Anthropic’s Fable 5 and Mythos 5 is the most 2026 product launch you’ll read this year. The same model can find nation-state zero days, design novel drug candidates, and play FireRed on a Gameboy Advance with nothing but screenshots. And for the gaming fans out there: yes, we got Fable 5 before Fable 4.
These three examples also exhibit the characteristics that matter in these models: long time horizon tasks, self-correcting operations, and autonomous reasoning. Anthropic released all three of these on Tuesday under two names: Claude Fable 5 for the public and Claude Mythos 5 for a vetted few. For Forrester clients, we’ve prepared an update on how to discuss this release with your Board of Directors and Senior Leaders here.
What’s Understood And Expected
Anthropic was always going to ship Mythos. In April, the company introduced Mythos Preview as a model too dangerous to release, gated to roughly 50 Project Glasswing partners. The partnership expanded in June to 150. Its “eventual” release arrived a few weeks later. A frontier lab on the brink of IPO sitting on its most capable model indefinitely was never going to happen. Fable 5 is that model with guardrails; Mythos 5 is that model with the guardrails selectively lifted in some use cases for defenders.
Fable 5 is state-of-the-art on nearly every capability benchmark, and both models list at less than half the price of Mythos Preview. These models are still expensive, just less expensive than the Mythos preview version. And the harsh truth remains: as token prices come down, token usage goes up, meaning the total amount spent increases even as the per unit costs drops. Mythos requires approved access and a hefty wallet to afford it. The divide between haves and have nots in cybersecurity just widened, ushering in an era of aggressive model cost optimization and hard tradeoffs on capability versus cost.
What To Know About Two Big Changes
The Safeguards Are A Control You Depend On…But Don’t Operate
Fable 5 and Mythos 5 are one model with a safety switch. For cybersecurity, biology, and chemistry topics, Fable 5 can block the request and route the query to Opus 4.8 instead. Users are informed the fallback took place. Anthropic says the fallback triggers in under 5% of sessions, is tuned conservatively so it will sometimes catch harmless requests, and that testing surfaced no universal jailbreaks.
Mythos 5 is a gated release to select members of Project Glasswing, but it removes some of the safeguards that Fable 5 ships with. This aligns the model release with our first in market AEGIS Framework principle of Least Agency tuning and guardrails at the model provider layer. Your enterprise does not administer this guardrail. The guardrails’ scope, sensitivity, and reliability are set by Anthropic. defining what acceptable risk looks like for global R&D and security operations teams, without any real public governance structure. Enterprise-specific runtime security and guardrails for applications and users working with these models is still necessary for anything your organization wants to detect or prevent.
The Data Retention Policy Change Is A Huge Adjustment For Enterprises
There’s another significant change coming with Fable 5 and Mythos 5. Anthropic now requires 30-day retention on all traffic (prompts and completions) across both its own surfaces and third-party platforms – a requirement that overrides existing zero-retention agreements. If your enterprise negotiated a zero-retention DPA, using a Mythos-class model voids it for that traffic. There is no opt-out. Consumer subscriptions already included a retention period, so this doesn’t change for Pro and Max subscribers, which is why we continue to advise caution about what data consumers put into these tools.
For third-party risk concerns, Anthropic says the data will not train new Claude models and will not be used for any non-safety purpose; that it logs all human access to the retained data; and that it deletes the data after 30 days in almost all cases. Anthropic published a whitepaper in its trust center about the use cases and safeguards in place to protect enterprise data, and highlights when retained data is kept beyond the 30-day window. The stated purpose is defensive: catching novel attacks, multi-request abuse, and new jailbreaks, and reducing false positives in the safeguard layer.
The 30-day window lines up with a White House executive order that set a voluntary framework for AI companies to share frontier models with the government ahead of public release. So “safety monitoring” and “potential government visibility” are now adjacent concepts.
Fable 5 and Mythos 5 Facts
| Item | Detail |
|---|---|
| Models | Fable 5 (public, safeguarded) and Mythos 5 (restricted, safeguards lifted in some areas). Same underlying model. |
| Access | Fable 5: Claude API (claude-fable-5) and consumption Enterprise today; free on Pro, Max, Team, seat-based Enterprise through June 22, then usage credits. Mythos 5: Glasswing partners, US government, and approved bio researchers; broader trusted-access programs to follow. |
| Price | $10 / $50 per million input/output tokens, under half of Mythos Preview, still the most expensive major model. |
| Safeguards | Cyber, biology, and chemistry queries can be blocked and routed to Opus 4.8. Anthropic says the fallback triggers in under 5% of sessions and that testing found no universal jailbreaks. |
| Data retention | Mandatory 30-day retention on ALL traffic, first- and third-party surfaces, overriding prior zero-retention agreements. Not used for training; human access logged; deleted after 30 days in almost all cases. |
What To Do
Fable 5 is the most capable model the public can touch today and the benchmarks are laudable. The changes to data retention, silent model downgrades, and premium pricing all have immediate impact on cybersecurity teams.
Accept that availability may need to suffer to preserve confidentiality.
