The Two-Faced Model: Anthropic’s Mythos 5 and Fable 5 Split the AI World Into Haves and Have-Nots

On June 9, 2026, Anthropic PBC did something no major AI lab has dared to do before: it released two versions of its most powerful model yet, explicitly designed for two different audiences with two different safety profiles. One version, Claude Mythos 5, is being handed to trusted cyber partners and reportedly the National Security Agency for offensive operations. The other, Claude Fable 5, is a neutered public release that the company claims “can’t be used for cyberattacks” [1]. The announcement represents a watershed moment for the AI industry—not because of raw benchmark scores, but because of the philosophical and strategic chasm it opens between safety-by-design and safety-by-restriction.

The move comes just two months after Anthropic launched Project Glasswing, its restricted cybersecurity program that made “Mythos-class” capabilities available only to participating organizations [3]. Now, with Fable 5, the company is effectively saying: the masses get the safe version; the insiders get the sharp one. And if reports from TechCrunch are accurate, one of those insiders is the NSA, which is reportedly “readying Anthropic’s Mythos for use in cyber operations” despite a federal ban on using the AI model maker [2]. The cognitive dissonance is staggering—and deeply revealing of where AI safety actually lands when national security interests collide with corporate ethics.

The Architecture Behind the Split: What Makes Mythos Different From Fable

To understand why this bifurcation matters, you have to understand what Mythos-class actually means. According to VentureBeat, Anthropic’s announcement marks “the company’s first broad release of the powerful ‘Mythos-class’ AI capabilities it previously made available only to participating organizations in its restricted cybersecurity program” [3]. The class itself represents a generational leap in capability, but the company has been deliberately opaque about the architectural differences between Mythos 5 and Fable 5.

What we do know comes from The Verge, which reports that Fable 5 “shows exceptional performance in software engineering, knowledge work, and vision,” with its lead over other models growing “as tasks become longer and more complex” [4]. This is not a small distinction. Most AI models degrade in performance as context windows fill and reasoning chains lengthen—a phenomenon known as attention decay. Fable 5 appears to have solved, or at least substantially mitigated, this problem. The Verge explicitly calls it “the most powerful model it has ever made widely available” [4], which implies that Mythos 5 is even more capable, but not widely available.

The critical question—and one the sources do not fully answer—is what safety mechanisms were stripped from Mythos 5 to make it suitable for offensive cyber operations, and what guardrails were added to Fable 5 to render it incapable of conducting cyberattacks. The Wired article states plainly that Fable 5 is “a version it says can’t be used for cyberattacks” [1], but the technical mechanism for this restriction is not disclosed. Is it a refusal layer? A fine-tuning approach? A fundamentally different architecture with reduced capability in code generation? The sources do not specify, and Anthropic has not provided granular technical documentation on the safety differential.

What is clear is that the two models share a common lineage. VentureBeat notes that Fable 5 represents “the first broad release from Anthropic’s Mythos class of AI” [3], suggesting that both models were trained on the same foundational architecture but diverged during the alignment and safety-tuning phases. This departs from how other labs have handled capability stratification. OpenAI, for instance, has historically released a single flagship model with usage policies applied at the API layer, not hard-coded into the weights. Anthropic is taking a different approach: embedding the safety constraints directly into the model itself, making them far harder to jailbreak—but also far harder to bypass for legitimate security research.

The NSA Paradox: National Security vs. Federal Ban

Perhaps the most explosive dimension of this story is the reported involvement of the National Security Agency. TechCrunch reported on June 5, four days before the official launch, that “the U.S. eavesdropping agency is reportedly preparing Anthropic’s Mythos for use in cyberattacks, despite a federal ban on using the AI model maker” [2]. This single sentence contains a contradiction so profound it deserves unpacking.

The “federal ban” referenced by TechCrunch is not elaborated in the source material, but it likely refers to existing restrictions on federal procurement of certain AI systems—possibly related to supply chain security, data handling, or competitive concerns. The fact that the NSA is reportedly moving forward anyway suggests either that the ban has loopholes, that national security exceptions apply, or that the agency is operating in a legal gray zone. The sources do not specify which scenario is accurate, but the implication is clear: when the stakes are high enough, safety restrictions become optional.

This creates a deeply uncomfortable dynamic for Anthropic. The company was founded in 2021 by former OpenAI employees, including siblings Daniela Amodei and Dario Amodei, with a stated focus on AI safety. Its entire brand identity is built around responsible development. Yet here it is, reportedly providing its most capable model to an intelligence agency for offensive cyber operations—the exact use case its public-facing model is designed to prevent. The cognitive dissonance is not lost on industry observers.

