Claude Fable 5 Goes Public: Why Engineers Cheered, Then Revolted

On June 9, 2026, Anthropic released "Claude Fable 5," which it calls the most powerful model it has ever made generally available (Anthropic's announcement). It is the public-facing, safety-wrapped version of "Mythos"—the top-tier model that Anthropic itself sealed off in April as "too dangerous to release," and that has sat at the center of a month-long fight stretching from the White House to Japan's National Diet. On software-engineering evaluations it left rival flagship models far behind.

Right after launch, AI researcher Andrej Karpathy called it "a major-version-bump-deserving step change, not just on benchmarks but qualitatively," and many engineers were genuinely thrilled by the capabilities. Yet sharp criticism poured out of the same crowd. The anger was not about performance. It was aimed at a new term in the deal: silently degrading the model's performance without telling the user.

This piece skips the spec sheet and the price table. Instead it follows the human side—why engineers cheered, and then why they revolted—to make sense of what actually happened at this launch.

It sealed off a "too dangerous" model, then handed it to everyone days later

The biggest reason this launch stirred unease was the timing and the inconsistency. In April, Anthropic sealed Mythos off itself, saying its hacking ability "surpasses all but the most skilled humans"—it can find unknown weaknesses (zero-day vulnerabilities) on its own and exploit them within minutes to hours—and was therefore "too dangerous to release publicly" (Just Security). This is the same company that has repeatedly warned about "recursive self-improvement"—AI that keeps improving itself—and argued the industry should apply "coordinated brakes."

That "too dangerous" model has been the subject of a national-level tug-of-war for over a month. The White House opposed expanding access on national-security grounds (Axios), and the U.S. House Committee on Homeland Security held a closed-door briefing (The Hill). In Japan, Mythos was put on the agenda at an April 20 meeting of the Liberal Democratic Party's cybersecurity strategy headquarters, where former Digital Minister Masaaki Taira warned it "can find vulnerabilities humans cannot, and could be turned into attacks," voicing concern for critical infrastructure such as finance—escalating to an emergency proposal to the government. The Japanese government and major financial institutions have since obtained Mythos access for cyber defense.

In other words, a model described as "on par with nuclear weapons" was being fought over by governments deciding who gets to use it. In the middle of that, Anthropic bolted safeguards onto the same model and, on June 9, put it out in a form anyone can touch. TechCrunch framed it as "a release right after warning that AI is too dangerous." It looks like pressing the accelerator while saying "brakes." That was engineers' first sticking point.

We have covered Anthropic's safety branding before—its pledge that it would never put ads in Claude, and how safety positioning soured its relationship with the U.S. government. Because the "safety-first Anthropic" image was so established, this gap stood out all the more.

The "too dangerous" model came to everyone after a month of fighting

To understand what Fable 5 really is, you have to track the past month. Mythos is Anthropic's top model, sitting above even the Opus class. After its existence surfaced in late March (we covered that in "Anthropic's secret AI model 'Mythos' leaks"), April's "too dangerous to release" declaration and "Project Glasswing"—a limited program sharing it with only about 50 partner organizations—pushed Mythos to the center of global attention. Its raw capability became a national-security matter for governments, an unusual thing for a model. Anthropic also has a knack for "leaks," as the case where 510,000 lines of Claude Code source leaked shows.

The newly released Fable 5 is the public face of that same underlying Mythos model, with safeguards layered on top. At the same time, Mythos 5—the original form with some safeguards lifted—was prepared as well, but it goes only to the small set of cyber defenders and infrastructure providers whose Project Glasswing slots governments had been fighting over. According to Anthropic, Mythos 5 has the strongest cybersecurity capabilities of any model in the world.

In short, the capability of a model that governments and parliaments had debated as "too dangerous to release to the public" has finally come down to where anyone can touch it—harnessed by safeguards, but still. That is the heart of this launch. Pricing dropped to $10 per million input tokens and $50 per million output tokens, less than half the preview price (CNBC). On price alone, good news. The question was what had been baked into the back side of that discount.

What did engineers cheer for?

First, the evaluations were real. On Anthropic's software-engineering test "SWE-Bench Pro," Fable 5 posted a top score of 80.3%. Considering Anthropic's own Opus 4.8 scored 69.2% and OpenAI's latest general model GPT-5.5 scored 58.6%, that is a double-digit gap (VentureBeat, Vellum's benchmark breakdown).

But what working engineers really reacted to was less the number itself and more the feel of "how far it carries a long, complex job on its own." At payments company Stripe, it reportedly handled a migration on a 50-million-line Ruby codebase—work that would normally take two months—in a single day. It rebuilt a web app's entire source from screenshots alone, and cleared a Pokémon game from start to finish using only the game screen, with no maps or guides. The standout was keeping focus through long-haul tasks.

