Claude Fable 5 vs Mythos 5: Same Model, Different Safeguards (2026) Skip to content

Learning

Claude Fable 5 vs Claude Mythos 5: the same brain, two sets of guardrails

Published: 10 min read POLPROG AI Tools

Here is the twist that confuses everyone: Claude Fable 5 and Claude Mythos 5 are the same underlying model, with the same specs and the same price. The only difference is a layer of safety classifiers - present on Fable 5, lifted on Mythos 5 - and who is allowed to use each. For almost everyone the answer is simply Fable 5. This article explains why the pair exists, exactly what the safeguards do, and how to build against them, for both curious readers and engineers.

When Anthropic launched the Mythos class on June 9, 2026, it shipped two names for one model. Claude Fable 5 (claude-fable-5) and Claude Mythos 5 (claude-mythos-5) share identical capabilities, a 1M-token context window, 128k output tokens and the same $10/$50 pricing. What separates them is not intelligence - it is a safety-classifier layer and an access policy. Understanding that distinction explains a lot about how frontier AI is governed in 2026.

Quick verdict

You will use Claude Fable 5. It is the generally available Mythos-class model, with safety classifiers enabled, on the Claude API, AWS Bedrock, Google Cloud, Microsoft Foundry, Claude.ai, Claude Code and Claude Cowork. Claude Mythos 5 is the same model with classifiers removed, offered only to approved organizations through Project Glasswing - chiefly defensive cybersecurity teams and, via a trusted-access program, biomedical researchers. There is no self-serve sign-up for Mythos 5.

What is identical

  • The underlying model, its weights and its raw capabilities.
  • 1M-token context window, up to 128k output tokens per request.
  • Pricing: $10 per million input tokens, $50 per million output tokens.
  • Adaptive thinking (always on, effort-controlled), the memory tool, code execution, programmatic tool calling, context editing, compaction and vision.
  • 30-day data retention; both are Covered Models with no zero-data-retention option.

What differs

  • Safety classifiers: Fable 5 includes classifiers that can decline certain requests; Mythos 5 does not include them.
  • Access: Fable 5 is generally available; Mythos 5 is invitation-only via Project Glasswing.
  • Audience: Mythos 5 targets a small group - cyberdefenders and infrastructure providers, plus biomedical researchers under a trusted program with biology safeguards removed.
  • API behavior: Fable 5 can return stop_reason "refusal"; Mythos 5, without classifiers, does not.

At a glance

FeatureClaude Fable 5Claude Mythos 5
Underlying modelIdentical Mythos-class model
API IDclaude-fable-5claude-mythos-5
Context / output1M tokens / 128k tokens
Pricing$10 input / $50 output per 1M tokens
Safety classifiersEnabled - can refuse requestsNot included
AvailabilityGenerally available (API, Bedrock, Google Cloud, Foundry, Claude apps)Limited - Project Glasswing only
Who can use itEveryoneApproved cyberdefenders, infrastructure providers, vetted biomedical researchers
Refusals in APIstop_reason "refusal" possibleNo classifier refusals
Data retention30 days, Covered Model, not used for training
Fable 5 safeguards in numbersSessions hitting a refusal · Claude Fable 5<5%Reported bypass blocked · HackerOne + classifier>99%Harmful cyber requests complied (tests) · single-turn0
June 2026: from launch to redeployment9.06Launch12.06Suspension(exportcontrols)1.07New classifierblocks >99%1.07Globalredeployment +HackerOne

Why split one model into two?

A Mythos-class model is more capable than anything Anthropic had released before - which means its potential for misuse in areas like cybersecurity and biology is also higher. Anthropic's solution was to decouple capability from exposure. Fable 5 delivers the full capability to the public behind a classifier layer that intercepts a narrow set of dangerous request types and routes them to a safer response. Mythos 5 removes that layer for a vetted few whose legitimate work - defending networks, researching pathogens - genuinely requires the model to engage with exactly those sensitive topics. Same intelligence; the guardrails move with the trust level of the user.

What the safeguards actually do

On Fable 5, when a request touches certain sensitive areas - cybersecurity, biology and chemistry, or model distillation - the safety classifiers can decline it. Rather than a hard error, the system is designed so those queries instead receive a response from the next-most-capable model, Claude Opus 4.8. Anthropic tuned the classifiers conservatively: they trigger, on average, in under 5% of sessions, and will sometimes catch harmless requests as the price of catching harmful ones. In red-team testing, Fable 5 complied with zero harmful single-turn requests relating to cyberattacks. Mythos 5, by contrast, has these classifiers lifted, so an approved cyberdefender can ask it to analyze real exploit behavior without being deflected.

The June 2026 episode - why this matters in practice

The two-tier design was tested almost immediately. On June 12, three days after launch, US export controls forced Anthropic to suspend both models after Amazon researchers found a method that bypassed Fable 5's safeguards - in one case producing code demonstrating how a software vulnerability could be exploited. Crucially, Anthropic's follow-up testing found the behavior was not unique to Fable 5: every model tested, including Claude Haiku 4.5, Sonnet 4.6, Opus 4.6, 4.7 and 4.8, plus GPT-5.4, GPT-5.5 and Kimi K2.7, could produce the same demonstration. On redeployment around July 1, Anthropic added a new safety classifier targeting the reported bypass - blocking it in over 99% of cases - and launched a HackerOne program paying researchers for new jailbreaks. The lesson for builders: safeguards are a moving, improvable system, and the classifier layer on Fable 5 is exactly what let Anthropic respond at the model boundary rather than pulling the capability entirely.

