A powerful AI that can exploit vulnerabilities in every major OS and browser is being released in two versions: one safe and widely available, one cyber-capable and restricted.
Introduction
Anthropic has a problem.
Its powerful AI model, Mythos, can spot and exploit vulnerabilities “in every major operating system and every major web browser.” That is dangerous. That is powerful. That is a dual-use technology of the highest order.
So they restricted access. Now they are releasing a safer version called Fable 5. But the cyber-capable Mythos remains available to select partners.
This article analyzes Anthropic’s dual release strategy, the capabilities of Mythos and Fable, and the governance implications for the AI industry.
The Models: Mythos and Fable
| Model | Capabilities | Access | Safeguards |
|---|---|---|---|
| Mythos | Can identify and exploit vulnerabilities in every major OS and web browser | Restricted (Project Glasswing, ~200 organizations) | None (cyber-capable) |
| Mythos 5 | Same as Mythos | Restricted (select partners) | None |
| Fable 5 | Coding, professional tasks, longer-horizon problem solving | Widely available | Blocked from cybersecurity and biology queries |
The architecture:
- Claude chatbot routes cybersecurity and biology queries to Opus 4.8 instead of Fable 5
- Fable 5’s guardrails prevent it from responding to certain types of queries
What Mythos Can Do
According to Anthropic, Mythos can:
- Identify vulnerabilities “in every major operating system”
- Identify vulnerabilities “in every major web browser”
- Exploit those vulnerabilities when directed by a user
The concern:
This is not theoretical. Mythos can be used for offensive cyber operations. It can find zero-day vulnerabilities. It can write exploit code. It can do this at scale and speed beyond human capability.
The restriction:
Anthropic made the unusual decision to restrict access to Mythos to select partners. The company cited concerns about its potential for misuse.
What Fable 5 Can Do
Fable 5 is designed for legitimate professional tasks:
Capabilities:
- Better at coding than prior models
- Better at professional tasks
- Solving tricky problems over longer time horizons
- Software engineering tasks
Performance claim:
- Stripe completed a lengthy software-engineering task in one day that would have taken a team two months to do manually
Biology capability:
- A hypothesis generated by Mythos regarding a new mechanism for an E. coli protein was confirmed in a research paper by a lab studying the same issue
Safety:
- Guardrails prevent responses to cybersecurity and biology queries
- Over 1,000 hours of bug bounty testing
- No universal jailbreaks found
The Dual Release Strategy
Why two versions?
Anthropic wants to:
- Release capable models for lucrative tasks (coding, finance, professional work)
- Maintain safety for widely available models
- Provide cyber-capable models to trusted partners
- Push toward IPO with demonstrated capability
The compromise:
- Fable 5 (safe, widely available) – for general users
- Mythos 5 (cyber-capable, restricted) – for trusted partners through Project Glasswing
The numbers:
- About 200 organizations now have access to Mythos
- 150 organizations were added last week
The Safety Testing
Bug bounty program:
- Over 1,000 hours of testing
- Red teamers attempted to jailbreak Fable 5
- No universal jailbreaks were found
What this means:
- The guardrails appear to hold for now
- But AI jailbreaks are an arms race. What works today may not work tomorrow.
- Anthropic acknowledges that it will “continue to work on the general cyber use cases”
The Commercial Context
Anthropic is pushing toward an initial public offering (IPO).
The challenge:
- Investors want capable models that can perform lucrative tasks (coding, finance, cybersecurity)
- Safety concerns could limit capability
- Regulators are watching
The strategy:
- Release safe, widely available models (Fable 5) for general use
- Provide cyber-capable models (Mythos 5) to trusted partners
- Demonstrate capability through partnerships (Stripe, research labs)
- Maintain safety through guardrails and restricted access
The Governance Questions
| Question | Implications |
|---|---|
| Who decides which organizations are “trusted partners”? | Anthropic has significant power. No external oversight. |
| What prevents Mythos from being used offensively? | Terms of service. But enforcement is difficult. |
| What happens when a “trusted partner” is compromised? | The attacker gains access to Mythos. |
| Will Mythos capabilities leak to unauthorized users? | Jailbreaks are likely over time. |
| Should cyber-capable AI be regulated like weapons? | No current framework exists. |
The Dual-Use Dilemma
Mythos is a dual-use technology:
| Use Case | Purpose | Legitimacy |
|---|---|---|
| Defensive cybersecurity | Finding and fixing vulnerabilities | Legitimate |
| Offensive cyber operations | Exploiting vulnerabilities | Potentially illegitimate |
| Vulnerability research | Finding zero-day vulnerabilities | Legitimate (with responsible disclosure) |
| Cybercrime | Stealing data, ransomware | Illegitimate |
The problem: The same capability that finds vulnerabilities can also exploit them. The model does not distinguish between defender and attacker.
Comparison with Other AI Models
| Model | Developer | Cyber Capabilities | Access |
|---|---|---|---|
| Mythos | Anthropic | Can exploit vulnerabilities in every major OS and browser | Restricted (200 organizations) |
| GPT-5 | OpenAI | Limited cyber capabilities (code generation) | Widely available |
| Gemini | Code generation, security analysis | Widely available | |
| Claude (standard) | Anthropic | Code generation, security analysis | Widely available |
Mythos represents a significant escalation in AI cyber capabilities.
