Anthropic Redeploys Claude Fable 5 on July 1 After US Export Controls Lift, Adds New Cybersecurity Classifier

Anthropic Redeploys Claude Fable 5 on July 1 After US Export Controls Lift, Adds New Cybersecurity Classifier


Anthropic is redeploying Claude Fable 5, its most capable generally available model. On June 30, it announced that US export controls had lifted. The controls had covered Claude Fable 5 and Claude Mythos 5. Fable 5 returned to users globally on Wednesday, July 1. Mythos 5 access is restored to a set of US organizations.

The models were pulled on June 12. A US government directive restricted them to non-foreign-nationals. Anthropic could not verify nationality in real time. So it suspended both models for everyone.

This article explains what triggered the block. It covers the new safeguard and the proposed jailbreak framework. It also shows how Fable 5 compares to rivals like GLM-5.2.

Quick facts

  • Model: Claude Fable 5 (a Mythos-class model made safe for general use)
  • Event: Redeployed July 1, 2026 after export controls lifted
  • Reason for pause: An Amazon report on a safeguard bypass
  • Fix: A new safety classifier that blocks the reported technique
  • Pricing: $10 per million input tokens, $50 per million output tokens
  • Where: Claude Platform, Claude.ai, Claude Code, Claude Cowork

What happened: the timeline

Anthropic launched Fable 5 and Mythos 5 on June 9. Both share the same underlying model. Fable 5 ships with strong safeguards for general use. Mythos 5 has some safeguards lifted for defensive cybersecurity partners.

On June 12, the US government applied export controls. The order took effect immediately. Anthropic suspended access rather than risk non-compliance.

The trigger was a report from Amazon researchers. They found a method of bypassing Fable 5’s safeguards. The prompt made the model identify a number of software vulnerabilities. In one case, it produced code showing how to exploit one vulnerability.

By June 26, the government approved restoring Mythos 5 for some US organizations. On June 30, the controls were fully lifted.

Why Anthropic says the finding was not unique

Anthropic tested whether the finding was unique to Fable 5. It was not.

Less capable models identified the same vulnerabilities. That list includes Claude Opus 4.8, GPT-5.5, and Kimi K2.7.

For the single exploit demonstration, every tested model reproduced it. That set included Haiku 4.5, Sonnet 4.6, Opus 4.6, and Opus 4.7. It also covered Opus 4.8, GPT-5.4, GPT-5.5, and Kimi K2.7.

The Anthropic team states the technique exposed no unique Mythos-level cyber capabilities. It called the case a borderline one for Fable 5’s safeguards. The blocked behavior involved only routine defensive cybersecurity work.

How the new classifier works

Anthropic still moved to close the gap. It trained an improved safety classifier for the reported behavior.

The classifier blocks the specific technique in over 99% of cases. Blocked requests are not refused outright. They are routed to Claude Opus 4.8 instead. Users are notified when this fallback happens.

Researchers from the Department of Commerce’s CAISI tested both old and new safeguards. They agree the safeguards are extraordinarily strong. The tradeoff is more false positives during routine coding and debugging.

This reflects Anthropic’s ‘defense in depth’ design. Classifiers are smaller AI systems that detect harmful cyber tasks. A deliberate ‘safety margin’ also blocks some benign requests. Fable 5 uses a much larger safety margin than prior models.

The proposed jailbreak severity framework

The episode exposed a gap. The industry has no shared standard for scoring a ‘jailbreak,’ a technique that bypasses a model’s safeguards.

Anthropic is drafting one with Amazon, Microsoft, Google, and other Glasswing partners. The draft scores a jailbreak on four criteria:

  1. Capability gain — how far beyond existing tools it takes the user.
  2. Breadth of capability gain — how many distinct offensive tasks it unlocks.
  3. Ease of weaponization — how much human effort an attack still needs.
  4. Discoverability — how easily someone can obtain the technique.

