The Same Model, Two Doors
Until now, the public debate about frontier AI assumed one model, one door: a lab builds its most capable system, and either releases it or doesn't. Anthropic's June 2026 launch broke that assumption. It released one frontier model through two doors at once — a safeguarded public version, Claude Fable 5, and an unrestricted version, Claude Mythos 5, available only to vetted partners and government.
This is why it matters to everyone, not just AI specialists. It is the first large-scale, documented example of tiered access to frontier AI capability: a deliberate decision about who receives the full power of the most capable model, and who receives a version with the most dangerous capabilities routed away. The structure raises a question that will recur with every future frontier release — who decides, and on what basis, who gets the real thing.
A note on method — and why this page can be trusted
Tiered access invites speculation. This brief avoids it. Every factual claim below is tagged by its source: Anthropic's own statements, third-party reporting, or genuinely open questions. Where motive or intent is not documented, it is marked as unknown rather than guessed. The credibility of this page is its entire value — so it does not assert what it cannot source.
A Tier Above Opus
Anthropic defines Mythos-class as a new capability tier sitting above its previous top line, Opus. Fable 5 and Mythos 5 are the same underlying Mythos-class capability, shipped two ways.
"Mythos-class models are a tier of Claude models that sit above our Opus class in capability." Source: Anthropic announcement
The first Mythos model, Claude Mythos Preview, launched in April 2026 through Project Glasswing. The same Mythos-class capability now ships as the safeguarded public Fable 5 and the unrestricted Mythos 5. Source: Anthropic announcement
Fable 5 is described as state-of-the-art on nearly all tested benchmarks, with strong performance in software engineering, knowledge work, and vision. Source: Anthropic announcement
The public terms
The Capability Claims — Self-Reported
Every claim in this section is Anthropic's own. They describe internal testing and have not been independently peer-reviewed as part of the release. They are presented here as what Anthropic reports — not as established external fact.
Cybersecurity. Mythos 5 has "the strongest cybersecurity capabilities of any model in the world." Mythos Preview, Anthropic says, can "surpass all but the most skilled humans at finding and exploiting software vulnerabilities." Source: Anthropic announcement · Project Glasswing
Drug design. Anthropic's internal protein experts "accelerated aspects of the drug design process by around ten times"; nine of 14 protein targets yielded drug-design candidates under investigation. Source: Anthropic announcement
Genomics. Mythos 5 "conducted novel genomics research" autonomously over roughly a week, assembling single-cell data across 138 species and training a custom ML model that "outperformed a recent model published in the journal Science — despite being 100 times smaller." The comparison to the published result is Anthropic's own. Source: Anthropic announcement
Scientific hypotheses. In blind comparisons, Anthropic scientists "preferred Mythos's molecular biology hypotheses ~80% of the time, and have advanced several to experimental evaluation"; one hypothesis about an E. coli protein "was independently corroborated." Source: Anthropic announcement
At scale. Across Project Glasswing, Mythos Preview has found thousands of high-severity vulnerabilities — "including some in every major operating system and web browser"; partners revealed more than 10,000 high or critical flaws. Source: Anthropic — Expanding Glasswing (also reported by TechCrunch, Cybersecurity Dive)
"The strongest cybersecurity capabilities of any model in the world."
Anthropic, on Mythos 5 — June 9, 2026The Fuse: Fall Back to Opus
Fable 5 does not refuse dangerous topics outright. Instead, a layer of classifiers detects them and routes the request to a less-capable model — so the public never gets Mythos-class answers on the three flagged domains.
What it blocks. Fable 5's safeguards target three areas: cybersecurity, biology/chemistry, and distillation. Source: Anthropic announcement
The mechanism. "Safety classifiers" — separate AI systems that detect potential misuse, including jailbreak attempts — flag a request, and "the response is automatically handled by Claude Opus 4.8 instead." Source: Anthropic announcement
How often. "More than 95% of Fable sessions involve no fallback at all" — i.e., the safeguard affects under roughly 5% of sessions. The safeguards are "deliberately tuned to be cautious," and "sometimes benign requests will trigger our classifiers." Source: Anthropic announcement · benign-trigger quote via CyberScoop
What the fallback can still do. The fallback model, Opus 4.8, can reproduce nearly 80% of previously discovered vulnerabilities without safeguards — reduced to about 1% with them. These figures are attributed to Anthropic and reported by CyberScoop. Source: CyberScoop
Data handling. A mandatory 30-day data retention policy applies to Fable and Mythos traffic "for safety monitoring." Source: Anthropic — Claude Fable
Why Public Fable, Restricted Mythos
Anthropic gives a safety rationale for releasing the safeguarded model widely while keeping the unrestricted one inside a vetted program. The reasoning quoted here is Anthropic's stated safety reasoning. Whether commercial motives also shape the boundary is not stated by Anthropic — and is marked accordingly.
