Anthropic opened Fable 5 as a guarded Mythos-class model for agent coding and security work June 9, then U.S. officials ordered the company to halt access three days later. Developers gain a 1 million-token context window, a 128,000-token output limit and agent tools, and buyers accept 30-day retention.
Anthropic released Claude Fable 5 on June 9, 2026, and U.S. officials ordered the company to suspend access three days later after national security reviewers examined model safety reports.
Feature: a guarded Mythos-class model
Anthropic positions Fable 5 as the release channel for Mythos-class capability. Anthropic disclosed Mythos on April 7, 2026, under Project Glasswing and kept that model away from broad access. With Fable 5, Anthropic uses the same underlying model and the same published specifications, then adds release guardrails and fallback behavior.
Anthropic gives API customers a 1 million-token context window by default and allows up to 128,000 output tokens in one request. The company prices usage at $10 per million input tokens and $50 per million output tokens, double Claude Opus 4.8.
The company also changed the Messages API surface for this class. Anthropic keeps adaptive thinking on and exposes no raw chain of thought. Developers choose a readable thinking summary or an empty field through thinking.display, then set depth and spend through effort.
Anthropic added execution APIs such as code execution and programmatic tool calling. The company also added memory and compaction controls for context management. Those pieces target agent runs that span code search, test execution and repair.
Safety and performance
Fable 5 targets long-horizon agent work, where the model must plan, call tools, inspect output and revise code across many steps. In Claude Code or Claude Managed Agents, you can give Fable 5 a backlog item instead of a prompt that expects one answer. You can have the model divide the task, call sub-agents and check logs before it asks you to approve the result.
Engineers can measure throughput through handoffs and context resets. Security teams can measure verification through tests, logs and proof that a patch reaches the failing path.
Anthropic points to that verification loop. Boris Cherny, who built Claude Code, described Fable 5 as methodical about measurements, logs and repair checks. Simon Willison described the model after initial use as proactive and goal-seeking.
Safety reviewers focus on the same strength. A model that finds exploitable bugs for defenders can help attackers if policy and tool boundaries fail. Anthropic tells customers that external testers spent more than 1,000 hours hunting universal jailbreaks and found none. The U.K. AI Security Institute reported progress toward a bypass during initial testing.
U.S. officials stepped in after Amazon's security team flagged a jailbreak concern, according to reporting cited by InfoQ. The White House framed the block as a path to remediation, with adviser David Sacks saying the administration wanted Anthropic to fix the issue and return Fable to release.
Anthropic adds another risk for enterprise buyers. The company classifies Fable 5 and Mythos 5 as Covered Models, so customers must accept 30-day retention for prompts and outputs. Anthropic says staff do not use that retained content for training and delete it after 30 days unless a safety review or legal duty requires a hold.
Microsoft removed Fable 5 from its internal Copilot model picker June 10 after counsel found a conflict with the company's zero-retention standard. Microsoft kept the model available to customers through Foundry.
Example: a developer workflow
Imagine you own a Rust service that parses untrusted PDF metadata. You ask an agent harness to audit the parser and propose a patch with tests.
With a smaller context window, you feed the model slices of the parser and the test harness. With Fable 5, you can include the parser and the evidence around it in one request.
You see Fable 5's value when you tell the agent to prove the fix. The harness can run cargo test, add a fuzz target and inspect the failing input. If the patch compiles but misses the crash path, you want the agent to keep working inside the task budget rather than declare success.
That workflow also explains the retention fight. You may include proprietary code and vulnerability details that an attacker could use. If your policy demands zero retention, you cannot use this model class until Anthropic or your platform provider offers a compliant channel. Teams that can accept retention can reduce context breaks and demand stronger self-checks during a long task.
Ecosystem impact
Anthropic shipped Fable 5 across the Claude API, Amazon Bedrock, Microsoft Foundry and other providers on release day. With that broad launch, platform teams faced one contract problem and one engineering problem at the same time.
They had to decide whether 30-day retention fit their data rules. They also had to decide whether agent autonomy deserved a new review path, because a long-running model can touch source code, build logs and deployment secrets across one task.
AWS highlighted asynchronous execution and PDF vision for diagrams, charts and tables. Microsoft kept customer access through Foundry but restricted employee use after its legal teams reviewed retention. Platform teams should expect provider terms to matter as much as benchmark scores.
Anthropic points to Project Glasswing to justify the risk. By late May, Anthropic said partners had identified more than 10,000 high or critical severity vulnerabilities across critical codebases in one month. Anthropic also said researchers using Mythos across more than 1,000 open-source projects found 23,019 issues, including 6,202 high or critical severity findings.
Engineering leaders now face a strained choice. They can use a model that may find severe defects faster than a human audit team. They also must accept retention and a release channel that U.S. officials can interrupt.
Developers evaluating the model family should read Anthropic's Claude model documentation, the Messages API, Claude Code docs, Amazon Bedrock's Anthropic page and Microsoft Foundry model docs. Security teams should pair those docs with their data retention policy before they send source code or crash artifacts.
Comments
Please log in or register to join the discussion