The Path Forward
For Anthropic:
- Continue safety testing
- Expand trusted partner network carefully
- Develop better guardrails
- Prepare for regulatory scrutiny
For regulators:
- Develop frameworks for dual-use AI
- Establish oversight for cyber-capable models
- Require transparency in restricted access programs
- Consider export controls
For organizations:
- Assess whether they need access to cyber-capable AI
- Implement strong security for AI access
- Monitor for misuse of AI capabilities
- Prepare for AI-driven cyber threats
Conclusion
Anthropic PBC is widely releasing a version of Mythos that will be blocked from carrying out cybersecurity tasks, months after warning that the powerful artificial intelligence (AI) model could spot and exploit vulnerabilities in critical software.
The new model, called Fable 5, is set to be rolled out on Tuesday with guardrails that prevent it from responding to certain types of queries, including those related to cybersecurity and biology.
Anthropic is also releasing the same model, without some of the safeguards, as a new version of Mythos called Mythos 5. It will be available to select groups through an initiative called Project Glasswing.
Mythos has emerged as a focal point for the San Francisco-based company in recent months as it pushes towards an initial public offering. The company made the unusual decision to restrict access to the model to select partners, citing concerns that it can identify and exploit vulnerabilities “in every major operating system and every major web browser when directed by a user to do so.”
The dual release strategy is a compromise between safety and capability. Fable 5 is safe and widely available. Mythos 5 is cyber-capable and restricted.
The question is whether this compromise will hold or whether cyber-capable AI will inevitably leak, be jailbroken, or be misused.
Knowledge Check Quiz
- What is the definitive operational difference between Claude Fable 5 and Claude Mythos 5?
- Ans: Claude Fable 5 is wrapped in strict, real-time safety classifiers that restrict cybersecurity and biochemical queries for general access, whereas Claude Mythos 5 omits these classifiers and is restricted to vetted defensive partners via Project Glasswing.
- What action occurs automatically within the Claude interface when a user inputs a sensitive cybersecurity query into Fable 5?
- Ans: The architecture automatically and dynamically re-routes the sensitive query to the legacy Claude Opus 4.8 model, which utilizes more granular, contextual filters to handle the request.
- What is the specific data retention policy mandated by Anthropic for all traffic running on its Mythos-class models?
- Ans: Anthropic mandates a strict 30-day data retention policy across all first- and third-party surfaces specifically for safety monitoring and abuse detection purposes.
- Which state-of-the-art benchmark measures a model’s capacity to execute autonomous, agentic software engineering tasks across production codebases?
- Ans: SWE-bench Pro, where the Mythos-class architecture established a top score of 80.3%.
Frequently Asked Questions (FAQ)
Q: Why did Anthropic create Project Glasswing instead of completely blocking Mythos 5’s cyber capabilities?
Ans: Anthropic designed Project Glasswing to safely weaponize the model’s advanced capabilities for defensive purposes. The exact same algorithmic reasoning that allows the model to develop an exploit enables cyber defenders to scan immense codebases, locate critical vulnerabilities that survived decades of human review, and write production-grade security patches before attackers can exploit them.
Q: Does Anthropic utilize the business customer data collected during the 30-day retention period to train future models?
Ans: No. Anthropic has explicitly stated that while it requires a mandatory 30-day retention period for all Mythos-class traffic to monitor for safety violations and prevent malicious exploitation, this data is strictly insulated and will not be utilized for model training purposes.
Q: How do the new safety classifiers in Fable 5 impact standard corporate software engineering workflows?
Ans: For the vast majority of standard development tasks—such as automated code refactoring, translation, and general logic generation—the classifiers remain passive. Anthropic notes that the safety re-routing protocols to Opus 4.8 affect fewer than 5% of average user sessions, ensuring that general business productivity remains highly optimized.
Adv. Shoeb Hakim
AI Governance & Cyber Security Advisor
📌 Follow me on LinkedIn for daily AI governance and cyber security insights: https://www.linkedin.com/in/shoebhakim
📌 Visit my website for more articles: https://www.shoebhakim.com
📌 Visit my website for legal knowledge: https://www.vakilverse.com
📌 Visit my website for research fellowship: https://www.legalcomplaince.in
♻️ Share this article with your network.
Disclaimer: This article is for informational purposes only and does not constitute legal advice.
Hashtags: #AdvShoebHakim #Anthropic #Mythos #Fable5 #Claude #AI #CyberSecurity #AIGovernance #ResponsibleAI #AIRisk #VulnerabilityDetection #OffensiveAI #DefensiveAI #ProjectGlasswing #Opus48 #Stripe #BugBounty #RedTeaming #Jailbreak #AIRegulation #TechIPO #DualUseAI #AICapabilities #AI_Safety #AIRedTeaming #AIAlignment #ResponsibleDisclosure #ZeroDay #VulnerabilityResearch #EthicalHacking #PenetrationTesting #AI_For_Cybersecurity #AI_Threats #AIGovernanceFramework #AI_Compliance #AI_Ethics #AIRiskManagement #AI_SupplyChain #ThirdPartyRisk #AI_Trust #AI_Transparency #AI_Accountability #AI_Oversight #AI_Control #AI_AlignmentProblem #AI_SafetyResearch #AnthropicIPO #OpenAI #GoogleGemini #MicrosoftCopilot #MetaLlama #AI_Competition #AI_Regulation #EUAIAct #ExecutiveOrder #AI_BillOfRights #NIST_AI_Framework #OECD_AI_Principles #G7_Hiroshima_Process #AI_Summit #Bletchley_Park #AI_Safety_Summit #Frontier_AI #Dual_Use_AI
Leave a Reply