Claude Fable 5 Explained: Features, Pricing, and Why It Matters for Security Teams

Security and AI teams have been tracking Anthropic's Mythos-class models since Project Glasswing locked them behind a restricted access program in April 2026. On June 9, 2026, that changed. Anthropic launched Claude Fable 5 — the first Mythos-level model made available to the general public — bringing frontier-tier AI capabilities to any developer or enterprise team, with one significant asterisk: cybersecurity queries trigger a safety classifier and fall back to Claude Opus 4.8. In this guide, you'll learn exactly what Claude Fable 5 is, how its capabilities and safeguards work in practice, what the $10/$50 pricing actually costs at scale, and what the Fable 5 vs Mythos 5 distinction means for security professionals who want full, unrestricted access.

## Key Takeaways

• ▸Claude Fable 5 is Anthropic's first Mythos-class model available to the general public, launched June 9, 2026 — exceeding every Claude model previously made generally available in capability.
• ▸Fable 5 and Mythos 5 are the same underlying model; the difference is that Fable 5 has safety classifiers active for cybersecurity, biology/chemistry, and distillation queries — classifiers that are lifted for Mythos 5's restricted audience.

• ▸Pricing is $10 per million input tokens and $50 per million output tokens — exactly 2x the cost of Claude Opus 4.8 and less than half the cost of Claude Mythos Preview.
• ▸Cybersecurity queries flagged by Fable 5's classifiers are automatically rerouted to Claude Opus 4.8 and billed at Opus 4.8 rates — less than 5% of sessions trigger any fallback at all.
• ▸Access to Claude Mythos 5 — with cybersecurity safeguards lifted — remains restricted to Project Glasswing partners and select US government cyber defenders, with a broader trusted access program planned.
• ▸For security teams, Fable 5's agentic capabilities — multi-day autonomous workflows, self-verification loops, and 1M-token context — open genuine new possibilities for threat analysis, vulnerability research documentation, and long-form OSINT synthesis.
• ▸A mandatory 30-day data retention policy applies to all Fable 5 and Mythos 5 traffic — a consideration enterprise security teams must evaluate against their data governance requirements.

## What Is Claude Fable 5?

Claude Fable 5 is Anthropic's most capable generally available AI model, belonging to the new "Mythos-class" tier that sits above the Opus line in Anthropic's model hierarchy. Launched on June 9, 2026, Fable 5 marks the first time Anthropic has made Mythos-level capabilities accessible to the general public — the same capabilities that were previously restricted to a small group of government cyber defenders and critical infrastructure providers through Project Glasswing.

The name carries deliberate meaning. Fable derives from the Latin fabula — "that which is told" — which Anthropic chose as a counterpart to the Greek mythos. Both the Fable and Mythos variants share the same underlying model architecture; what distinguishes them is the presence or absence of Anthropic's new safety classifiers. Fable 5 is the Mythos model made safe for broad release. Mythos 5 is the same model with those safety restrictions selectively lifted — currently reserved for Glasswing partners.

The AI cybersecurity implications of this launch extend well beyond the model's direct capabilities. Fable 5 represents the first public access to a model tier that Anthropic itself has identified as capable of providing meaningful uplift for sophisticated cyberattacks — which is precisely why the safety classifiers exist and why the Fable/Mythos split was engineered. For a broad view of how AI-powered capabilities are reshaping the threat landscape, the AI Cybersecurity research category documents the accelerating intersection of large language models and offensive and defensive security operations.

## Why Claude Fable 5 Matters for Cybersecurity Teams

Claude Fable 5 matters for cybersecurity professionals specifically because it simultaneously represents the most capable AI model available to security teams for defensive workflows and the most restricted AI model in history when used for offensive tasks — a deliberate design choice that reflects how seriously Anthropic treats the dual-use risk of frontier AI in the security domain. Understanding this dual nature is the starting point for any security team evaluating whether and how to integrate Fable 5 into their operations.

The previous state of play was simpler. Anthropic's Opus-class models were powerful research and analysis tools but did not represent a step-change in operational cyber risk — either for defenders or attackers. Fable 5 changes the calculus significantly. Anthropic's own red-team data shows that Mythos-class models excel at discovering and exploiting software vulnerabilities, and demonstrate strong capabilities across the full offensive chain: reconnaissance, discovery, lateral movement, and exploitation. These are capabilities meaningful enough to prompt not just new safety classifiers but a separate, gated model variant. The implications for enterprise cyber operational resilience are direct: organizations now face adversaries who may be operating AI tools of this caliber, whether through Glasswing-equivalent access or through future model variants from competing labs with fewer restrictions.

