What Claude Mythos 5 is
Claude Mythos 5 is Anthropic's highest-capability frontier model as of mid-2026, and the first major commercial AI to ship under a formal, government-coordinated access restriction. It was released alongside Claude Fable 5 — a safety-guardrailed variant built on the same underlying model — in a two-tier deployment architecture that Anthropic describes as a significant escalation in both frontier capability and the operational complexity of safety-tiered model deployment.
Mythos 5 is available exclusively to approved U.S. organizations through Project Glasswing, Anthropic's vetted-access program for cybersecurity and critical infrastructure work. Fable 5 is the general-availability release, carrying novel safety classifiers that block or degrade responses on cybersecurity, biology, chemistry, and AI-development topics.
Capability profile
Both models set new state-of-the-art results across software engineering, agentic coding, knowledge work, and scientific reasoning benchmarks at launch. Mythos 5 was specifically described as capable of cracking previously secure software — a capability level that directly triggered regulatory attention. Prior to the full launch, a preview of Mythos-class models was made available to a limited set of cybersecurity organizations, and the model's ability to solve a novel cybersecurity challenge prompted meetings with the Financial Stability Board.
Pricing for both tiers was set at $10/$50 per million input/output tokens — roughly half the cost of the prior Claude Mythos Preview — with Claude Sonnet 5 subsequently launching at $2/$10 as a mid-tier agentic option.
The safety-tiering architecture
The Mythos/Fable split represents a new deployment pattern: one underlying model, two access regimes. Fable 5's classifiers operate at inference time, blocking or degrading outputs on sensitive topics. At launch, Fable 5 also applied undisclosed capability degradation for AI-development prompts via prompt modification or steering vectors — a decision that sparked significant researcher backlash before Anthropic reversed the policy.
This architecture creates a structural tension for independent evaluation. Multiple organizations — including Artificial Analysis, Vals AI, and ARC Prize Foundation — found they could not reliably benchmark Fable 5 because classifiers silently rerouted flagged prompts to the weaker Claude Opus 4.8 or refused them outright. The result: GPQA Diamond scores ranged from 93.18% (2nd place) to 55.56% (94th place) depending on how refusals were handled. Each evaluator adopted a different scoring strategy — blended, pure, or abstaining entirely — producing widely divergent rankings.
The export control episode
Three days after launch, an Amazon research report disclosed a jailbreak allowing Fable 5 to identify software vulnerabilities and produce exploit code. The U.S. government issued export controls on June 12, 2026, forcing Anthropic to suspend global access to both models. Anthropic's own testing confirmed that comparable models — including Claude Opus 4.8, GPT-5.5, and Kimi K2.7 — could produce the same outputs, a finding that complicated the regulatory framing.
Access was partially restored on June 29 for 100+ trusted U.S. institutions, and global access to Fable 5 was fully restored on July 1 after Anthropic deployed an improved safety classifier blocking the reported technique in over 99% of cases. Mythos 5 access remains restricted to approved U.S. organizations. Anthropic is co-developing a shared industry jailbreak severity framework with Amazon, Microsoft, Google, and other Glasswing partners.
The episode drew sharp commentary from Andrew Ng, who argued it demonstrated how private companies and governments can suddenly restrict AI access, accelerating global interest in AI sovereignty and open-source alternatives. Over 100 cybersecurity professionals signed an open letter urging the U.S. government to reverse the export controls.
Competitive context
GPT-5.6 Sol (OpenAI) launched under a comparable government-only access restriction shortly after Mythos 5, approaching Mythos 5 on ExploitBench and claiming state-of-the-art on Terminal-Bench 2.1 at 91.9%. The parallel gating of both models signals that safety-tiered, government-coordinated releases are becoming a structural feature of the frontier model landscape rather than a one-off event.
Prior to the Mythos 5 launch, a small group of unauthorized users had gained access to an earlier restricted Claude Mythos cybersecurity model via Discord coordination and insider knowledge — a breach that raised questions about securing high-risk AI systems and foreshadowed the regulatory scrutiny that followed the full release.
Where it's heading
The Mythos/Fable architecture — and the regulatory turbulence surrounding it — establishes several durable patterns: safety classifiers as a first-class deployment component, government-gated access as a condition of frontier release, and the evaluation community's inability to independently measure models subject to inference-time routing. Anthropic's ongoing work on a shared jailbreak severity framework with major cloud partners suggests the industry is moving toward standardized criteria for what triggers access restrictions, rather than ad hoc government intervention.




