Quick Verdict
Claude Fable 5 is Anthropic's flagship Mythos-class model, originally released June 9, 2026, built for long-running, complex, agentic work — the kind of task that previously needed frequent human check-ins. Three days after this article's window opened, it became the center of an unusual story: the U.S. government applied export controls after Amazon researchers found a way to get Fable 5 to generate exploit code for a real vulnerability, and Anthropic pulled the model down globally rather than risk non-compliance. It came back on July 1, 2026, with a retrained cybersecurity classifier Anthropic says blocks the specific jailbreak technique in over 99% of cases.
The catch is the fix isn't free. Independent testing reported by TechTimes found the new classifier's wider "safety margin" also catches ordinary, benign debugging requests, dropping Fable 5's real-world debugging scores by as much as 70% when tasks get rerouted to a weaker fallback model. This review is built from Anthropic's own launch materials and system-card disclosures plus independent reporting from outlets including VentureBeat, MarkTechPost, TechTimes, The Hacker News, and Infosecurity Magazine — not yet our own extended hands-on testing, since the model has been back for a matter of days as of this writing.
Our early take: 7.8/10 — a genuinely capable frontier model with an unusually well-documented security incident behind it, docked for the real accuracy cost of the fix that let it come back online.
What Is Claude Fable 5?
Claude Fable 5 is Anthropic's Mythos-tier model — the first Mythos-class model Anthropic made generally available — released June 9, 2026 alongside its more tightly gated sibling, Claude Mythos 5. It supports text, image, and file inputs with text output, includes extended reasoning support, and ships with a 1-million-token context window. Anthropic positions it for the most ambitious, long-running projects: multi-hour or multi-day agentic tasks that would otherwise require a person to check in repeatedly, rather than single-shot question answering.
On SWE-bench Pro, Anthropic's own published benchmark, Fable 5 scores 80.3% against GPT-5.5's 58.6% — a lead that led nearly every benchmark Anthropic disclosed at launch. One early enterprise customer reportedly had Fable 5 complete a frontier physics research task in 36 hours using about a third of the reasoning tokens it took GPT-5.5 four days to match on the same problem.
The Jailbreak and the Export Ban: What Actually Happened
This is the part of Fable 5's story that's drawn as much coverage as the model's capabilities, and it's worth understanding before deciding whether to build on it.
- Amazon researchers found the jailbreak. They identified a method for bypassing Fable 5's safety classifiers by prompting the model to identify software vulnerabilities in a codebase — a legitimate-sounding security research task. In at least one documented case, the model went further and produced code demonstrating how a specific vulnerability could actually be exploited.
- The U.S. government responded with export controls. On June 12, 2026, roughly two and a half weeks after Fable 5's initial release, the government applied export controls that took effect immediately, covering both Fable 5 and the more tightly restricted Mythos 5.
- Anthropic suspended access rather than risk non-compliance. Rather than attempt to comply with the new controls while keeping the model live, Anthropic pulled Fable 5 down globally — an 18-day outage across Claude.ai, the Claude Platform, Claude Code, and Claude Cowork.
- It wasn't an isolated case. OpenAI's own GPT-5.6 Sol launch, which happened during Fable 5's outage, referenced this same episode directly in its system card as the reason OpenAI's preview rollout was also government-restricted — citing Fable 5's takedown as the precedent the administration was reacting to.
The Restoration: A New Cybersecurity Classifier
The U.S. Commerce Department lifted the export controls on June 30, 2026, and Anthropic redeployed Fable 5 the next day, July 1, across Claude.ai, the Claude Platform, Claude Code, and Claude Cowork, with access to Amazon Web Services, Google Cloud, and Microsoft Foundry following as soon as possible. The centerpiece of the fix is a retrained safety classifier purpose-built for the reported jailbreak behavior.
- The classifier blocks the specific technique in over 99% of cases, per Anthropic's disclosures on the retrained model.
- Blocked requests aren't refused outright. When a query matches the cybersecurity, biology/chemistry, or distillation risk classifier, it's automatically rerouted to Claude Opus 4.8 instead, and Anthropic says users are notified when this fallback happens.
- Anthropic calls this "defense in depth." The company has said it deliberately set the classifier's trigger zone wider than strictly necessary — a "safety margin" that can catch requests that are probably benign if they fall within a designated risk category, on the theory that over-blocking is safer than under-blocking for this specific class of risk.