"The model's capabilities in specific areas like cybersecurity, biology, and chemistry are advanced enough that they could be misused to create wide-reaching cyberattacks or build dangerous bioweapons." Source: Anthropic — Claude Fable
"We've therefore launched the model with safeguards that mean queries on some topics will instead receive a response from our next-most-capable model, Claude Opus 4.8" — enabling a safe public release. Source: Anthropic announcement
"Mythos 5 will initially be deployed through Project Glasswing, in collaboration with the US government." Access is restricted to vetted partners for cybersecurity and biology research, while Fable 5 is generally available. Source: Anthropic announcement · Claude Fable
Anthropic states a safety rationale only. One outlet framed the split as "the business model of tiered safety" — that is third-party framing, not Anthropic's stated reason. Whether commercial incentives also shape where the boundary falls is not documented, and is not asserted here either way. Anthropic states no commercial motive; framing via Negotium Infinitum (third-party)
Who actually holds the unrestricted tier
Project Glasswing expanded from about 50 to about 200 partner organizations (roughly 150 added), spanning more than 15 countries across power, water, healthcare, and telecommunications — and including government organizations. Source: Anthropic — Expanding Glasswing (also CNBC, TechCrunch, Cybersecurity Dive)
Named partners reported include Apple, Nvidia, Microsoft, CrowdStrike, and Palo Alto Networks, with access also reportedly extended to NATO and the EU cybersecurity agency ENISA. These specific names come via third-party reporting. Source: Cybernews
| Dimension | Claude Fable 5 (public) | Claude Mythos 5 (restricted) |
|---|---|---|
| Who can use it | Anyone — API, Bedrock, paid plans | Vetted — Glasswing partners + government |
| Cybersecurity / bio / chem | Routed to Opus 4.8 | Full Mythos-class capability |
| Distillation requests | Blocked / routed away | Available within program terms |
| Stated purpose | Safe broad availability | Defending critical infrastructure, research |
| Data retention | 30-day, for safety monitoring | 30-day, for safety monitoring |
What This Raises — Not Yet Answered
Tiered access to frontier AI is new enough that its consequences are genuinely undecided. These are framed as open questions, not verdicts. They are the questions a careful observer should hold — and watch — rather than answers anyone can give today.
Who counts as "trusted"? The criteria, governance, and appeal process for Project Glasswing membership are not fully public. On what basis is an organization granted the unrestricted tier — and who can contest it?
Does this concentrate capability? Does the split hand frontier power to governments and large incumbents while the public, smaller firms, and independent researchers receive only the safeguarded version — and with what equity and competitive consequences?
Defensive asymmetry. Do defenders of critical infrastructure receive the strong model fast and broadly enough relative to the risk that comparable capability is independently developed, or leaks, to adversaries?
How durable are the classifiers? CyberScoop notes Anthropic reported no known universal jailbreaks but did not specify whether partial ones were found — and that researchers have historically jailbroken older models. Long-term effectiveness is unproven. Context: CyberScoop
Friction on legitimate experts. Does the ">95% no fallback" figure hold for exactly the biology, chemistry, and cybersecurity researchers whose legitimate work is most likely to trip the classifiers?
Independent verification. The genomics, drug-design, and hypothesis claims are self-reported and not peer-reviewed as part of the announcement. How, and by whom, will they be validated?
Motive beyond safety. Anthropic states a safety reason. Whether commercial incentives also shape the two-tier structure is undocumented — and should not be asserted in either direction.
NEURON Research — Honest Close
June 2026What is documented: Anthropic released one frontier model two ways — a safeguarded public Fable 5 and a restricted Mythos 5 — and gave a safety rationale for the split. The capability claims behind it are Anthropic's own and not yet independently verified.
What is not yet decided: whether tiered access becomes a sound model for distributing dangerous capability to defenders while withholding it from misusers — or whether it concentrates frontier power behind a vetting process the public cannot see. Both outcomes remain possible. The honest position is to hold the question open and watch how the criteria, the verification, and the access list evolve.
The pattern set here will likely repeat. Every future frontier release now has a template for shipping capability through more than one door. Whether that makes the world safer or simply less equal is the open question this case study exists to mark — clearly, and without overclaiming.
Sources — primary (Anthropic) and third-party, every claim tagged above
- [1] Anthropic — Claude Fable 5 and Claude Mythos 5 (announcement) Primary
- [2] Anthropic — Claude Fable Primary
- [3] Anthropic — Project Glasswing Primary
- [4] Anthropic — Expanding Project Glasswing Primary
- [5] CyberScoop — Anthropic's new model is Mythos on a leash Analysis
- [6] CyberScoop — Glasswing expansion Reporting
- [7] CNBC — Anthropic releases Mythos-like model to the public Reporting
- [8] TechCrunch — Mythos scaled to critical infrastructure in 15+ countries Reporting
- [9] NBC News — Fable 5, the first public Mythos-class model Reporting
- [10] Cybersecurity Dive — Mythos shared with 150 more organizations Reporting
- [11] AWS — Claude Fable 5 on AWS (pricing, availability) Reporting
- [12] Cybernews — Mythos expands to 200 Glasswing partners Reporting