Anthropic’s Fable 5 and Mythos 5 is the most 2026 product launch you’ll read this year. The same model can find nation-state zero days, design novel drug candidates, and play FireRed on a Gameboy Advance with nothing but screenshots. And for the gaming fans out there, yes, we got Fable 5 before Fable 4.

These three examples also exhibit the characteristics that matter in these models: long time-horizon tasks, self-correcting operations, and autonomous reasoning. Anthropic released all three of these on Tuesday under two names: Claude Fable 5 for the public and Claude Mythos 5 for a vetted few. For Forrester clients, we’ve prepared an update on how to discuss this release with your board of directors and senior leaders here.

What’s Understood And Expected

Anthropic was always going to ship Mythos. In April, the company introduced Mythos Preview as a model too dangerous to release, gated to roughly 50 Project Glasswing partners. The partnership expanded in June to 150. Its “eventual” release arrived a few weeks later. A frontier lab on the brink of IPO sitting on its most capable model indefinitely was never going to happen. Fable 5 is that model with guardrails; Mythos 5 is that model with the guardrails selectively lifted in some use cases for defenders.

Fable 5 is state-of-the-art on nearly every capability benchmark, and both models list at less than half the price of Mythos Preview. These models are still expensive, just less expensive than the Mythos preview version. And the harsh truth remains: As token prices come down, token usage goes up, meaning the total amount spent increases even as the per-unit costs drop. Mythos requires approved access and a hefty wallet to afford it. The divide between haves and have-nots in cybersecurity just widened, ushering in an era of aggressive model cost optimization and hard trade-offs on capability versus cost.

What To Know About Two Big Changes

The Safeguards Are A Control You Depend On … But Don’t Operate

Fable 5 and Mythos 5 are one model with a safety switch. For cybersecurity, biology, and chemistry topics, Fable 5 can block the request and route the query to Opus 4.8 instead; users are informed that the fallback took place. Anthropic says the fallback triggers in under 5% of sessions, is tuned conservatively so it will sometimes catch harmless requests, and that testing surfaced no universal jailbreaks.

Mythos 5 is a gated release to select members of Project Glasswing, but it removes some of the safeguards that Fable 5 ships with. This aligns the model release with our first-in-market AEGIS Framework principle of least-agency tuning and guardrails at the model provider layer. Your enterprise does not administer this guardrail. The guardrails’ scope, sensitivity, and reliability are set by Anthropic, defining what acceptable risk looks like for global R&D and security operations teams, without any real public governance structure. Enterprise-specific runtime security and guardrails for applications and users working with these models are still necessary for anything your organization wants to detect or prevent.

The Data Retention Policy Change Is A Huge Adjustment For Enterprises

There’s another significant change coming with Fable 5 and Mythos 5. Anthropic now requires 30-day retention on all traffic (prompts and completions) across both its own surfaces and third-party platforms — a requirement that overrides existing zero-retention agreements. If your enterprise negotiated a zero-retention data processing agreement (DPA), using a Mythos-class model voids it for that traffic; there is no opt-out. Consumer subscriptions already included a retention period, so this doesn’t change for Pro and Max subscribers, which is why we continue to advise caution about the data that consumers put into these tools.

For third-party risk concerns, Anthropic says the data will not train new Claude models and will not be used for any nonsafety purpose; that it logs all human access to the retained data; and that it deletes the data after 30 days in almost all cases. Anthropic published a whitepaper in its trust center about the use cases and safeguards in place to protect enterprise data, highlighting when retained data is kept beyond the 30-day window. The stated purpose is defensive: catching novel attacks, multirequest abuse, and new jailbreaks, along with reducing false positives in the safeguard layer.

The 30-day window lines up with a White House executive order that set a voluntary framework for AI companies to share frontier models with the government ahead of public release. So “safety monitoring” and “potential government visibility” are now adjacent concepts.

Fable 5 And Mythos 5 Facts
Item Detail
Models Fable 5 (public, safeguarded) and Mythos 5 (restricted, safeguards lifted in some areas) — same underlying model
Access Fable 5: Claude API (claude-fable-5) and consumption Enterprise today; free on Pro, Max, Team, seat-based Enterprise through June 22, then usage credits. Mythos 5: Glasswing partners, US government, and approved bio researchers; broader trusted-access programs to follow
Price $10/$50 per million input/output tokens, under half of Mythos Preview, which is still the most expensive major model
Safeguards Cyber, biology, and chemistry queries can be blocked and routed to Opus 4.8; Anthropic says the fallback triggers in under 5% of sessions and that testing found no universal jailbreaks
Data retention Mandatory 30-day retention on all traffic and first- and third-party surfaces, overriding prior zero-retention agreements — not used for training; human access logged; deleted after 30 days in almost all cases

What To Do

Fable 5 is the most capable model the public can touch today, and the benchmarks are laudable. The changes to data retention, silent model downgrades, and premium pricing all have immediate impact on cybersecurity teams.

Accept that availability may need to suffer to preserve confidentiality.

