On June 9, 2026, Anthropic publicly released Claude Fable 5 — the first Mythos-class model made broadly available to users. However, the launch comes with unprecedented restrictions: the model actively blocks queries about biology, chemistry, and cybersecurity, routing them to the older Opus 4.8 model.
Key takeaways
- Fable 5 blocks all biology and chemistry queries (not just bioweapons) and cybersecurity
- Model scored 78% on ExploitBench (vs 40% for Opus 4.8 and 69% for Mythos Preview)
- API pricing: $10 per million input tokens and $50 per million output tokens
- Full capabilities restricted to vetted participants in Project Glasswing
- False positives (refusals of legitimate queries) occur in fewer than 5% of sessions
One model, two faces
Claude Fable 5 and Mythos 5 share the same base model. The difference lies in the safety layer: Fable 5 uses a system of classifiers based on Constitutional AI to detect banned topics and potential jailbreak attempts. When the classifier detects such a query, Fable 5 does not respond — instead it switches to the earlier Claude Opus 4.8 and notifies the user of the switch.
Anthropic has been running Project Glasswing for several months in limited preview — Mythos 5 remains available only to a 'small group of cyberdefenders' vetted through the program. The company now announces an expansion of the program 'in consultation with the US government,' as well as a new trusted access program for life sciences organizations that will remove biology and chemistry blocks for vetted partners while keeping cybersecurity restrictions in place.
Why such sharp restrictions?
The main driver is a dramatic jump in the model's cybersecurity capabilities. Mythos 5 scored 78% on ExploitBench — a test of vulnerable code exploits. By comparison, Opus 4.8 scored 40% and Mythos Preview scored 69%. Anthropic says the model can execute multi-step cyberattacks — agentic hacking — with far greater facility than earlier models.
External validation introduces some nuance. The UK's AI Security Institute tested Mythos Preview and found its scores on a suite of Capture the Flag challenges were comparable to GPT-5.5 from OpenAI, suggesting this is not a breakthrough unique to one model.
For biology and chemistry, Anthropic has extended restrictions beyond bioweapons to cover all queries in these fields. The rationale: well-resourced malicious actors could use even seemingly benign queries to assist with risky biological research far more effectively than with earlier models.
The trusted access dilemma
The same queries that are beneficial in the hands of cybersecurity professionals and biology researchers could be dangerous if available to malicious actors.
Anthropic, Claude Fable 5 technical documentation
In practice, academic researchers, biology students, and penetration testers working without Project Glasswing verification will encounter blocks on queries that remain unrestricted in competing models. Security researchers have criticized this approach as overly restrictive for legitimate work — a critique Anthropic partly accepts, saying the system is intentionally 'stricter than ideal.'
Pricing and access
Fable 5 is available via API and Enterprise at $10 per million input tokens and $50 per million output tokens — 67 to 100 percent more expensive than comparable GPT-5.5 tiers from OpenAI. This pricing differential could matter as the frontier model market faces increasing cost pressure. Existing Anthropic subscription plans retain Fable 5 access until June 22, after which "usage credits" will be required.
Why this matters
Fable 5 is likely the first clear demonstration of how AI labs intend to manage increasingly powerful models: through selective, verified access rather than uniform restrictions for all users. This approach raises fundamental questions about who decides who is 'trusted,' and whether such decisions should rest entirely with private companies.
For the cybersecurity and life sciences industries, this access model may become the norm for future AI model generations. Companies in these fields must plan for both access verification processes and scenarios where critical tools may be restricted for safety reasons beyond their control.
A second important question concerns competition: since GPT-5.5 achieves similar benchmark scores on cybersecurity with fewer access restrictions, users have a real alternative without additional barriers — creating market pressure on Anthropic.
What's next
- Project Glasswing expansion for cybersecurity professionals planned "in consultation with the US government" — no timeline given.
- New trusted access program for life sciences organizations to launch alongside Glasswing expansion — details to be announced separately by Anthropic.
- Restoration of Fable 5 in standard Anthropic subscription plans contingent on reaching 'sufficient capacity' — no defined timeline.