That’s a tradeoff that will be difficult for IT and Development teams that consider uptime and “5 9’s” as sacred, but it’s the reality of the world we now live in. Deploying untested patches or virtual patching to prevent a potential exploit is worth the tradeoff in potential downtime —which major banks are preparing for now Giving customers partial bill credits for outages is far less expensive than a decade of litigation and fines from regulators from a data breach.
This isn’t just a technology decision; it’s a behavioral and cultural shift that will make many in the organization uncomfortable. Frontier AI makes this a necessary evil. Patch fatigue will morph into triage fatigue as tired teams of defenders tap out from the never-ending onslaught of issues that must be tracked and remediated from these model releases. Take the following steps to counter this before it overburdens your teams and slows your decision making:
- Start with proactive security platforms that allow agents to take action in non-critical environments and asset types.
- Assess your ability to automate what you can in the remediation lifecycle.
- Shift your vulnerability management processes to better handle the record breaking number of CVEs that will continue to increase.
- Test projects to utilize and deploy virtual patching.
Open-source Maintainers Still Need Help
These disclosures require investigation, triage, and, when applicable, remediation due to expanded Mythos 5 access. To assist, qualifying open-source maintainers can sign up for free access to the Max20x plan for six months, which offers higher usage limits. However, this assumes that maintainers have the time and capacity to prioritize addressing the surge in reported vulnerabilities. Anthropic, like most AI model providers, was built on open-source software and continues to benefit from the open-source ecosystem. With another blockbuster revenue quarter projected, sustained funding to critical open-source projects would demonstrate a commitment to the community that Mythos is likely to disrupt.
Now is the time for ruthless prioritization of the open-source software you use: well-maintained, communicative, and security-oriented deployments. In a worst-case scenario, for less-maintained but critical open-source software, it can make sense to fork it and take on that maintenance yourself.
The First Document Defenders Will Create
Whether it’s your pen testers or your SOC Analysts, the first document almost every team will share is not going to be “best prompts for Fable 5”. It will be “Prompts that bypass fallbacks in Fable 5” that explains how to get around safeguards to obtain Mythos 5 like capabilities and bypass the conservatively tuned safeguards that impact up to 5% of sessions. Anthropic attests to 1000s of hours of testing to prevent jailbreaking Fable 5, but motivated and creative security pros always find a way.
Your Old Processes And Procedures Don’t Work Anymore
Anthropic benchmarks showcase Fable 5 working across long time horizon sessions over days, delegating to subagents, checking its own work, and recursively improving its own code. Your assumptions of change control, application security gates, testing rules, and two-person approval workflows were not built for self-improving autonomous software development that finishes testing in the time it takes you to schedule meetings between two busy people. This requires process reinvention across multiple domains in cybersecurity, and a shift in your risk appetite that differs from what your organization is used to.
Establish Agentic Development Security Practices
As developers adopt Fable 5 and other advanced coding agents, the increased volume, speed, and complexity of releases will surpass what traditional application security testing tools were built to address. Organizations must invest in Agentic Development Security (ADS) tools designed to prevent insecure code generation, AI selection of hallucinated, outdated, or vulnerable third-party components, and agents leaking sensitive data and secrets.
Coding agents introduce their own software supply chain, which encompasses MCP servers, skills, configuration files, extensions, and models, all of which expand the attack surface and inherit developer access to sensitive data, cloud credentials, source code repositories, and productivity tools, along with permissions to read, write, and execute destructive commands. Fable 5 incorporates safeguards to prevent cybersecurity misuse, like other coding models, It does not, however, offer sufficient visibility into the supply chain risks it inherently carries. Organizations need to ensure coding agents follow least agency principles and operate in sandboxed environments properly guard-railed by ADS tooling.
Prepare For Frontier Level Capabilities In Regular SaaS Vendors
With Fable 5 now generally available, any vendor in your ecosystem can turn on a Mythos‑class model overnight, even before your organization ever “adopts” it. Ostensibly, ordinary vendors are running frontier level capabilities that you never assessed, governed by AI safety practices you never vetted, and adding another layer of complexity to third-party risk management (TPRM). Vendors using Fable 5 should move into a different criticality tier, face AI‑specific risk assessments, and be covered by explicit AI, data, and safety obligations in your contracts, with particular emphasis on tightening legacy suppliers still operating on flimsy pre‑AI era paper.
Get Ahead Of Security Tech Contract Renewals
Given how quickly security tools and platforms are becoming orchestration and data-wrapper layers around Mythos‑class models, use this next renewal cycle to reset how you buy, evaluate, and govern “AI‑powered” security tech. Start by inventorying which vendors already AI in their tools and flag those for accelerated, deeper review. As part of the renewal process. demand a concrete 12–24‑month roadmap from each strategic vendor for Mythos‑class model adoption, new use cases, pricing impact, and product security.
For new procurements, require precise disclosure of foundation models, data flows, guardrails, and how they plan to balance capability against cost on your behalf. Harden contracts and DPAs around data handling, logging, and retention when invoking third-party models, and guardrails for validating AI outputs before anything is allowed to drive automated actions.
Connect With Us
Forrester clients with questions related to this can connect with us through an inquiry or guidance session.
Enjoyed this article? Sign up for our newsletter to receive regular insights and stay connected.