On June 9, 2026, Anthropic did something it had not done before: it shipped a single frontier model as two products. Claude Fable 5 is generally available, wrapped in safety classifiers that hand certain queries to Claude Opus 4.8. Claude Mythos 5 is the same underlying model with those safeguards lifted in some areas, and it is not on sale. Access is restricted to vetted partners working on cyberdefense and critical infrastructure.
That split is the real story, and it matters more than any benchmark. It is an admission that capability and safety can no longer be tuned with one dial for one audience. For teams building on Fable 5, the practical consequences are concrete: the model you deploy is deliberately constrained in a handful of domains, the headline cyber and biology numbers belong to a model you cannot buy, and there is a new mandatory data-retention requirement to square with your compliance obligations.
This guide explains how the safeguard architecture works, why it exists, how to read the benchmark asterisks, what the retention rule means in practice, and how to architect around the safeguards. For the model fundamentals and pricing, start with our Claude Fable 5 developer guide.
📌 What This Guide Covers
1One Model, Two Products
Fable 5 and Mythos 5 are not two different models. They are the same model, packaged two ways. Fable 5 is the version made safe for general use; its capabilities, in Anthropic's framing, exceed those of any model the company has previously made generally available. Mythos 5 is that same model with safeguards lifted in some areas, which Anthropic describes as having the strongest cybersecurity capabilities of any model in the world.
That second description is exactly why the model is gated. Anthropic says Mythos-class models have reached a threshold where they present significant risks, and that without safeguards, Fable 5's capabilities in areas like cybersecurity could be misused to cause serious damage. So Mythos 5 is deployed only through Project Glasswing, a program for cyberdefenders and critical-infrastructure providers, with trusted-access programs planned for vetted cybersecurity organizations and biomedical researchers.
| Dimension | Claude Fable 5 | Claude Mythos 5 |
|---|---|---|
| Underlying model | Same model | Same model |
| Availability | Generally available | Restricted (Project Glasswing) |
| Safeguards | Active; high-risk queries routed to Opus 4.8 | Lifted in some areas |
| API model ID | claude-fable-5 | No public API ID |
| Pricing | $10 / $50 per M tokens | $10 / $50 per M tokens |
💡 The governance read
Splitting one model into a safeguarded public product and a gated high-capability tier is a meaningful shift in how frontier labs ship. The model you deploy is deliberately constrained in a few domains, and that constraint is a feature, not a defect.
2How the Safeguard Architecture Works
The split is built on safety classifiers, separate AI systems that watch the conversation and detect attempts at misuse. When a classifier fires on Fable 5, the response is not refused outright. It is handed to Claude Opus 4.8, the next-most-capable model, which answers in Fable 5's place. Anthropic reports these classifiers trigger on fewer than 5% of sessions on average, so for routine work the handoff is invisible.
On how well the safeguards hold, Anthropic ran more than 1,000 hours of external bug-bounty red-teaming and reports no universal jailbreak was found, though the UK AI Safety Institute made progress toward one within an initial testing window. An external partner reported zero harmful single-turn responses across 30 public jailbreak techniques, and in blocking mode Fable 5 made 0% progress on exploitation and offensive cyber tasks. Anthropic frames the goal plainly: make any remaining jailbreaks slow and costly enough to detect and stop before they are used at scale.
Anthropic also assesses the model's misaligned behavior as low and similar to Opus 4.8, but higher-risk than models prior to the Mythos class. That higher inherent risk is the whole reason for the gated tier.
3The Three Safeguard Domains
The classifiers cover three domains. Everything outside them runs on Fable 5 at full strength.
Cybersecurity
Exploitation, offensive cyber tasks, and agentic hacking are blocked on Fable 5 and answered by Opus 4.8. This is why ExploitBench shows 78.0% for Mythos 5 but Fable 5 makes 0% progress on offensive cyber in blocking mode.
Biology & Chemistry
Currently a wide net that Anthropic admits is overly broad. Narrowing is planned so legitimate biomedical research is not caught. Watch this if your work touches health, pharma, or life sciences.
