Cybersecurity researchers criticize Anthropic's Fable for strict guardrails that block defensive work

Anthropic launched Claude Fable 5 on June 9, and the cybersecurity community is already calling it unusable for the work that matters most: finding and fixing vulnerabilities before attackers do.

The new model, the first publicly available release from Anthropic’s “Mythos-class” of AI systems, ships with safety classifiers that automatically reroute high-risk queries to the older Claude Opus 4.8. Topics that trigger the fallback include cybersecurity, biology, chemistry, and model distillation. For security researchers, that means the most powerful tool in the lineup essentially refuses to engage with their day jobs.

What Fable does and why it matters

Fable 5 shares its foundational capabilities with Claude Mythos 5, a more restricted model that proved remarkably good at identifying software flaws. During testing in April 2026, Mythos-class models flagged over 23,000 critical vulnerabilities across major code repositories. Anthropic’s solution was to create a public-facing version that keeps the general intelligence but walls off the sharp edges. The company claims that over 95% of Fable 5 sessions require no fallback to Opus 4.8.

Vulnerability research, penetration testing, and responsible disclosure all require asking exactly the kinds of questions Fable’s classifiers are designed to deflect. The complaints from security practitioners center on a familiar tension: safety mechanisms that can’t distinguish between offensive intent and defensive necessity end up penalizing the defenders.