The timing is also notable. The TechCrunch report dropped on June 5 [2], and the official Anthropic announcement came on June 9 [1]. That four-day gap suggests either that the NSA story was leaked ahead of schedule, or that Anthropic accelerated its announcement to get ahead of the narrative. Either way, the company now faces the uncomfortable reality of having to defend a dual-release strategy that looks, from the outside, like a two-tiered safety system where the government gets the dangerous tools and the public gets the padded version.

The Financial Stakes: Pricing, Performance, and the Economics of Safety

VentureBeat provides the only concrete financial data in the source material, reporting that Fable 5 is priced at $1.50 per million input tokens and $4.95 per million output tokens, with a claimed 95% reduction in something—the source excerpt cuts off before specifying what metric is being reduced [3]. If that 95% figure refers to cost relative to Mythos 5, it would suggest that Mythos is priced at a significant premium, making it accessible only to well-funded organizations like intelligence agencies and large cybersecurity firms.

This pricing structure reveals a strategic calculus. By pricing Fable 5 aggressively—$1.50 per million input tokens is competitive with frontier models from other labs—Anthropic is signaling that it wants broad adoption for the safe version. The high cost of Mythos 5, by contrast, serves as a natural gatekeeper. Organizations that can afford it are presumably those with the resources and infrastructure to handle the associated risks. Whether this pricing strategy is driven by genuine safety concerns or by market segmentation is a question the sources do not answer, but it is worth noting that the two models create two distinct revenue streams: high-volume, low-margin public access and low-volume, high-margin enterprise/government contracts.

The 95% improvement figure, whatever it applies to, is striking. If it refers to inference cost, latency, or error rate, it would represent a generational leap in efficiency. If it refers to safety incident reduction, it would validate Anthropic’s investment in alignment research. The source material does not clarify, and readers should treat the 95% figure as unverified until Anthropic releases the specific metric.

Developer Friction and the Trust Paradox

For developers and enterprises building on Anthropic’s platform, the Mythos/Fable split creates a new category of risk: capability uncertainty. If you build an application on Fable 5, you are building on a model that is explicitly hobbled in certain domains—specifically, cybersecurity and offensive operations. This is fine if your application is a customer service chatbot or a document summarization tool. But what if you are building a security auditing tool? A penetration testing assistant? A code review system for vulnerability detection?

The sources do not address this directly, but the implication is clear: developers working in security-adjacent fields may find that Fable 5 refuses legitimate requests because its safety filters cannot distinguish between benign security research and malicious cyberattacks. This is the classic over-rotation problem in AI safety: in trying to prevent harm, you also prevent beneficial use. Anthropic’s response, presumably, is that such developers should apply for access to Mythos 5 through Project Glasswing. But that creates a bureaucratic bottleneck that may not scale.

There is also a trust dimension. Developers who invest time and money integrating Fable 5 may later discover that their use case requires Mythos 5 capabilities, forcing them to either rebuild on a different platform or navigate Anthropic’s restricted access program. This uncertainty could drive some developers toward competing models that offer a single, unrestricted version—even if those models are less safe. The market may ultimately punish Anthropic for its transparency, rewarding less responsible competitors who simply release one model and let the chips fall where they may.

The Macro Trend: Safety as a Feature, Not a Principle

Stepping back, the Mythos/Fable release represents a broader industry shift that most mainstream coverage is missing. For the first time, a major AI lab is explicitly treating safety as a product feature rather than a governance principle. By releasing two versions of the same model with different safety profiles, Anthropic is commoditizing safety—making it something that can be turned up or down depending on the customer’s clearance level and budget.

This is a radical departure from the early AI safety discourse, which treated alignment as a binary property: a model is either safe or it isn’t. Anthropic is now arguing, implicitly, that safety exists on a spectrum, and that different actors deserve different points on that spectrum. The NSA gets the less-safe version because it has the infrastructure to manage the risk. The public gets the safer version because it doesn’t.

There is a certain logic to this position, but it also undermines the foundational premise of AI safety research: that dangerous capabilities should not be distributed at all. If you believe that a model capable of conducting cyberattacks is inherently dangerous, then giving it to the NSA does not solve the problem—it just moves the risk to a different actor. The NSA may be more responsible than the average user, but it is also a target for foreign intelligence services, insider threats, and supply chain compromises. A Mythos 5 model in NSA hands is still a Mythos 5 model that could be stolen, leaked, or misused.