For the most severe class, Anthropic will deploy preliminary mitigations immediately. It is also standing up 24/7 monitoring of jailbreak submission channels.

Interactive scorer

Try this embedded interactive scorer to see how these four criteria combine.


Use cases with examples

Fable 5 targets long-horizon, agentic work. Here is where early engineers can apply it.

  • Codebase migrations: Stripe reported a codebase-wide migration in one day. The job spanned a 50-million-line Ruby codebase. Doing it by hand would take a team over two months.
  • Financial analysis: On Hebbia‘s Finance Benchmark, Fable 5 posts the highest score. It gains on chart, table, and document reasoning.
  • Vision-to-code: Fable 5 can rebuild a web app’s source code from screenshots alone.
  • Long-running agents: File-based memory helps it stay focused across millions of tokens.

How Fable 5 compares

The pause created an opening for rivals. Days after the suspension, Zhipu AI released GLM-5.2 as open weights. Independent testers rank it the strongest openly available model.

ModelDeveloperAccessContextPrice (in/out per 1M)Reported benchmarkCyber safeguards
Claude Fable 5AnthropicGeneral (Platform, .ai, Code, Cowork)Long-context$10 / $50Led AA-Briefcase at 1587 EloStrongest applied; falls back to Opus 4.8
Claude Mythos 5AnthropicGlasswing / trusted US orgsLong-context$10 / $50Same base model as Fable 5Cyber safeguards lifted
Claude Opus 4.8AnthropicGeneralLong-context~$5 / $25SWE-bench Pro 69.2; Terminal-Bench 85.0Standard
GLM-5.2Zhipu AI (Z.ai)Open weights (MIT)1M tokens~$1.40 / $4.40SWE-bench Pro 62.1; Terminal-Bench 81.0None (open weight)
GPT-5.5OpenAIGeneralLong-context~$5 / $30SWE-bench Pro 58.6Standard
Benchmark and price figures are self-reported or from independent testers. Sources: felloai, Latent Space, TrendingTopics.

GLM-5.2 uses a Mixture-of-Experts design. It has roughly 750 billion total parameters. Only about 40 billion activate per token. On Semgrep‘s IDOR benchmark, it scored 39% F1. That beat Claude Code at 32% on the same prompt.

The gap narrows on cost. On AA-Briefcase, Fable 5 averaged $31 per task. GLM-5.2 averaged $2.40.

Access and a quick API example

For Pro, Max, Team, and select Enterprise plans, Fable 5 is included through July 7. It covers up to 50% of weekly usage limits. After that, access moves to usage credits. Anthropic is also re-enabling Fable 5 on AWS, Google Cloud, and Microsoft Foundry.

Developers call the model with the claude-fable-5 string:

from anthropic import Anthropic

# Reads your key from the ANTHROPIC_API_KEY environment variable
client = Anthropic()

message = client.messages.create(
    model="claude-fable-5",
    max_tokens=1024,
    messages=[
        {"role": "user", "content": "Refactor this module for readability."}
    ],
)

print(message.content)

If a classifier fires, the response comes from Opus 4.8. Your code path stays the same.

Key takeaways

  • Fable 5 returns July 1 after export controls were lifted.
  • A new classifier blocks the reported bypass in over 99% of cases.
  • Blocked requests route to Opus 4.8, not an outright refusal.
  • Anthropic proposes a four-criteria framework for scoring jailbreaks.
  • GLM-5.2 emerged as a cheaper open-weight rival during the pause.

Check out the Technical details. Also, feel free to follow us on Twitter and don’t forget to join our 150k+ML SubReddit and Subscribe to our Newsletter. Wait! are you on telegram? now you can join us on telegram as well.

Need to partner with us for promoting your GitHub Repo OR Hugging Face Page OR Product Release OR Webinar etc.? Connect with us


Michal Sutter is a data science professional with a Master of Science in Data Science from the University of Padova. With a solid foundation in statistical analysis, machine learning, and data engineering, Michal excels at transforming complex datasets into actionable insights.



Source link