I Ran Fable 5 Against My Own App. It Switched Itself Off Mid-Audit.

Promotional graphic announcing Claude Fable 5, Anthropic's first public Mythos-class model, beside a large stylized number 5, with a feature list: Mythos-class capability, falls back to Opus 4.8, 30-day retention, and $10 / $50 per million tokens.

Anthropic released Claude Fable 5 today. It is the same underlying model as Mythos, the one the company restricted to cyberdefense teams in April because it was too capable to release publicly. Fable 5 is the public version. The benchmarks look strong across coding, long-running autonomous work, knowledge tasks, vision, and scientific research.1

I ran it on one of my apps, then read the announcement, the product page, and the data-retention policy.

You might not be talking to Fable 5

When Fable 5 gets a query its classifiers flag as related to cybersecurity, biology, chemistry, or model distillation, the request gets rerouted to Claude Opus 4.8.2 Opus 4.8 is a capable model. It is not Fable 5. You are not told before it happens. You are told after.

Anthropic says this triggers in fewer than 5% of sessions.1 You are not charged Fable rates when it does.1

I ran into this on day one. I pointed Fable 5 at one of my apps for a routine security audit, the unglamorous kind: scan the git history for committed secrets, check dependency vulnerabilities, check the repo’s branch protection. This was real testing, not a code read. The model connected to my live database, assumed an anonymous role, and tried to write, to confirm the access controls actually held rather than trusting what the source said. Partway through, the model stopped being Fable 5. A notice appeared saying the safety measures had flagged my request and switched me to Opus 4.8. The same notice admits the measures “may flag safe, normal content as well.” Mine was safe, normal content. Auditing your own app is the definition of defensive work, but the classifier cannot tell apart someone hunting for holes to exploit and someone hunting for holes to fix.

An in-app notice on a grey background: Fable 5 1M's safety measures flagged this message. They may flag safe, normal content as well. These measures let us bring you Mythos-level capability in other areas sooner, and we're working to refine them. Switched to Opus 4.8. Send feedback or learn more. — The notice that appeared mid-audit — Fable 5's safeguards rerouting the session to Opus 4.8.

It is not a wall. I switched back to Fable 5 under Ultracode and the audit kept running on the full model. The gate fires on legitimate work, hands you the weaker model, and leaves the override to you. If you know the toggle exists, it costs you a minute. If you do not, you spend the session wondering why the model got worse halfway through a normal task.

If you build an agent on Fable 5 and it touches anything adjacent to cybersecurity, you are building on two models, and you do not control which one answers by default. The routing is handled by a classifier you cannot see, inspect, or predict. Anthropic tuned it conservatively, which means it will catch legitimate queries too. They say they will narrow it over time.1

This is a new pattern for a commercial model. A product that becomes a weaker product depending on what you ask. I am not saying it is wrong. Mythos-class capability in cybersecurity and biology is a real risk, and Anthropic says it ran more than 1,000 hours of external red-teaming without finding a universal jailbreak.1 But if you are evaluating Fable 5 for production, you need to know the model you pay for might not be the model that answers.

Mythos-class models force 30-day retention

Fable 5 and Mythos 5 require 30-day data retention on all traffic, on every surface where they are offered. Anthropic says it will not use the data to train models, that human access is limited to a small set of approved reviewers, that every access is recorded in a tamper-proof log, and that the data is deleted after 30 days except in safety investigations or where law requires keeping it.3

Consumer plans already retain prompts for safety, so nothing changes there. The change hits organizations that run zero data retention.3

ZDR on Anthropic is not a checkbox. It is a separate agreement, approved one customer at a time, for enterprise API use, and it does not turn on by default even on Enterprise plans.3 Nobody ends up with ZDR by accident. You get it because your compliance rules say nothing you send can sit on a vendor’s servers, and you go negotiate for it. If you hold one of those agreements and you want to use Fable 5, you switch retention on for the workspaces that need it. You keep ZDR everywhere else, but not on the model.3

Those are usually the customers with the strictest compliance posture. Now the most capable model is the one model they cannot run under that posture. Anthropic has built real controls around the retained data, customer-managed encryption keys, access transparency logs, automatic deletion, and a published white paper on the design.3 That is more than a policy statement.

The trade is still real. To use the strongest model, a ZDR organization has to accept that its prompts and outputs sit with Anthropic for 30 days, reviewable under defined conditions. For some teams that is fine. For others it is a wall. The reason is defensible: some attacks only show up across many requests, and you cannot catch those if you keep nothing.3 But the cost lands on exactly the customers who were most careful about data in the first place.