The sources do not address this tension directly, but it hangs over every paragraph of every article. The Wired piece calls Fable 5 “a version it says can’t be used for cyberattacks” [1], using the word “says” as a subtle hedge. The Verge calls it “the most powerful model it has ever made widely available” [4], emphasizing the “widely” qualifier. VentureBeat frames the release as “bringing Mythos to the masses” [3], which is technically true but misleading—the masses are getting Fable, not Mythos. Each source is dancing around the same uncomfortable truth: Anthropic has built a two-tiered AI system, and the tier you land on depends on who you are.

What the Sources Agree On—And Where They Diverge

Across all four sources, there is consensus on the core facts: Anthropic released two models on June 9, 2026; one is restricted to trusted partners, the other is public; the public version is designed to be incapable of conducting cyberattacks; and the NSA is reportedly preparing to use the restricted version for offensive operations. The sources also agree that Fable 5 represents a significant capability leap, particularly in long-context reasoning and software engineering.

Where the sources diverge is in emphasis and framing. Wired focuses on the safety narrative, positioning Fable 5 as a responsible release and Mythos 5 as a necessary concession to national security needs [1]. TechCrunch leans into the controversy, highlighting the contradiction between the federal ban and the NSA’s reported plans [2]. VentureBeat takes a business angle, emphasizing pricing, performance metrics, and the expansion of the Mythos-class to a broader audience [3]. The Verge is the most neutral, reporting the technical capabilities without strong editorial framing [4].

None of the sources provide specific technical details about how Fable 5’s cyberattack prevention works, what safety mechanisms were removed from Mythos 5, or what the 95% improvement figure actually refers to. These gaps are significant and should give readers pause. The absence of technical specificity in the coverage suggests either that Anthropic has not disclosed these details, or that the journalists covering the story did not have access to the relevant technical documentation.

The Unanswered Questions That Will Define the Next Phase

As the dust settles on this announcement, several critical questions remain unanswered. First, how does Anthropic define a “cyberattack” for the purposes of Fable 5’s safety filters? The term is notoriously slippery—does it include penetration testing? Vulnerability research? Red team exercises? If the definition is too broad, Fable 5 will be useless for legitimate security work. If it is too narrow, the safety guarantees are meaningless.

Second, what oversight mechanisms exist for Mythos 5 deployments? If the NSA is using the model for offensive operations, who is auditing those operations? The sources do not specify whether Anthropic retains any control over how Mythos 5 is used after deployment, or whether the company has any ability to revoke access if misuse is detected.

Third, what happens when other governments demand access to Mythos 5? The U.S. is not the only country with offensive cyber capabilities. If Anthropic grants access to the NSA, it will face pressure from allies—and adversaries—to provide equivalent access. The company’s response to those requests will define its global standing for years to come.

Finally, and most importantly, what does this mean for the future of AI safety research? If the most capable models are reserved for government and military use, the public will be left with second-tier AI systems. That may be acceptable from a safety perspective, but it creates a democratic deficit in access to advanced technology. The promise of AI has always been that it would empower everyone. Anthropic’s dual-release strategy suggests that, at least for now, some forms of empowerment are reserved for the powerful.

The Mythos 5 and Fable 5 launch is not just a product announcement. It is a stress test for the entire AI safety framework—and the results so far are deeply ambiguous. Anthropic has built a system that is safer for the public and more capable for the state. Whether that is a triumph of responsible engineering or a blueprint for a two-tiered AI future depends entirely on what happens next. The sources have given us the what. The why and the what-now remain unwritten.

---

References

[1] Editorial_board — Original article — https://www.wired.com/story/anthropic-releases-claude-fable-5-mythos-5/

[2] TechCrunch — NSA said to be readying Anthropic’s Mythos for use in cyber operations — https://techcrunch.com/2026/06/05/nsa-said-to-be-readying-anthropics-mythos-for-use-in-cyber-operations/

[3] VentureBeat — Anthropic brings Mythos to the masses with Claude Fable 5, its most powerful generally available model ever — https://venturebeat.com/technology/anthropic-brings-mythos-to-the-masses-with-claude-fable-5-its-most-powerful-generally-available-model-ever

[4] The Verge — Anthropic releases its first Mythos-class model Claude Fable — https://www.theverge.com/news/946725/anthropic-releases-claude-fable-5-mythos