📝 Tutorials
· 8 min read

What is Claude Mythos 5: The Restricted Frontier Model Explained

When Anthropic announced Claude Fable 5 on June 9, 2026, they also revealed something that got significantly less press coverage but is arguably more important: Mythos 5, the unrestricted version of the same model, is already deployed across approximately 150 organizations in 15+ countries for national security purposes.

This is the story of the model behind the model — what Mythos 5 is, who has access, and why it matters for the future of AI development.

Mythos 5 and Fable 5: Same Model, Different Rules

Let’s start with the most important fact: Claude Mythos 5 and Claude Fable 5 are the same underlying model. Same weights, same architecture, same capabilities. The difference is entirely in the deployment layer.

Fable 5 (the version you can access on Claude.ai or the API) has a safeguard system that intercepts certain queries and either blocks them or falls back to Opus 4.8 responses. Mythos 5 doesn’t have these restrictions.

Think of it like this: Fable 5 is a sports car with a speed limiter. Mythos 5 is the same car without one. Same engine, same potential — but one has guardrails and the other trusts the driver.

The “Mythos” class designation sits above “Opus” in Anthropic’s model hierarchy. It represents models that Anthropic considers too capable in certain domains to deploy without restrictions to the general public. Fable 5 is the first Mythos-class model available publicly (with safeguards), but it likely won’t be the last.

Project Glasswing: US Government Cyber Defense

Mythos 5’s primary deployment channel is Project Glasswing, a US government cyber defense initiative. While details are limited (for obvious reasons), here’s what we know:

  • It’s focused on defensive and offensive cyber operations
  • It uses Mythos 5’s unrestricted capabilities for vulnerability discovery, threat analysis, and incident response
  • Approximately 150 organizations across 15+ countries have access
  • Access is restricted to approved government agencies, defense contractors, and allied nation security services

The name “Glasswing” likely refers to the glasswing butterfly — transparent wings, hard to see. A fitting metaphor for a cyber defense program.

Why does the government need an unrestricted model? Because cyber defense requires understanding cyber offense. You can’t patch vulnerabilities you can’t find, and you can’t find them without the same reasoning capabilities an attacker would use. Fable 5’s safeguards specifically block this kind of deep cybersecurity reasoning — which is exactly what Glasswing participants need.

What Mythos 5 Can Do That Fable 5 Can’t

Both models have the same raw capabilities:

  • 1M token context window
  • 128K max output
  • Extended thinking
  • 95% SWE-bench Verified performance
  • 91/100 Every Senior Engineer score

The difference is what topics they’ll fully engage with. Fable 5’s safeguard classifier intercepts queries related to:

1. Cybersecurity exploitation Fable 5 will help you write secure code, but it won’t help you develop novel exploits, analyze zero-days for offensive use, or design attack infrastructure. Mythos 5 will — because that’s what cyber defense teams need.

2. Biological research (dual-use) Certain biological research queries that could enable bioweapon development are redirected to Opus 4.8 responses on Fable 5. Mythos 5 can engage fully with these topics for legitimate biosecurity research.

3. Model distillation and training Fable 5 actively limits assistance with training competing frontier models. Mythos 5 doesn’t have this restriction, though access is so limited this is somewhat moot.

For everyday developers, the practical difference is small — fewer than 5% of sessions hit the safeguards. But for security researchers, penetration testers, and vulnerability analysts, the distinction between Fable 5 and Mythos 5 is significant.

Who Has Access to Mythos 5?

Access to Mythos 5 is not available to the public and cannot be purchased through normal channels. Based on available information, access is limited to:

  • US Department of Defense and associated agencies
  • Intelligence community organizations (NSA, CIA, etc.)
  • Allied nation security services (Five Eyes partners, NATO members)
  • Approved defense contractors working on classified programs
  • Select biosecurity research institutions (likely BSL-4 adjacent)
  • Anthropic’s internal safety team (for red-teaming and evaluation)

The ~150 organizations with access span 15+ countries, suggesting broad deployment across Western allied nations. This isn’t a small pilot — it’s an operational capability.

There’s no application process for individual developers or companies. If you’re not already in a government or defense organization with an existing relationship with Anthropic’s government sales division, Mythos 5 isn’t accessible to you.

The Cyber Capabilities Question

Let’s talk about what a 95% SWE-bench model without safeguards means for cybersecurity.

A model that can solve 95 out of 100 real-world GitHub issues can also:

  • Analyze complex codebases for subtle vulnerabilities at scale
  • Generate novel exploit chains that combine multiple weaknesses
  • Reverse-engineer binaries and identify logic flaws
  • Design defensive architectures informed by offensive knowledge
  • Automate large portions of penetration testing workflows

The FrontierCode Diamond benchmark score of 29.3% (vs Opus’s 13.4%) is particularly relevant here. Hard algorithmic problems are closely related to the kind of creative reasoning needed for novel vulnerability discovery.