Free for two weeks, then it costs credits

Through June 22, Fable 5 is included on Pro, Max, Team, and seat-based Enterprise plans at no extra cost. On June 23, Anthropic pulls it from those plans, and access after that requires usage credits. The company says it intends to restore Fable 5 as a standard subscription feature when capacity allows.4

No date. No commitment. “When capacity allows.”

API pricing is $10 per million input tokens and $50 per million output tokens, with the existing 90% prompt-caching discount.1 Axios reported that is double the price of Anthropic’s Opus models, and quoted the company’s argument that more capability means a lower cost per finished task.5 Every lab says that when it raises prices.

If you are evaluating Fable 5 for a team, the June 23 date matters more than any benchmark on the page. Two weeks of included access, then credits, with no guarantee of when the model returns to your tier. Plan for it.

The IPO timing

This launch lands as Anthropic prepares to go public, an IPO some reports expect as soon as this year.6 The model is real either way, but a company heading into an IPO has reason to prove it can ship frontier capability at scale without the risk scenarios that kept Mythos locked down. Axios noted Anthropic went from calling this model too disruptive for public use to shipping a safeguarded public version in under three months, and pointed out OpenAI runs a similar restricted-access track for its cyber-capable models.5

So

The model is good. It ran a real security audit on one of my apps, connected to the live database, checked its own findings, and caught things a prior audit missed.

It also got bumped to Opus 4.8 in the middle of that audit because the classifier flagged defensive security work as risky. I switched it back manually. If I had not known the toggle existed, I would have finished the job on the weaker model without understanding why.

ZDR customers who negotiated for zero retention now have to accept 30 days of stored traffic to use Fable 5 at all. Anthropic built real controls around it, but the trade lands on the customers who were most careful about data in the first place.

And the model is free on subscription plans until June 23. After that, credits. No date for when it comes back.

If you are an enterprise customer, read the terms before you commit. If you hold a ZDR agreement, understand what using this model means for your data posture before you turn it on.

References

Footnotes

Anthropic, “Claude Fable 5 and Claude Mythos 5,” June 9, 2026. The announcement and the Fable product page cover the capability claims, the Opus 4.8 fallback for cybersecurity, biology, chemistry, and distillation queries, the under-5% fallback rate, the 1,000-plus hours of external red-teaming, pricing, and the conservative classifier tuning. https://www.anthropic.com/news/claude-fable-5-mythos-5 ↩
Anthropic, “Claude Fable,” product page, June 9, 2026. States that queries flagged by the cybersecurity and biology safeguards are automatically routed to Opus 4.8, with no Fable charge for rerouted requests. https://www.anthropic.com/claude/fable ↩
Anthropic, “Claude Fable 5 and Claude Mythos 5,” June 9, 2026 (announcement, for the no-training commitment); Anthropic, “Data retention practices for Mythos-class models,” Claude Help Center, effective June 9, 2026 (scope and controls); and Anthropic Privacy Center, “I have a zero data retention agreement with Anthropic. What products does it apply to?” (ZDR is a separate arrangement available only to approved enterprise API customers, distinct from Anthropic’s default retention, covering eligible APIs and products that use the commercial organization API key, including Claude Code). The 30-day retention applies to Mythos-class covered models on every surface. Consumer plans already retained for safety, so the change falls on organizations with zero data retention, who must enable retention per workspace to use the models. Controls include approved-reviewer-only access, tamper-proof access logs, automatic 30-day deletion, optional customer-managed encryption keys, and access transparency logs, with a technical white paper on the Trust Center. https://www.anthropic.com/news/claude-fable-5-mythos-5, https://support.claude.com/en/articles/15425996, and https://privacy.claude.com/en/articles/8956058 ↩
Anthropic, “Claude Fable 5 and Claude Mythos 5,” June 9, 2026. Lays out the staged subscription rollout: included on Pro, Max, Team, and seat-based Enterprise plans through June 22, removed June 23 with usage credits required after, and restored as a standard feature when capacity allows. https://www.anthropic.com/news/claude-fable-5-mythos-5 ↩
Madison Mills and Sam Sabin, “Anthropic releases Mythos-level model for general use,” Axios, June 9, 2026. Reports Fable 5 at double the price of Opus models, the company’s cost-per-task argument, the under-three-month timeline from restricted to public, and OpenAI’s comparable restricted-access model for cyber-capable releases. https://www.axios.com/2026/06/09/anthropic-mythos-class-safeguards ↩
“Anthropic released Claude Fable 5, its most powerful model publicly, days after warning AI is getting too dangerous,” TechCrunch, June 9, 2026. Notes Anthropic is preparing to enter the public markets alongside OpenAI and SpaceX. https://techcrunch.com/2026/06/09/anthropic-released-claude-fable-5-its-most-powerful-model-publicly-days-after-warning-ai-is-getting-too-dangerous/ ↩