It’s a trade-off that will be difficult for IT and development teams that consider uptime and five-nines as sacred, but it’s the reality of the world we now live in. Deploying untested patches or virtual patching to prevent a potential exploit is worth the trade-off in potential downtime — something that major banks are preparing for now. Giving customers partial bill credits for outages is far less expensive than a decade of litigation and fines from regulators resulting from a data breach.

This isn’t just a technology decision; it’s a behavioral and cultural shift that will make many in the organization uncomfortable. Frontier AI makes this a necessary evil. Patch fatigue will morph into triage fatigue as tired teams of defenders tap out from the never-ending onslaught of issues that must be tracked and remediated from these model releases. Take the following steps to counter this before it overburdens your teams and slows your decision-making:

  1. Start with proactive security platforms that allow agents to take action in noncritical environments and asset types.
  2. Assess your ability to automate what you can in the remediation lifecycle.
  3. Shift your vulnerability management processes to better handle the record-breaking number of CVEs that will continue to increase.
  4. Test projects to utilize and deploy virtual patching.

Realize that open-source maintainers still need help.

These disclosures require investigation, triage, and, when applicable, remediation due to expanded Mythos 5 access. To assist, qualifying open-source maintainers can sign up for free access to the Max 20x plan for six months, which offers higher usage limits, but this assumes that maintainers have the time and capacity to prioritize addressing the surge in reported vulnerabilities. Anthropic, like most AI model providers, was built on open-source software and continues to benefit from the open-source ecosystem. With another blockbuster revenue quarter projected, sustained funding to critical open-source projects would demonstrate a commitment to the community that Mythos is likely to disrupt.

Now is the time for ruthless prioritization of the open-source software you use: well-maintained, communicative, and security-oriented deployments. In a worst-case scenario, for less-maintained but critical open-source software, it can make sense to fork it and take on that maintenance yourself.

Recognize the first document that defenders will create.

Whether it’s your pen testers or your SOC analysts, the first document almost every team will share is not going to be “best prompts for Fable 5.” It will be “prompts that bypass fallbacks in Fable 5,” explaining how to get around safeguards to obtain Mythos 5-like capabilities and bypass the conservatively tuned safeguards that impact up to 5% of sessions. Anthropic attests to thousands of hours of testing to prevent jailbreaking Fable 5, but motivated and creative security pros always find a way.

Understand that your old processes and procedures don’t work anymore.

Anthropic benchmarks showcase Fable 5 working across long time-horizon sessions over days, delegating to subagents, checking its own work, and recursively improving its own code. Your assumptions of change control, application security gates, testing rules, and two-person approval workflows were not built for self-improving autonomous software development that finishes testing in the time it takes you to schedule meetings between two busy people. This requires process reinvention across multiple domains in cybersecurity and a shift in your risk appetite that differs from what your organization is used to.

Establish agentic development security practices.

As developers adopt Fable 5 and other advanced coding agents, the increased volume, speed, and complexity of releases will surpass what traditional application security testing tools were built to address. Organizations must invest in agentic development security (ADS) tools designed to prevent insecure code generation; AI selection of hallucinated, outdated, or vulnerable third-party components; and agents leaking sensitive data and secrets.

Coding agents introduce their own software supply chain, which encompasses MCP servers, skills, configuration files, extensions, and models, all of which expand the attack surface and inherit developer access to sensitive data, cloud credentials, source-code repositories, and productivity tools, along with permissions to read, write, and execute destructive commands. Fable 5 incorporates safeguards to prevent cybersecurity misuse, like other coding models. It does not, however, offer sufficient visibility into the supply chain risks it inherently carries. Organizations need to ensure that coding agents follow least-agency principles and operate in sandboxed environments properly guardrailed by ADS tooling.

Prepare for frontier-level capabilities in regular SaaS vendors.

With Fable 5 now generally available, any vendor in your ecosystem can turn on a Mythos‑class model overnight, even before your organization ever “adopts” it. Ostensibly, ordinary vendors are running frontier-level capabilities that you never assessed, governed by AI safety practices you never vetted, and adding another layer of complexity to third-party risk management. Vendors using Fable 5 should move into a different criticality tier, face AI‑specific risk assessments, and be covered by explicit AI, data, and safety obligations in your contracts, with particular emphasis on tightening legacy suppliers still operating on flimsy pre‑AI-era paper.

Get ahead of security tech contract renewals.

Given how quickly security tools and platforms are becoming orchestration and data-wrapper layers around Mythos‑class models, use this next renewal cycle to reset how you buy, evaluate, and govern “AI‑powered” security tech. Start by inventorying which vendors already have AI in their tools and flag those for accelerated, deeper review. As part of the renewal process. demand a concrete 12–24‑month roadmap from each strategic vendor for Mythos‑class model adoption, new use cases, pricing impact, and product security.

For new procurements, require precise disclosure of foundation models, data flows, guardrails, and how they plan to balance capability against cost on your behalf. Harden contracts and DPAs around data handling, logging, and retention when invoking third-party models, and set up guardrails for validating AI outputs before anything is allowed to drive automated actions.

Connect With Us

Forrester clients with questions related to this can connect with us through an inquiry or guidance session.