For defenders, the inverse is equally significant. The same underlying capabilities — long-horizon autonomous task execution, deep document analysis, sophisticated multi-step reasoning across millions of tokens — translate directly into accelerated threat investigation, faster vulnerability research synthesis, and more capable automated security workflows. The question is not whether to evaluate Fable 5 for defensive use, but how to do so in a way that accounts for the data retention requirements and the behavioral differences introduced by the cybersecurity classifiers.

## What Are Claude Fable 5's Core Capabilities?

Claude Fable 5's core capabilities center on four areas where it exceeds all previously available Claude models: software engineering, knowledge work, vision, and long-running autonomous task execution — with the longest and most complex tasks showing the largest performance margins over Opus 4.8. This capability profile directly maps to high-value use cases for security operations teams.

Agentic Operation and Long-Horizon Task Execution

Fable 5's most architecturally significant capability is its ability to execute multi-day, autonomous, asynchronous workflows with minimal human oversight. Previous Claude models required frequent check-ins during extended tasks. Fable 5 can plan across multiple task stages, delegate to sub-agents, check its own work through self-verification loops, and maintain coherent context across millions of tokens for days-long sessions. In agent harnesses like Claude Code or Managed Agents, Stripe reported that the model compressed months of engineering work into a single day — performing a codebase-wide migration across 50 million lines of Ruby code in less time than a full engineering team would take over two months.

For security teams, this agentic capability changes what is practically achievable with AI-assisted workflows. Long-running threat intelligence synthesis across large document corpora, multi-step OSINT investigations, and extended vulnerability research sessions that were previously too unwieldy for AI-assisted completion are now realistic use cases. The passive reconnaissance methodology that security researchers apply across dozens of data sources over extended periods is precisely the kind of long-horizon, multi-step workflow where Fable 5's extended autonomy provides genuine operational leverage.

Software Engineering and Code Analysis

Fable 5 is the highest-scoring model on FrontierBench (Cognition's evaluation of production-quality code) and CursorBench, with capabilities that extend to large-scale codebase migration, complex multi-file implementations, and autonomous testing cycles. The model writes its own tests to verify its outputs, implements from design specifications with high fidelity, and uses vision to check rendered outputs against intended goals.

For security teams working on code review, vulnerability research, or custom tooling development, this represents a material step up. The self-testing loop is particularly relevant: security code that can be independently verified by the model before a human reviews it significantly reduces the review burden on security engineering teams managing high volumes of custom tooling.

Vision and Document Intelligence

Fable 5 understands diagrams, charts, and tables embedded in PDFs and complex documents — extracting precise numerical data from detailed scientific figures and performing vision-based analysis that previous Claude models struggled with even using specialized harnesses. This capability has direct applications for security teams processing large volumes of structured threat intelligence reports, compliance documentation, and incident investigation artifacts.

The model also uses its vision capabilities to evaluate its own coding outputs — checking rendered applications against original design specifications without human intervention. In early testing, Fable 5 completed the game Pokémon FireRed using only raw game screenshots with no helper tools or maps — a benchmark that previous Claude models required complex scaffolding to even attempt.

Knowledge Work and Senior-Level Analysis

Fable 5 leads Anthropic's models and achieved the highest score on Hebbia's Finance Benchmark for senior-level reasoning — with substantial gains specifically in document-based reasoning, chart interpretation, and complex multi-step problem solving. IMC reported that Fable 5 passed their trading-analysis evaluation across all categories including factual lookup, conceptual reasoning, root-cause analysis, and expected-value analysis.

For security analysts conducting threat intelligence research, the implication is a model capable of synthesizing complex, multi-source intelligence at a level that consistently meets or exceeds the standard a senior analyst would produce.

## How Do Claude Fable 5's Cybersecurity Safeguards Work?

Claude Fable 5's cybersecurity safeguards operate through a separate classifier layer — an AI system that runs in parallel with the main model, detects potential misuse including jailbreak attempts, and routes flagged requests to Claude Opus 4.8 instead of Fable 5. The classifiers are explicitly designed to cover not just direct exploitation queries but the full offensive cyber chain: reconnaissance, discovery, lateral movement, and exploitation — because Fable 5's agentic capabilities make the full attack chain, not just individual exploit steps, a threat worth blocking.

Anthropic's red-team data provides specific, verified performance metrics for these safeguards. In external testing, Fable 5 complied with zero harmful single-turn requests related to planning a cyberattack, developing exploits, or evading defenses — holding against all 30 public jailbreak techniques tested. An external bug bounty program produced no universal jailbreaks in over 1,000 hours of testing. One external partner identified Fable 5's cybersecurity safeguards as the most robust of any model tested — including Opus 4.8 and Opus 4.7. The UK AI Safety Institute did make initial progress toward a universal jailbreak in a brief testing window, which Anthropic publicly acknowledged alongside noting that this targeted complex, realistic attack tasks rather than simple queries.

