Anthropic launched Claude Fable 5, a model that is “Mythos-class” and “safe for general use.” 

However, the company acknowledges that the model does not come without risks. Therefore, it has been released with safeguards, meaning particular queries may be answered by Claude Opus 4.8 instead. 

Additionally, the company is releasing Claude Mythos 5 for cybersecurity defenders and infrastructure providers, which possesses the same underlying model as Fable 5 but with certain safeguards removed. 

Below, security experts share their perspective on this launch. 

Security Leaders Weigh In

Dr. Margaret Cunningham, Vice President of Security & AI Strategy at Darktrace:

Frontier models like Anthropic’s Claude Fable 5 are becoming more powerful and more widely accessible, while the mechanisms meant to control them remain imperfect. Against this landscape, defenders should assume breach, assume unapproved access, and assume that any capability useful enough to matter will eventually be used by adversaries.

While it is important to pay attention to claims about capabilities of these new models, it is also worth recognizing that the full picture often takes time to emerge. Some capabilities may prove more impactful than initially expected, while others may not live up to early expectations. For security teams, the challenge is evaluating these developments in real time, often before there is broad consensus on what the practical implications are. That can be especially difficult in a fast-moving environment where benchmarks, capability assessments, and model comparisons are evolving alongside intense industry interest and competition.

The same logic applies to guardrails. Guardrails can reduce opportunistic misuse, but they are not a complete defense. People who are good at jailbreaks already use context flooding, metaphor, literary framing, and iterative workarounds to test these systems. 

While a lot of focus lands on the offensive impact, the defensive burden is most concerning. Advanced defense is still mostly human, and we have not automated this level of expertise at scale. Vulnerability management was already behind schedule before AI accelerated discovery. The hard work is not just finding a vulnerability. It is figuring out whether it matters in a specific environment, whether it is a lab-only edge case, whether patching will break something else, and how to remediate without disrupting the business.

The clear takeaway for security teams is that there is no universal ‘normal’ to defend anymore. Every organization, device, user, and agent behaves differently, which means security teams need a way to understand what is normal in their specific environment and spot when something changes. As AI accelerates discovery and exploitation, behavioral detection, anomaly-based analytics, and autonomous containment become essential. Defenders need to prioritize based on context, contain threats quickly when prevention fails, and build defenses around the reality of their own environment rather than a generic model of risk.

Dana Simberkoff, Chief Risk, Privacy and Information Security Officer at AvePoint:

The rollout of Claude Fable is a massive milestone, but it reinforces a fundamental truth for enterprises: you should not outsource your security to the AI provider. True AI trust is built at the data layer, not within the model itself. While providers like Anthropic focus on safety classifiers to differentiate between Mythos and Fable, business leaders must focus on data boundaries. If an organization lacks rigorous data governance and lifecycle visibility, introducing advanced, agentic AI simply expands the blast radius of their over-shared, stale, or unclassified internal data. You cannot have AI trust without rigorous data governance and protection.

Shane Barney, Chief Information Security Officer at Keeper Security: 

Advanced AI models are now capable of scanning systems, networks and code to identify vulnerabilities at a speed and scale no human analyst can match, and that capability cuts both ways. In the hands of a defender it’s a force multiplier for threat detection and response, but in the hands of a threat actor it accelerates the path from reconnaissance to exploitation faster than most security teams can detect, let alone respond to.

These AI systems easily bypass traditional “friction-based” defenses by automating complex, multi-step attack chains at scale, creating a massive influx of software bugs that human maintainers cannot triage fast enough. This results in a dangerous operational bottleneck, leaving a wide window of exposure for adversaries to exploit known flaws before a fix can be deployed. Security teams must operate on a much shorter clock, assuming public vulnerabilities will be weaponized within hours rather than weeks. Defenders should immediately implement automated update paths for internet-facing systems, treat dependency security patches as immediate priorities rather than backlog items and maintain robust logging and Multi-Factor Authentication (MFA) to prevent lateral network movement if a breach occurs.

Privileged Access Management (PAM) acts as an internal circuit breaker by shifting defense from the perimeter to strict internal containment. By replacing vulnerable, always-on administrative accounts with Just-in-Time (JIT) access and automated credential vaulting, PAM ensures an automated attacker finds no persistent rights or tokens to harvest. Ultimately, by isolating privileged sessions and using behavioral analytics to instantly terminate high-velocity anomalies, PAM neutralizes AI’s speed and autonomy by trapping the exploit at its entry point before it can escalate across the organization’s network.

Enterprises that have been deferring foundational security work are running out of runway. The attack surface hasn’t changed, but the tools available to exploit it have gotten significantly more powerful. Unpatched vulnerabilities, excessive access permissions and gaps in privileged account oversight are exactly the conditions that AI-assisted attacks are built to find and weaponize.