What stripped the safety restrictions off Fable 5, Anthropic’s newest AI model, was potentially just one person, working against a system backed by billions of dollars, thousands of engineers, and a promise of unprecedented safety controls. In cybersecurity, we have a saying: nothing stays protected forever, though few expected that to mean hours after launch.
A Model Built on a Paradox
To understand what happened with Fable 5, you need to understand the strategy behind it. Anthropic released two models simultaneously: Fable 5 and Mythos 5, two very different products born from the same source.
Fable 5 is the public-facing model, wrapped in an elaborate safety architecture targeting three specific domains: cybersecurity, biology, and chemistry. The intent was to prevent misuse by stopping bad actors from using AI to discover exploits, engineer biohazards, or synthesize dangerous substances.
Mythos 5, on the other hand, is the unconstrained version, reserved exclusively for the enterprise partners who participated in project Glasswing, Anthropic’s inner circle of select collaborators. Everyone else works within the limits of Fable 5. In trying to lock the front door for bad actors, Anthropic inadvertently locked out many of the professionals who need access the most.
The Experts Are Not Impressed
The cybersecurity community, along with medical and chemistry professionals, has been vocal in its frustration. The safety restrictions in Fable 5 are, to put it plainly, blunt instruments: not carefully calibrated guardrails, but restrictions broad enough to flag the word “cancer” for a medical researcher trying to do their job.
Professionals in these fields are finding themselves unable to use Fable 5 for legitimate, everyday tasks. Cybersecurity analysts who need to research vulnerabilities, biologists working on disease modelling, chemists developing pharmaceutical compounds: all of them find themselves blocked by a model ostensibly designed to protect society.
Adding to the frustration is what some experts describe as a silent fallback: reports suggest that Fable 5 sometimes quietly downgrades itself, transferring a query to an older, less capable model without any notification to the user. Someone paying for cutting-edge performance finds themselves receiving something considerably less, with no indication that anything has changed. For organizations relying on these capabilities for critical work, that kind of opacity is not a minor inconvenience; it fundamentally erodes confidence in the platform.
The Jailbreak: “Pack Hunt”
Within days of Fable 5’s release, someone, potentially working alone, successfully bypassed its safety restrictions using a method they called “pack hunt.” Rather than a simple prompt injection, this was a sophisticated, coordinated attack: an army of AI agents sending simultaneous instructions, designed to overwhelm and confuse the model’s safety mechanisms until it lost its limits.
More significantly, the attacker also extracted Fable 5’s hidden system prompt, the internal instruction set governing the model’s behavior, which is reportedly around 120,000 lines long. When you know the exact shape of a fence, finding the gate becomes considerably easier.
This reality is not unique to Fable 5 but a fundamental truth in cybersecurity: every system has a limit, and the question is never whether it can be broken, but when and at what cost.
The Speed of the Threat Has Changed
What distinguishes the Fable 5 incident is not the fact of the breach but the pace at which it happened. Anthropic deployed every resource at their disposal to harden the model before launch, including red teamers, independent researchers, and internal stress testing, and still it was jailbroken within a day of release by what may have been a single actor.
The asymmetry between attackers and defenders has never been more pronounced: a well-resourced organization can spend months fortifying a system while a motivated individual dismantles it in an afternoon. When you are a high-profile target, as Anthropic very much is, that spotlight attracts exactly the kind of talent you have been working to keep out.
When Governments Pull the Plug
Then, on June 12, three days after Fable 5’s release, the story took another turn entirely. The U.S. government issued an export control directive under national security authorities, requiring that access to both Fable 5 and Mythos 5 be suspended for any foreign national, whether inside or outside the United States, including foreign national employees at Anthropic itself. Rather than attempt the complex work of implementing nationality tagging, tracking, and auditing of every user and agent across their platform, Anthropic suspended access to both models entirely. Organizations that had integrated these models into their workflows found them unavailable overnight.
Statement on the US government directive to suspend access to Fable 5 and Mythos 5 \ Anthropic
Gartner, in a research note published on June 15, framed this as a fundamental shift in what AI sovereignty means. Until now, that conversation focused on data residency, cloud regions, and infrastructure control. The Fable 5 suspension adds a new layer: eligibility. A model can be hosted in an approved region, process approved data, and run on compliant infrastructure, yet still be unavailable to certain users because of who they are, where they are from, or what role they occupy. As Gartner put it, international talent can no longer be assumed to have uniform access to the same frontier tools.
What This Means for Organizations
The Fable 5 story is not a cautionary tale about one model or one company, but a signal about where the AI security landscape stands today and where it is headed.
Gartner’s framing of this moment is useful: frontier model access is now a regulated dependency, not a utility1. The old assumption, that a model available through an API could simply be productized and relied upon, no longer holds. Organizations building on frontier models must now treat access as something that can become conditional, restricted, or unavailable with little warning, and design their systems accordingly.
The organizations navigating this era successfully are not the ones waiting for AI providers to deliver perfect safety guarantees but the ones building defenses adapted to the current pace and complexity of threats, defenses that treat no single layer as sufficient and regard today’s model as tomorrow’s potential vulnerability.
In cybersecurity, the promise was never invulnerability but vigilance, adaptation, and the expertise to respond when the fence gets cut, which it invariably will. The question is whether you will know when it happens, and whether you will be ready.
Notes
1 Gaurav Gupta, Chirag Dekate, Daniel Bowers, Ganesh Ramamoorthy, Fernando Pereiro, and Andrew Lerner, “First Take: Frontier AI Access Now a Vendor Risk Surface With Mythos 5 and Fable 5 Suspension,” Gartner, June 15, 2026, ID G00858726