On launch day, Karpathy wrote: "You can hand it hard problems that take weeks or months. Give it more ambitious work than you're used to, and the model 'gets it' and just goes." We have tracked how AI coding has changed everyday development in a separate article; this time the question was whether you can hand it one level deeper.

If it ended there, this would just be a "great new model" story. For the first few hours, it really was a celebration. The mood shifted once users started reading the terms and the actual behavior closely.

The real spark was a term that "quietly lowers performance"

What the engineering community pushed back on hardest was one mechanism Anthropic introduced. For requests related to frontier AI model development itself, it quietly lowers the model's capability without notifying the user (analysis by latent.space).

In practice, it gently rewrites the prompt, internally steers the output, or applies fine-tuning to silently degrade answer quality. Only a tiny share is affected (an estimated 0.03% of traffic), but the issue is not the percentage. It is that the user cannot tell whether the answer they just received is the model's true ability, or one that was deliberately weakened. In a paid service, performance may be quietly thinned out. For engineers, that means reproducibility collapses at the root.

The criticism went one step further. Quietly degrading only AI-development requests can become a device that trips up competitors who come later. Phrases like "labs are starting to pull up the ladders behind them" flew around, and some even argued it raises antitrust concerns. On top of that, a term requiring 30-day retention of all traffic across Mythos-class models added a privacy worry: a structure that records behavior in fine detail.

"Overprotection" misfired

The build of the safeguards themselves also drew complaints. Fable 5 hands off requests it deems dangerous to an older model (Claude Opus 4.8) to answer instead. Anthropic says it "tuned conservatively toward safety" and that this triggers in under 5% of sessions—but that "conservative" tuning mistakenly bit into everyday questions.

The reported examples are the kind that make you wince and laugh. The word "cancer" falsely raises a bioweapon flag. "What does the heart do?"—a question a child might ask—gets refused. More troubling, the same question reportedly passes in incognito mode but is refused while logged in as usual, raising suspicions that it changes behavior per user based on account history. Legitimate technical questions about low-level GPU code and AI accelerator design were blocked too, and developer frustration piled up.

Even Karpathy, who praised the performance, took issue with the safeguards as "a little too trigger happy" (quoted by Simon Willison). The capability is real, but the surrounding build is rough. That gap cooled the party fast.

The industry split, and counter-moves began

Prominent developers used strong words. Jeremy Howard, founder of the education platform fast.ai, wrote "a very dark and very sad day," calling it a moral regression. Clément Delangue, CEO of model-sharing service Hugging Face, voiced concern about capability and economic power concentrating in one company and shutting out open development. Researcher Mark Saroufim argued it is unfair for frontier companies to benefit from open research while restricting it, and floated a counter license of his own.

There were defenders too: "a company has no obligation to supply frontier capability without limits," and "if you truly prioritize safety, accept some inconvenience." Here is the lineup of positions.

The uproar also triggered concrete counter-moves. AI company Cohere rushed out an open-source code-generation model, and Hugging Face stepped up its push for "sovereign AI" and open models that organizations can hold themselves. Interest in local AI you run on your own machine rose again. The more one company fences off capability, the more the open side gains momentum in reaction.

So what does this mean?

This Fable 5 launch was two things happening at once. One: AI capability visibly jumped another notch. The other: the single company holding that capability began to tightly control who gets it, how far, and under what conditions. A leap in performance and a tightening of the provider's grip happened on the same day, in the same product.

Pricing fell to less than half. But what engineers found was a cost not printed on the tag: the opacity of not being able to verify whether an answer is the model's true ability, the inconvenience of ordinary questions getting rejected, and the question of how far "for safety" can be trusted. What you can and cannot use within a subscription was already shaky in an earlier article; this time it advanced to a deeper question—whether you can trust the performance itself.

A model that took the world lead on capability drew about as much criticism on trust. That discomfort may be the biggest news Fable 5 left behind. Whether Anthropic's next move restores transparency or pushes the fencing further—that is what's worth watching.

Sources

• ・Claude Fable 5 and Claude Mythos 5 (Anthropic)
• ・Anthropic releases Mythos-like AI model to the public, Claude Fable 5 (CNBC)
• ・Anthropic released Claude Fable 5 days after warning AI is getting too dangerous (TechCrunch)
• ・Anthropic brings Mythos to the masses with Claude Fable 5 (VentureBeat)
• ・Anthropic Claude Fable 5 — Mythos but Safe, with Controversial Terms (latent.space)
• ・A quote from Andrej Karpathy (Simon Willison)
• ・Claude Fable 5 & Claude Mythos 5 Full Benchmark Breakdown (Vellum)
• ・Anthropic just launched Claude Fable 5 (IT Pro)
• ・Too Dangerous to Deploy: Anthropic's Mythos and What Comes Next (Just Security)
• ・Trump officials negotiating access to Anthropic's Mythos despite blacklist (Axios)
• ・Anthropic to brief House Homeland Security panel about Mythos (The Hill)