Claude Mythos 5 Back Online: Anthropic's Research Reveals Fable 5 Held No Exceptional Security Risk
Anthropic relaunched Claude Mythos 5 globally on July 2, revealing that internal tests showed Fable 5 posed no unique cybersecurity risk compared to rival AI models. The 18-day suspension, triggered by US export controls, ends with new classifiers now blocking the reported exploit technique.
Anthropic has officially relaunched Claude Mythos 5 for global users as of July 2, alongside a significant disclosure: internal testing conducted by the company indicates that Claude Fable 5 did not represent a uniquely dangerous cybersecurity threat compared to other leading AI models on the market.
The announcement marks the end of an 18-day suspension that began on June 12, when US export controls forced Anthropic to pull Fable 5 from public availability. The restrictions came after researchers at Amazon identified a method to circumvent the model's built-in safety filters — a technique that could cause the model to detect software vulnerabilities and, in at least one documented instance, demonstrate a working exploit.
Both Fable 5 and Mythos 5 had originally gone live on June 9. While they share the same underlying architecture, Fable 5 was publicly accessible, whereas Mythos 5 was restricted to a select group of vetted partners under the Project Glasswing initiative, primarily for defensive cybersecurity applications.
To understand how serious the threat actually was, Anthropic ran comparative evaluations across multiple frontier AI systems. The results were telling: Claude Opus 4.8, GPT-5.5, and Kimi K2.7 were each capable of identifying the same software vulnerabilities that Fable 5 had flagged in the Amazon incident. All tested models could also reproduce the single exploit demonstration that had triggered the regulatory response.
This data points to a broader industry-wide capability gap rather than a problem exclusive to Fable 5. Despite this finding, Anthropic moved forward with developing a more robust classifier specifically designed to block the reported bypass technique. According to the company, the updated system prevents the exploit in over 99% of attempted cases. Requests that get blocked are now automatically redirected to Claude Opus 4.8.
It is worth noting that Fable 5 was already built with what Anthropic describes as the strictest safety margins of any model in its lineup. Its classifiers are configured to intercept requests that appear even marginally risky — not just those with obvious harmful intent. The newly trained classifier extends this coverage further, though Anthropic acknowledges a trade-off: it now also flags a greater number of routine coding and debugging queries that pose no real threat. The company says it will continue refining the system to reduce false positives over time.
Mythos 5, which operates under a lighter set of restrictions, was cleared for return earlier — on June 26 — but only for institutions that received explicit government authorization.
Anthropicannounced the redeployment on July 1, stating that following productive conversations with the US government, Fable 5 would be made available again globally the following day, equipped with new classifiers targeting a broader range of cybersecurity-related tasks.
The episode leaves a broader regulatory question unanswered. If competing models already possess the same capabilities that led to Fable 5 being suspended, it remains unclear what benchmark authorities will use when evaluating the next generation of frontier AI systems. The situation highlights the growing tension between AI safety enforcement and the practical reality of capabilities that are becoming increasingly common across the industry.

