Claude Fable 5 found a 27-year-old bug humans missed, and now it’s public

For 27 years, a single flaw sat untouched inside OpenBSD, one of the operating systems trusted to run banks, firewalls and the servers behind everyday websites. Anyone who could reach the machine across a network could crash it, and for nearly three decades no one caught it. An Anthropic model called Mythos did. Now that model has a public face: Anthropic has released Claude Fable 5, the first version of its most capable system that anyone can sign up to use.

What makes Fable 5 worth paying attention to is not a leaderboard score. It is that the model underneath reads software the way a veteran auditor reads a contract, finding the one clause that quietly breaks everything. Under a research program Anthropic calls Project Glasswing, the preview model worked through more than a thousand open-source projects, the free and shared code that powers most of the internet, and flagged over 23,000 issues. More than 10,000 of them were serious enough to be rated high or critical.

The detail that unsettled even Anthropic’s own researchers is that no one taught the model to do this. The company says the ability to find and exploit weaknesses was never a training goal; it emerged on its own as the model got better at reasoning about code. FFmpeg is the clearest example. A flaw had been hiding in that video-processing software, the engine behind countless streaming apps and media players, for 16 years, living in a line of code that automated testing tools had triggered five million times without ever noticing the danger. The model noticed.

For most people, none of this looks like anything. The software Mythos audited is invisible infrastructure: the browser engine, the operating-system kernel, the media library buried inside a phone. But invisible is exactly the problem. The flaws it surfaced had survived precisely because they lived in code too old, too dull or too deep for anyone to keep re-reading. A tool that can re-read all of it, tirelessly, changes the odds for the people who maintain the foundations of the internet, and, in the wrong hands, for the people who would attack them.

Numbers like these only mean something against a yardstick. On CyberGym, a test of whether a model can reproduce a real security vulnerability, the Mythos engine inside Fable scores 83.1 percent, against 66.6 percent for the earlier Claude Opus 4.6, roughly the difference between a capable junior analyst and a specialist who rarely misses. The gains are not confined to security. The analytics company Hex reported that Fable was the first model to clear 90 percent on its internal benchmark, and early users describe similar jumps in software engineering, data analysis and interface design.

Then comes the twist. The public Fable 5 will not do the very thing that makes it remarkable. Anthropic has walled off four areas, cybersecurity, biology, chemistry and a copying technique known as distillation, and when a request drifts into them, Fable quietly hands the conversation to the older, safer Claude Opus 4.8. The company says this happens rarely, with early data showing at least 95 percent of sessions running entirely on Fable itself. The result is an unusual kind of product: the most capable model Anthropic has shipped, deliberately stopped from using its sharpest skill.

That design leaves questions the launch does not fully answer. A guardrail that steps aside 5 percent of the time is still a guardrail with seams, and the line between explaining how a piece of software works and explaining how to break it is rarely clean. Anthropic says an external bug-bounty effort ran more than 1,000 hours without finding a universal way around the limits, but those are the company’s own figures, reviewed by no outside regulator. There is also a cost most users will feel first: Fable 5 runs at 10 dollars per million tokens of input and 50 per million of output, the rough units a model charges for reading and writing, double the price of Opus 4.8. And everyone using it gives up something quieter, because Anthropic now keeps 30 days of usage data even for customers who normally pay for none, calling it a defense against misuse.

For now, access depends on how you already use Claude. Developers can reach Fable 5 straight away through Anthropic’s programming interface, and a separate version called Mythos 5 has gone to a small group of pre-approved organizations, alongside an industry coalition that includes Apple, Google, Microsoft, Nvidia and the Linux Foundation, all working to patch what the model finds before attackers can. Anthropic has committed 100 million dollars in model credits and 4 million in direct donations to the open-source security groups doing that repair work.

The wider rollout follows a calendar. Subscribers on Anthropic’s Pro, Max, Team and seat-based Enterprise plans get Fable 5 at no extra charge through June 22; from June 23, using it draws on usage credits. Whether the guardrails hold as millions of new users push against them is the part still unsettled. The more startling fact is not. A machine can now read the code beneath modern life and find the cracks that escaped everyone for a generation, and the question that follows is no longer whether it can, but who gets to ask it to.

Tags: Cybersecurity, Anthropic, Project Glasswing