine how useful the model actually is for the broader security community.
• Zero-retention policy evolution. The mandatory 30-day retention is a friction point for enterprise adoption. Watch whether Anthropic negotiates ZDR options for Fable 5 after the initial rollout period, or whether it holds the line on safety monitoring requirements.
• Safeguard calibration. Anthropic flagged the current classifiers as conservatively tuned. Follow-on updates to reduce false positives on Fable 5 — especially for security and chemistry research use cases — are likely but not scheduled.
• CVE disclosure pace. The 10,000+ vulnerabilities found during Glasswing preview are being patched through coordinated disclosure. As CVEs are assigned and published, the real-world security impact of Mythos will become auditable. Track the CVE feed and Linux Foundation / OpenSSF disclosure announcements.
• Benchmark third-party replication. SWE-bench Pro scores are Anthropic's own reporting. Independent evaluations from groups like METR, HELM, or LiveCodeBench will be the more credible signal on where Fable 5 actually sits relative to competitors.