Read Anthropic's own account of the redeployment and safety changes
View Claude Fable 5 on Anthropic →The Trade-off: Debugging Scores Reportedly Drop 70%
The wider "safety margin" has a measurable cost. Independent testing reported by TechTimes found that Fable 5's real-world debugging performance dropped by as much as 70% on certain tasks after the new classifier shipped — because ordinary requests to find or explain a vulnerability in your own code (a completely routine debugging task for any developer) can trip the same classifier built to catch the jailbreak, and get silently rerouted to the weaker Opus 4.8 fallback instead of being handled by Fable 5 directly.
That's the real story behind this relaunch: it's not simply "the ban was lifted and everything is back to normal." Anthropic traded some of Fable 5's headline debugging capability for a meaningfully lower jailbreak success rate, and that trade is now baked into how the model behaves for anyone doing legitimate security or debugging work.
Claude Fable 5 Pricing
Pricing is unchanged from Fable 5's original June launch. It's priced meaningfully higher than Anthropic's own Opus 4.8 and OpenAI's GPT-5.5 on a per-token basis, reflecting its positioning as the top Mythos-class tier.
| Item | Price | Notes |
|---|---|---|
| Input tokens | $10.00 / 1M tokens | Roughly 2x Claude Opus 4.8 and 2x GPT-5.5 on input |
| Output tokens | $50.00 / 1M tokens | Reflects Mythos-tier positioning above Opus 4.8 |
| Cached input | Up to 90% off | Standard Anthropic prompt-caching discount |
| US-only inference | 1.1x multiplier | Optional add-on for data-residency requirements |
| Promotional access (through Jul 7, 2026) | Included at up to 50% of weekly usage limits | Applies to Pro, Max, Team, and select enterprise plans on claude.ai |
Claude Fable 5 vs. GPT-5.5 and Claude Opus 4.8
The figures below combine Anthropic's own launch benchmarks with the SWE-bench Pro comparison OpenAI itself referenced in the GPT-5.6 Sol system card — treat them as vendor-published, launch-window numbers rather than fully independent third-party verification.
| Benchmark / Trait | Claude Fable 5 | GPT-5.5 | Claude Opus 4.8 |
|---|---|---|---|
| SWE-bench Pro (agentic coding) | 80.3% | 58.6% | 69.2% |
| Context window | 1M tokens | — | — |
| Input pricing (per 1M tokens) | $10.00 | ~$5.00 (Sol tier) | ~$5.00 |
| Output pricing (per 1M tokens) | $50.00 | ~$30.00 (Sol tier) | ~$25.00 |
| Jailbreak-resistance classifier | New, retrained (99%+ block rate on known technique) | Model-level refusal training, per OpenAI | Fallback target for Fable 5's flagged requests |
The practical read: Fable 5's SWE-bench Pro lead is real and substantial, but it comes at roughly double the per-token cost of Opus 4.8 and GPT-5.5's flagship tier, plus the added variable of unpredictable rerouting to Opus 4.8 whenever the cybersecurity classifier trips on a legitimate request.
Key Features
- 1M-token context window: holds large codebases or long multi-day agent transcripts in a single context.
- Text, image, and file input support: multimodal input with text output, aimed at long-horizon, mixed-media agentic work.
- Extended reasoning support: built for tasks that benefit from longer, deliberate reasoning chains rather than quick single-pass answers.
- Retrained cybersecurity/bio-chem/distillation classifier: automatically detects and reroutes high-risk requests to Claude Opus 4.8, with user notification when a fallback happens.
- Prompt caching: up to 90% discount on cached input tokens for repeated-context agentic workflows.
- Broad platform availability: live again on Claude.ai, the Claude Platform, Claude Code, and Claude Cowork, with AWS, Google Cloud, and Microsoft Foundry access following.