For security professionals operating the model, three practical points about the classifier behavior are essential:

First, flagged queries fall back to Opus 4.8 automatically — users are informed when this happens, and the response comes from Opus 4.8 rather than an outright refusal. Anthropic confirmed in its launch announcement that Opus 4.8 is "a highly capable model in its own right," meaning the fallback experience is a useful response, not a dead end.

Second, the classifiers are deliberately tuned conservatively. Anthropic acknowledged at launch that some benign requests — including from legitimate security researchers — will trigger the classifiers. The company stated it is actively working to reduce false positives and expects to refine the classifiers continuously after launch.

Third, less than 5% of Fable 5 sessions trigger any fallback. For the vast majority of security workflows that involve analysis, documentation, research synthesis, and code review rather than live offensive testing, the classifiers will not interfere.

## What Is the Difference Between Claude Fable 5 and Claude Mythos 5?

Fable 5 and Mythos 5 are the same underlying model — the distinction is entirely about which safety classifiers are active and who can access each variant. Fable 5 has cybersecurity, biology/chemistry, and distillation classifiers active; Mythos 5 has the cybersecurity classifiers lifted and is currently restricted to Project Glasswing partners and approved US government cyber defenders.

This distinction carries significant practical implications for security professionals. Mythos 5 — with unrestricted cybersecurity capabilities — has been described by Anthropic as having "the strongest cybersecurity capabilities of any model in the world." It is being deployed through Project Glasswing as an upgrade to Claude Mythos Preview, which launched in April 2026. Anthropic's initial update on Project Glasswing confirmed that Glasswing partners have used the model to help secure critically important software.

Organizations seeking access to Mythos 5 for legitimate security research can sign up for notifications about the trusted access program at Anthropic's Glasswing page. Anthropic stated its intention to expand Mythos 5 access steadily — adding new organizations periodically while building toward a more systematic application process.

For context on the broader threat intelligence implications of AI-assisted security operations, ReconShield's threat intelligence research section covers the evolving intersection of AI capabilities and security operations in depth.

## Claude Fable 5 Pricing: The Complete Breakdown

Claude Fable 5 is priced at $10 per million input tokens and $50 per million output tokens — exactly double the cost of Claude Opus 4.8 and less than half the previously reported pricing for Claude Mythos Preview. This pricing applies identically to both Fable 5 and Mythos 5.

Several pricing mechanisms reduce the effective per-token cost at scale:

Prompt caching applies a 90% discount on cached input tokens — the same prompt caching discount that existed for previous Claude models. For workflows that repeatedly process the same large documents or system prompts (common in security automation pipelines), the effective input cost drops dramatically with caching enabled.

Fallback pricing is charged at Opus 4.8 rates, not Fable 5 rates. When the cybersecurity classifier fires and routes a response to Opus 4.8, the cost reverts to Opus 4.8 per-token pricing. This means security teams are not paying the Fable 5 premium for responses delivered by a different model.

US-only inference is available at a 1.1x price multiplier for input and output tokens, for organizations requiring data residency within US infrastructure.

On subscription plans, Anthropic announced a phased rollout: Fable 5 is included at no extra cost on Pro, Max, Team, and seat-based Enterprise plans through June 22, 2026. After June 23, usage credits will be required on those plans until Anthropic has sufficient capacity to restore Fable 5 as a standard included model. API and consumption-based Enterprise customers have full access from day one.

## What Are the Security and Data Governance Considerations?

The most significant governance consideration for enterprise security teams evaluating Fable 5 is the mandatory 30-day data retention policy that applies to all Mythos-class model traffic — including Fable 5. This is a new requirement not applied to Opus-class models. Anthropic has stated that retained data will not be used to train new Claude models and will be deleted after 30 days in almost all cases, with logged human access to the data as an additional privacy control.

For security teams processing sensitive incident data, threat intelligence feeds, or proprietary research, this retention window requires careful review against organizational data governance policies and relevant compliance frameworks. Anthropic has published detailed guidance on this policy at its support pages. Organizations in regulated industries should evaluate this requirement before deploying Fable 5 on sensitive workflows.

The cybersecurity classifier design also has governance implications: because classifiers cover offensive cyber tasks broadly — including legitimate security research workflows involving penetration testing concepts, vulnerability research, and security tooling — security teams should expect some benign workflows to encounter the Opus 4.8 fallback and plan accordingly. Running parallel evaluation sessions using both Opus 4.8 and Fable 5 on representative security research tasks will establish which query types trigger the classifier within a specific security team's workflow before committing to full deployment.

For a structured approach to understanding and managing AI-introduced attack surface changes in enterprise environments, the attack surface management guide provides a relevant framework for security teams assessing new technology deployments.

## How Should Security Teams Evaluate and Use Claude Fable 5?

Security teams should approach Claude Fable 5 evaluation with a clear separation between three distinct operational roles: threat intelligence synthesis, security research documentation, and autonomous security tooling — with the cybersecurity classifier behavior understood in advance for each role. The model's strongest value proposition for security operations is in the first two categories, where the classifiers are unlikely to interfere and the agentic capabilities provide genuine uplift.

For threat intelligence synthesis, Fable 5's 1M-token context window and senior-level analytical reasoning are particularly powerful. Processing extended threat intelligence reports, cross-referencing multiple sources within a single session, building structured intelligence assessments, and synthesizing OSINT findings from multiple passive sources are all tasks where the model's capabilities exceed previous Claude versions by a meaningful margin. The OSINT fundamentals methodology describes the multi-source research workflow that benefits most directly from Fable 5's long-context capabilities.

For security research documentation, the model's deep document understanding and vision capabilities — particularly its ability to analyze charts, diagrams, and technical figures embedded in PDFs — make it well-suited for vulnerability research documentation, compliance evidence review, and structured technical writing. The anatomy of passive OSINT describes the kind of multi-document, multi-stage research workflow where these document analysis capabilities create measurable time savings.

For autonomous security tooling, the agentic capabilities are compelling but require careful assessment of which tasks trigger the cybersecurity classifiers. Building security tooling that doesn't directly involve offensive task descriptions — logging parsers, alert triage automation, reporting pipelines, and custom dashboard code — can leverage Fable 5's self-testing and autonomous coding capabilities without classifier interference. Tooling that involves scanning, exploitation, or offensive security concept implementation should be tested against the classifier behavior in a development environment before committing to deployment.

The starting point for any security team's AI capability assessment is a clear baseline of their own external exposure posture. Run ReconShield's passive exposure assessment tool before deploying any new AI-powered workflow — and review the full passive reconnaissance methodology to ensure your own infrastructure doesn't present the kind of attack surface that Mythos-class AI capabilities could accelerate exploitation of.

## Where and How to Access Claude Fable 5

Claude Fable 5 is available immediately via the Claude API using the model identifier claude-fable-5, on Claude.ai's Pro, Max, Team, and Enterprise subscription plans, on Amazon Bedrock, and through Google Cloud and Microsoft Foundry. For developers, the Claude Platform documentation at platform.claude.com/docs provides the full integration guide.

For subscription plan users, the free access window runs through June 22, 2026 — after which usage credits will be required until Anthropic restores Fable 5 as a standard plan feature. Anthropic has committed to communicating any changes ahead of time and to restoring standard access as quickly as capacity allows.

For organizations seeking Claude Mythos 5 — the unrestricted variant — access currently flows exclusively through Project Glasswing. Security organizations interested in joining can sign up for Mythos 5 access notifications directly on Anthropic's Glasswing page. Anthropic has confirmed plans to expand Glasswing participation and to build a more systematic trusted access application process for both cybersecurity and biomedical research organizations.

## Conclusion

Claude Fable 5 is the first genuine step-change in publicly accessible AI capability since Anthropic introduced the Opus line — and for the security industry, it is the model that forced Anthropic to build the most sophisticated AI safety classifier system it has ever deployed. Both of those facts deserve serious attention from security teams. The model's agentic capabilities, long-context reasoning, and senior-level analytical performance create legitimate new opportunities for defensive security operations. The cybersecurity safeguards that Anthropic built into Fable 5 — and the existence of a separately gated Mythos 5 variant without those safeguards — signal unambiguously that frontier AI is now capable of providing meaningful uplift in offensive operations.

For security teams, the practical next step is structured evaluation: test Fable 5 on representative threat intelligence, research synthesis, and tooling workflows; understand which query patterns trigger the Opus 4.8 fallback; assess the 30-day data retention requirement against governance policies; and monitor the Project Glasswing trusted access program for Mythos 5 access if unrestricted cybersecurity capabilities are operationally required. ReconShield's passive security analysis tools provide the external exposure baseline every security team should have in place before expanding their AI-assisted capabilities — because Fable 5-class models work in both directions.

Written by Surendra Reddy Cybersecurity Researcher & Founder, ReconShield. Surendra is a cybersecurity engineer specializing in Open Source Intelligence (OSINT), exposure intelligence, and AI-driven threat analysis. He built ReconShield to democratize access to enterprise-grade infrastructure visibility tools and secure digital internet-facing assets.

Reviewed by ReconShield Editorial Team