Fable & Mythos 5: Anthropic's Mythos Class Models Explained

Anthropic took great care to keep Claude Mythos Preview away from the public because of its superior bug hunting capabilities that easily poked holes in critical software infrastructure.

Yet, the company is releasing Claude Fable 5 – a Mythos class model, which Anthropic attests has been made safe for general use. 

“Fable is a Mythos-class model. The most capable class of systems we've built and the first one we've made generally available,” says Mike Kriegar, CPO at Anthropic.

“It's state of the art on nearly every benchmark (SWE-bench Pro went from 69.2 with Opus 4.8 to 80.3), with a lead that grows as tasks get longer and harder.

“With earlier models, you broke a project into model-sized tasks and stitched the results together. Fable holds the whole project. It plans, runs for hours or days, checks its own work and comes back when it's done.”

A risky game?

Anthropic acknowledges that releasing such a capable model out into the wild comes with a fair share of risks. 

Anticipating that the model may be put to work on dangerous cyber use cases, Anthropic has erected clear safeguards that reroute questionable requests to its next-most-capable model – Claude Opus 4.8. 

Harmless requests may sometimes annoyingly be caught by the safeguards, although they trigger in less than 5% of the sessions. 

Claude Mythos 5 for defenders 

Initially released through the industry coalition Project Glasswing in collaboration with the US Government, Claude Mythos 5 is another major model update by Anthropic.

Overtaking the capabilities of Claude Mythos Preview, Mythos 5 Anthropic says, has “the strongest cybersecurity capabilities of any model in the world”.

Mythos 5 shares the same base model as Fable 5, with the safeguards lifted in some areas. 

Anthropic has hinted at future plans where Mythos 5 may be rolled out through a broader trusted access program. 

More capable, runs longer and highly accurate

Both the novel models can work autonomously for much longer stretches than any previous Claude models. 

The advantages are numerous, with applications across scientific research – aiding drug discovery, synthesising compelling molecular biology hypothesis and even conducting its own research in genomics. 

The models also compress months of heavy duty software engineering tasks that would normally take gruelling months to a matter of days.

The releases also accompany a price slash, as Fable 5 and Mythos 5 are being offered at US$10 per million input tokens and US$50 per million output tokens. 

Agentic hacking: answering the question of safety

Mythos class models excel at agentic hacking – taking on various steps of the cyberattack all the way from reconnaissance, vulnerability discovery, creating potent exploit chains to lateral movement. 

Anthropic’s answer to the question of safety are classifiers – AI systems that are primed to spot potential adversarial uses like jailbreaking.

The company says it extensively red teamed its new models  with no jailbreaks uncovered in over 1000 hours of model testing. 

Frontier AI in Bioweapons 

Anthropic for a long time employed classifiers that blocked a narrow range of queries related to bioweapons, which the company now says may no longer be enough. 

Cause for concern is Anthropic’s admission that they have reason to believe that “well-resourced malicious actors” were trying to use their models for what it calls “highly risky biological research”.

With Mythos 5 being capable of laying out its own research, one of the tested use cases was deploying the model to solve a challenging step in designing adeno-associated viruses (AAVs) – these are a component of gene therapy. 

But allowing this form of usage is a slippery slope to creating dangerous viruses. 

“Our priority was to safely release Fable as soon as we could, even at the cost of overly broad safeguards,” Anthropic says. “Therefore, for the time being we have arranged for Fable to fall back to Opus 4.8 on most requests related to biology and chemistry.”

Attempts to distill the model are also blocked by the classifiers. 

The industry reaction to the model oscillated from applauding the capability to legitimate concerns on safety. 

“The introduction of guardrails isn’t evidence that the problem is solved – it’s an admission that even the companies building these models don’t fully trust where the capability leads,” notes Andrew Rubin, Founder and CEO of Illumio. 

“Constraints at the interface don’t change the underlying math. Attackers won’t operate at that layer. 

“They’ll go straight after the capability itself. And as these tools become more broadly available, the speed and scale of attacks will only increase. The real question is whether defenders are prepared to operate at the same speed.”