Distillation
Attempts to extract the model's behavior at scale to train a competing model are detected and blocked. This shapes how high-volume, repetitive extraction-style prompting is handled.
Everything Else
Coding, analysis, content, research, agentic delivery, vision, and knowledge work run on Fable 5 at full strength. For the work most businesses do, the safeguards never fire.
⚠️ The biology net is the one to watch
Until Anthropic narrows the biology and chemistry safeguard, legitimate biomedical, pharma, and life-sciences queries may get the Opus 4.8 fallback rather than Fable 5's full capability. If that is your domain, test before you commit.
4Reading the Benchmark Asterisks
The single most important caveat for anyone evaluating this release: the starred cyber and biology figures in Anthropic's table belong to the restricted Mythos 5, not the Fable 5 you can deploy. The table shows the higher of the two scores, which are within one to three points on most rows, but on starred rows the gap is large because Fable 5's safeguards fall back to Opus 4.8.
| Benchmark | Table figure (Mythos 5) | What Fable 5 actually delivers |
|---|---|---|
| ExploitBench (cyber) | 78.0%* | ~Opus 4.8 (40.0%); 0% offensive-cyber progress in blocking mode |
| HealthBench Professional | 66.0%* | Closer to Opus 4.8 (56.9%) when bio net catches the query |
| Humanity's Last Exam (tools) | 64.5%* | Near table figure except on safeguarded sub-topics |
| SWE-Bench Pro (coding, unstarred) | 80.3% | 80.3% - no safeguard, this is the real number |
Source: Anthropic Claude Fable 5 and Mythos 5 benchmark table, June 9, 2026. Starred (*) rows show Mythos 5. The unstarred coding row is shown for contrast: it has no safeguard, so the figure is what Fable 5 delivers.
The rule of thumb: trust unstarred rows (coding, knowledge work, vision, tool use, legal) as Fable 5's real performance, and treat starred rows as the ceiling of the restricted tier. If a vendor cites the 78.0% ExploitBench number as if it were the model you can buy, they are overstating what you will receive. Our full benchmark comparison breaks down every row against GPT-5.5 and Gemini 3.1 Pro.
5The 30-Day Retention Requirement
Mythos-class traffic, which includes Fable 5, carries a 30-day data retention requirement. Anthropic says this data is not used for training; it is retained to defend against novel attacks and jailbreaks and to reduce false positives, with all human access logged. This is a notable change for organizations that previously operated under zero-retention agreements.
- Not used for training - the retained data supports safety and abuse detection, per Anthropic.
- 30-day window - applies to Mythos-class traffic broadly, not just to flagged sessions.
- Human access is logged - which itself is part of the audit story you can present to a security reviewer.
- Review prior agreements - if you had a zero-retention arrangement, confirm how this interacts with it before you route sensitive workloads to Fable 5.
⚠️ Make retention a documented decision
For SOC 2, HIPAA, or GDPR programs, treat the 30-day retention as a data-flow change that belongs in your records of processing and vendor assessments. Do not assume your previous Anthropic data terms carry over to the Mythos-class models unchanged.
6What It Means for Regulated Teams
For most business work, the safeguards are invisible and the retention rule is a manageable paperwork item. The teams that need to plan carefully are those whose workloads live near the safeguarded domains or under strict data rules.
- Healthcare and life sciences - the broad biology net may route legitimate clinical or research queries to Opus 4.8. Test representative prompts and measure how often the fallback fires before standardizing on Fable 5.
- Security tooling - defensive security work that reads like offensive tasking can trip the cyber classifier. If you build security products, expect Opus 4.8 answers on those turns and design your prompts and evals around it.
- Regulated data handlers - document the 30-day retention in your compliance artifacts and confirm the impact on any zero-retention commitments to your own customers.
- Cost-sensitive teams - if your workload is heavily in safeguarded territory, you may pay the Fable 5 premium while receiving Opus 4.8 answers, in which case routing directly to Opus 4.8 is both cheaper and equivalent.