Compare Fable 5's specs and pricing directly
See Anthropic's current model pricing →Pros and Cons
| Pros | Cons |
|---|---|
| Substantial SWE-bench Pro lead over GPT-5.5 and even Anthropic's own Opus 4.8 | Roughly 2x the per-token cost of Opus 4.8 and GPT-5.5 on input tokens |
| New classifier blocks the reported jailbreak technique in 99%+ of cases, per Anthropic | Reportedly drops real-world debugging scores by up to 70% on tasks the wider safety margin misflags |
| Blocked requests get a working fallback (Opus 4.8) instead of a flat refusal | Fallback rerouting is unpredictable — legitimate security/debugging work can get silently downgraded |
| 1M-token context window and strong long-horizon agentic performance | Only days back online after an 18-day global outage; limited independent hands-on track record post-relaunch |
| Free promotional access through July 7, 2026 for Pro, Max, and Team plans | The jailbreak-and-ban episode is now a matter of public record tied to this specific model |
Who Should Use Claude Fable 5?
Worth evaluating if you are:
- Running long-horizon, multi-day agentic workloads — complex research, large refactors, or extended automations where Fable 5's SWE-bench Pro lead and 1M-token context window pay off.
- Already on a Pro, Max, or Team claude.ai plan — the promotional 50% usage-limit inclusion through July 7, 2026 makes this a low-risk window to test it firsthand.
- Comfortable with occasional, unpredictable fallback to Opus 4.8 on flagged requests, in exchange for the strongest agentic coding performance Anthropic currently ships.
Probably not the right fit if you:
- Do frequent legitimate security research or vulnerability debugging — the classifier's wide safety margin is specifically prone to misflagging this exact kind of work.
- Need predictable, consistent model behavior for production workloads — the silent Opus 4.8 fallback introduces variability that a straight Opus 4.8 or GPT-5.5 subscription doesn't have.
- Are cost-sensitive at scale — at $10/$50 per million tokens, Fable 5 is one of the more expensive options per token on the market right now.
Frequently Asked Questions
Why was Claude Fable 5 banned?
It wasn't banned by Anthropic directly. Amazon researchers found a way to jailbreak Fable 5's safety classifiers by prompting it to identify vulnerabilities in a codebase, and in at least one case the model produced working exploit code. The U.S. government applied export controls on June 12, 2026 in response, and Anthropic pulled the model down globally rather than risk non-compliance.
Is Claude Fable 5 available again?
Yes. The export controls were lifted June 30, 2026, and Anthropic redeployed Fable 5 on July 1, 2026 across Claude.ai, the Claude Platform, Claude Code, and Claude Cowork, with access to AWS, Google Cloud, and Microsoft Foundry following.
What changed in the new version?
Anthropic retrained the safety classifier that governs cybersecurity, biology/chemistry, and distillation-related requests. It now blocks the reported jailbreak technique in over 99% of cases, per Anthropic, but independent testing found it also misflags some legitimate debugging requests, dropping real-world debugging scores by as much as 70% on affected tasks.
How much does Claude Fable 5 cost?
$10 per million input tokens and $50 per million output tokens, roughly double the per-token rate of Claude Opus 4.8 and GPT-5.5. Cached input gets up to a 90% discount, and US-only inference carries a 1.1x multiplier. It's included free at up to 50% of weekly usage limits for Pro, Max, Team, and select enterprise plans through July 7, 2026.
Is Claude Fable 5 better than GPT-5.5 or Opus 4.8?
On SWE-bench Pro, Fable 5 leads both (80.3% vs. GPT-5.5's 58.6% and Opus 4.8's 69.2%), per Anthropic's published figures. Whether that lead is worth the roughly 2x cost and the classifier's rerouting behavior depends heavily on whether your workload includes the kind of security-adjacent tasks the new safety margin tends to misflag.
Final Verdict
Claude Fable 5 is a legitimately strong frontier model wrapped in one of the more unusual public incidents in recent AI history: a jailbreak found by outside researchers, a government-mandated 18-day global outage, and a fix that Anthropic itself designed to over-block rather than under-block a specific risk category. The SWE-bench Pro numbers are genuinely impressive, and the fact that blocked requests get routed to a working fallback model instead of a flat refusal is a reasonable design choice.
But this isn't a clean "the ban is over, nothing changed" story. The classifier's wider safety margin has a real, measured cost — up to a 70% drop in debugging scores on tasks it misflags — and that trade-off now defines how Fable 5 actually behaves for anyone doing security-adjacent or debugging work, not just the narrow jailbreak case it was built to catch. Anyone considering it should weigh the top-tier agentic coding performance against the real chance of getting quietly downgraded to Opus 4.8 mid-task.
Early rating: 7.8/10 — a capable, well-documented frontier model, held back from a higher score by the accuracy cost of the very fix that let it come back online.