For most readers: you want Fable 5

If you are reading this to decide which to use, the decision is made for you: Mythos 5 is not something you can request off the street, and for general work you would not want the safeguards removed anyway. Fable 5 gives you the full Mythos-class capability - the same brain - for chat, writing, analysis, coding and agents. The under-5% chance that a sensitive query gets a slightly more cautious Opus 4.8 answer is invisible in normal use. Think of the classifiers less as a limiter and more as the reason this level of capability is available to the public at all.

For developers: building against Fable 5's classifiers

Because Fable 5 can refuse and Mythos 5 cannot, integration guidance is really about Fable 5. Three things to wire in:

  • Detect refusals: a declined request returns stop_reason "refusal" as a successful HTTP 200 (not an error), and reports which classifier fired. Branch on it explicitly.
  • Plan fallback: most refused requests can be served by another Claude model. Use the beta server-side fallbacks parameter, SDK middleware for client-side retries (TypeScript, Python, Go, Java, C#), or a manual retry. Fallback credit refunds the prompt-cache cost of switching.
  • Trust the billing: you are not charged for a request refused before any output is generated, so defensive retries do not inflate costs.

If your organization is in Project Glasswing and calls Mythos 5, you can skip refusal handling entirely - but you also take on the responsibility that the classifier layer would otherwise carry, which is precisely why access is vetted.

Common mistakes

  • Thinking Mythos 5 is smarter: it is the identical model - only the safeguards and access differ, not capability.
  • Trying to buy Mythos 5: there is no self-serve path; access is invitation-only through Project Glasswing via your Anthropic, AWS or Google Cloud account team.
  • Skipping refusal handling on Fable 5: under 5% of sessions is still real traffic - unhandled refusals become silent failures.
  • Assuming refusals cost money: they do not, and fallback credit further protects you on retries.
  • Reading the safeguards as censorship: they target a narrow set of dangerous topics and are the mechanism that makes public access to a Mythos-class model possible.

Final recommendation

For essentially every reader and team, Claude Fable 5 is the model - full Mythos-class capability, generally available, with a safety layer that is nearly invisible in normal work and genuinely useful when it fires. Claude Mythos 5 is a deliberately narrow release for vetted defenders and researchers who need the guardrails lifted for legitimate reasons. If you build on Fable 5, handle refusals and fallback and you get all of the capability with none of the operational surprise. As always, confirm the current details in Anthropic's official documentation before you ship.

Sources

Fable 5 and Mythos 5 are one Mythos-class model wearing two policies: identical capability and price, separated only by a safety-classifier layer and who is trusted to run without it. For everyone outside Project Glasswing the choice is simply Fable 5 - full capability, near-invisible safeguards, and a clean refusal-and-fallback path for developers. Verify the specifics in Anthropic's docs, since the safeguard layer keeps evolving.

AI Claude Fable 5 Claude Mythos Comparison

Frequently asked questions

What is the difference between Claude Fable 5 and Claude Mythos 5?

They are the same underlying Mythos-class model with the same specs and $10/$50 pricing. Fable 5 includes safety classifiers that can decline sensitive requests and is generally available; Mythos 5 has those classifiers removed and is offered only to approved organizations through Project Glasswing. Capability is identical - only safeguards and access differ.

Can I get access to Claude Mythos 5?

Only through Project Glasswing, and only if approved - there is no self-serve sign-up. It targets defensive cybersecurity teams, infrastructure providers and vetted biomedical researchers. To request access you contact your Anthropic, AWS or Google Cloud account team. Everyone else uses Claude Fable 5, which offers the same capabilities.

Is Mythos 5 more powerful than Fable 5?

No. It is literally the same model with the same weights and capabilities. Mythos 5 simply has the safety-classifier layer lifted so approved users can work on sensitive cybersecurity and biology topics without deflection. For general tasks the two would produce the same quality of output.

What do Fable 5's safety classifiers actually block?

They target a narrow set of high-risk areas - cybersecurity, biology and chemistry, and model distillation. When triggered (under 5% of sessions on average), the request is routed to a response from Claude Opus 4.8 instead. They are tuned conservatively, so they occasionally catch harmless requests, and in testing Fable 5 complied with zero harmful single-turn cyberattack requests.

Do Fable 5's safeguards make it worse for normal work?

Not noticeably. The classifiers fire in under 5% of sessions and only around specific sensitive topics; ordinary chat, writing, analysis and coding are unaffected. When a refusal does happen, the API returns it cleanly (stop_reason "refusal"), the request is free, and you can fall back to another Claude model automatically. The safeguards are what make public access to a Mythos-class model possible.

Why did Anthropic pause and then redeploy Fable 5?

Three days after launch, US export controls plus a discovered safeguard bypass (found by Amazon researchers) led Anthropic to suspend both models. Testing showed every frontier model checked could produce the same demonstration, not just Fable 5. It redeployed around July 1, 2026 with a new classifier blocking the bypass in over 99% of cases and a HackerOne bounty program for future jailbreaks.

Was this helpful?

Get new articles by email

One short email per new Learning article. No spam, unsubscribe in one click.

We only use your email to send new articles. No third-party sharing.

Back to Learning