The architecture pattern that works: run a representative sample of your real tasks, log how often the safeguard fallback fires, and route deliberately. Send safeguarded-domain work to Opus 4.8 on purpose, reserve Fable 5 for the unstarred capabilities where it genuinely leads, and capture the retention decision in writing.
7Why Lushbinary for Safeguard-Aware Builds
Deploying Fable 5 well in a regulated environment is an architecture and compliance problem as much as a prompting one. Lushbinary has shipped production Claude integrations across healthcare, fintech, and security, where the safeguard fallback and retention rules are not edge cases but daily realities.
- Safeguard-aware routing - send safeguarded-domain work to Opus 4.8 on purpose, instrument how often the fallback fires, and reserve Fable 5 for where it leads.
- Compliance alignment - document the 30-day retention impact and build the audit trail SOC 2 and HIPAA reviewers expect.
- Evals and monitoring - measure quality and fallback rate on your real tasks so model choices are evidence-based.
- AWS infrastructure - VPC isolation, encryption, logging, and monitoring for sensitive workloads.
🚀 Free Consultation
Need Fable 5 in a regulated environment without the compliance surprises? We will map your workload against the safeguards, document the retention impact, and design routing that keeps you both capable and compliant, with no obligation.
8Frequently Asked Questions
What is the difference between Claude Fable 5 and Claude Mythos 5?
They are the same underlying model packaged two ways. Claude Fable 5 (API ID claude-fable-5) is generally available with safety classifiers that route cybersecurity, biology/chemistry, and model-distillation queries to Claude Opus 4.8. Claude Mythos 5 is that same model with those safeguards lifted in some areas, and it is not generally available. Access is restricted to vetted Project Glasswing partners working on cyberdefense and critical infrastructure.
How do Claude Fable 5's safeguards work?
Separate AI classifiers watch the conversation and detect attempts at misuse in three domains: cybersecurity, biology and chemistry, and model distillation. When a classifier fires, the response is not refused outright; it is handed to Claude Opus 4.8, which answers in Fable 5's place. Anthropic reports the classifiers trigger on fewer than 5% of sessions on average.
Why do Fable 5's cybersecurity and biology benchmarks carry an asterisk?
Anthropic's table shows the higher of the Fable 5 and Mythos 5 scores. On starred rows the displayed figure is Mythos 5, the restricted model. Fable 5's blocking safeguards pull its score down toward Opus 4.8 on those exact topics. ExploitBench shows 78.0% for Mythos 5, but Anthropic reports Fable 5 made 0% progress on offensive cyber tasks in blocking mode.
Does Claude Fable 5 require data retention?
Yes. Mythos-class traffic, which includes Fable 5, carries a 30-day retention requirement. Anthropic says this data is not used for training and is used to defend against novel attacks and jailbreaks, with all human access logged. Teams with prior zero-retention agreements should review the change before deploying.
Is Claude Fable 5 safe to use for regulated work?
For most business work it is, and the safeguards are a feature. The two things to plan around are the broad biology and chemistry net, which may route legitimate life-sciences queries to Opus 4.8 until Anthropic narrows it, and the 30-day retention requirement. Healthcare, pharma, and security teams should test their real workloads and document the retention impact for compliance.
📚 Sources
- Anthropic - Claude Fable 5 and Claude Mythos 5
- WIRED - Anthropic offers a Mythos upgrade and a safe version
- CyberScoop - Anthropic's new model is Mythos on a leash
- Business Insider - Anthropic released Fable 5, a Mythos-class model with safeguards
Content was rephrased for compliance with licensing restrictions. Safeguard architecture, retention policy, red-teaming results, and benchmark methodology sourced from Anthropic's June 9, 2026 announcement and reporting by WIRED, CyberScoop, and Business Insider. Safeguard scope and retention terms may change - always verify on Anthropic's website.
Deploying Fable 5 in a Regulated Environment?
Lushbinary builds safeguard-aware, compliance-ready Claude integrations with the routing, documentation, and monitoring auditors expect. Let's talk.
Ready to Build Something Great?
Get a free 30-minute strategy call. We'll map out your project, timeline, and tech stack - no strings attached.
Prefer email? Reach us directly:
