Anthropic released two versions of the same AI model on June 9, 2026, but only one is available to the general public. Claude Fable 5 launched with broad access at $10 per million input tokens and $50 per million output tokens, while Claude Mythos 5 remains restricted to government agencies and vetted cybersecurity organizations through a program called Project Glasswing. Both models run identical underlying architecture, but Mythos 5 has safety guardrails partially or fully removed.

Why Did Anthropic Create Two Names for One Model?

The naming distinction reflects a fundamental design choice rooted in the model's dangerous capabilities. The names come from Latin: "fabula" means "that which is told," while "mythos" refers to the underlying reality. Fable 5 is the version Anthropic was willing to release publicly. Mythos 5 is what the model actually is without restrictions.

Fable 5 wraps the base architecture in a layer of classifiers that intercept and downgrade certain requests to Claude Opus 4.8, an older, less capable model. When users ask Fable 5 about cybersecurity exploitation or advanced biology techniques, the system hands the request to Opus 4.8 instead and notifies the user that this happened. Anthropic reports that over 95% of Fable 5 sessions involve no fallback at all, meaning most users never encounter these restrictions.

Mythos 5 removes these classifiers entirely for authorized users. The difference is not about model quality or architecture; it is purely about what the model is permitted to do.

What Makes Mythos 5 Dangerous Enough to Restrict?

Anthropic's red team conducted extensive testing on Mythos Preview, an earlier version of the restricted model, and published findings that explain why the company treats this architecture differently. The results were striking:

• Browser Exploits: Mythos Preview developed working Firefox JavaScript shell exploits 181 times in testing, compared to just twice for Claude Opus 4.6 across several hundred attempts.
• Vulnerability Chaining: The model autonomously chained four separate vulnerabilities into a single browser exploit, including a complex JIT heap spray that escaped both renderer and operating system sandboxes.
• Fuzzing Performance: On OSS-Fuzz corpus testing across roughly 7,000 entry points, Sonnet 4.6 and Opus 4.6 each achieved a single tier-3 crash, while Mythos Preview achieved full control-flow hijack on ten separate, fully patched targets.
• Cybersecurity Benchmark: On Cybench, Mythos achieved a 100% success rate, making it the first model to reach that milestone.
• Real-World Exploitation: Non-expert engineers with no formal security training asked Mythos to find remote code execution vulnerabilities overnight and woke to complete, working exploits.

These capabilities represent a genuine leap beyond previous AI models. The model can identify and exploit zero-day vulnerabilities, chain multiple exploits together, and do so reliably enough that untrained engineers can weaponize its output. This is why Anthropic built the two-tier release structure.

Who Can Actually Access Mythos 5, and How?

Project Glasswing, launched in April 2026 in collaboration with the US government, controls access to Mythos 5. The program aims to put the model's cybersecurity capabilities in the hands of defenders before attackers can adapt. Current access tiers include existing Glasswing partners from the April rollout, US government cyber defense operations, and a select group being added on a periodic expansion schedule.

Anthropic confirmed that a broader trusted access program is coming, allowing cybersecurity organizations to apply more systematically rather than waiting for individual invitations. A separate biology trusted access track is also in preparation, with different eligibility criteria and different safeguard configurations for each program.

How to Prepare Your Systems for Fable 5

• Fallback Behavior: Understand that Fable 5 will downgrade certain requests to Claude Opus 4.8 and notify you when this happens for cybersecurity and biology requests. However, requests about frontier LLM development receive silent degradation without notification, so the model will simply respond less effectively without telling you why.
• Pricing Impact: At $10 per million input tokens and $50 per million output tokens, Fable 5 costs less than half the price of Mythos Preview. Calculate your expected token usage and budget accordingly, especially if you were previously using older Claude models.
• Safeguard Categories: Familiarize yourself with the four categories of restricted requests: cybersecurity exploitation, biology and chemistry, distillation detection, and frontier AI development. Design your prompts and workflows to avoid triggering unnecessary fallbacks.
• Migration Planning: Review your current Claude model usage and plan your transition to Fable 5 before the June 22 deadline to avoid service interruptions or unexpected behavior changes.

The release of Fable 5 and Mythos 5 represents a new approach to responsible AI deployment. Rather than withholding powerful capabilities entirely, Anthropic is distributing them selectively based on use case and user identity. Developers building general-purpose applications get Fable 5 with safety guardrails. Cybersecurity defenders get Mythos 5 with those guardrails removed, allowing them to use the model's unprecedented hacking capabilities to strengthen defenses.

This two-tier model reflects a broader tension in AI development: how to advance the frontier of AI capability while managing the risks those capabilities create. Anthropic's answer is not to slow down or hold back, but to accelerate deployment to defenders while keeping the most dangerous capabilities away from the general public.