For organizations doing legitimate security work, this is transformative. A tool that thinks at senior-engineer level about security problems, with full access to reasoning about exploitation, fundamentally changes the economics of both offense and defense.

This is also why Anthropic restricted it. An unrestricted model with these capabilities, available to anyone with an API key, would significantly lower the barrier to sophisticated cyber attacks. The safeguarded Fable 5 is their compromise: give developers the coding power without the security research capabilities.

The Biological Research Program

Less discussed but equally significant: Mythos 5 is also deployed for biosecurity research. The biological dual-use concern is well-documented in AI safety literature — models capable of advanced reasoning about molecular biology could potentially assist with bioweapon design.

Fable 5’s safeguards redirect biological research queries that cross certain thresholds to Opus 4.8 responses. Mythos 5 removes these restrictions for approved biosecurity institutions that need to:

  • Model potential pandemic scenarios
  • Research countermeasures to engineered pathogens
  • Understand threat vectors to develop defenses
  • Analyze emerging biological risks

The biosecurity access list is likely much smaller than the cyber access list — probably limited to a handful of government labs and research institutions with appropriate clearance levels.

Implications for the AI Industry

Mythos 5 represents a new paradigm in AI deployment: capability gating by user authorization level rather than model limitation. Instead of making a less capable model, Anthropic made the most capable model they could and then restricted who gets the full version.

This has several implications:

For developers: The model you’re using (Fable 5) is genuinely the most capable coding model available. The safeguards only affect specific sensitive domains. For normal coding work, you’re getting Mythos-5-level performance.

For security researchers: If you’re doing legitimate pen testing or security research and find Fable 5’s safeguards limiting, your options are: (1) work with what you get, (2) use open-source models without restrictions, or (3) get your organization on the Mythos access list through government channels.

For the open source community: This deployment model increases the value proposition of unrestricted open-source models. If you need capabilities that Fable 5 blocks, DeepSeek V4 Pro or other open models become more attractive despite lower benchmark scores.

For competitors: The hidden competitor blocking in Fable 5 (limiting assistance with frontier LLM development) combined with Mythos 5’s restricted access means Anthropic is actively defending its competitive position through deployment policy, not just technology.

The Ethical Debate

Mythos 5 raises legitimate ethical questions:

  1. Asymmetric access: Should government agencies have AI capabilities that citizens don’t? The “we need it for defense” argument is as old as weapons technology, and equally debated.

  2. Oversight: Who oversees how Mythos 5 is used? A model this capable in the hands of intelligence agencies without transparency creates accountability concerns.

  3. Proliferation risk: With ~150 organizations across 15+ countries having access, the chances of a leak or unauthorized use increase with every new deployment.

  4. Hidden restrictions: The fact that Fable 5 silently degrades responses for certain topics (rather than refusing transparently) sets a concerning precedent. Read our safeguards deep dive for more on this controversy.

Anthropic’s position is that restricted deployment of powerful capabilities is better than either (a) not developing them or (b) releasing them without restrictions. Reasonable people disagree on whether this is the right balance.

What This Means for Your Day-to-Day

If you’re a developer building applications, doing context engineering, or using AI coding tools, here’s the practical takeaway:

Claude Fable 5 is excellent for your work. The safeguards won’t affect normal development workflows. You’re getting a 95% SWE-bench model that scores 91/100 on senior engineering judgment. That’s extraordinary.

You don’t need Mythos 5 access unless you’re specifically working in:

  • Offensive cybersecurity research
  • Dual-use biological research
  • Government defense applications

For everything else — and that’s 95%+ of developers — Fable 5 with its pricing structure and capabilities is the relevant product.

Frequently Asked Questions

Can I apply for Mythos 5 access as an individual developer?

No. Mythos 5 access is restricted to approved government agencies, defense organizations, and allied nation security services. There’s no public application process. Access is negotiated through Anthropic’s government and defense sales division with organizations that have appropriate clearances and use cases.

Is Mythos 5 more capable than Fable 5?

No — they’re the same model with the same capabilities. Mythos 5 simply doesn’t have the safeguard layer that redirects certain sensitive queries. For non-sensitive topics (which is the vast majority of use), Fable 5 and Mythos 5 produce identical results.

Does Mythos 5 have the 30-day data retention policy?

The public documentation states that all Mythos-class traffic has a 30-day retention policy. However, classified government deployments likely operate under different terms. Details of government contracts aren’t public.

Could Mythos 5 model weights leak?

This is a real concern with any restricted deployment. With ~150 organizations in 15+ countries having access, the attack surface is significant. However, Mythos 5 is likely served as an API (not deployed as local weights), which reduces but doesn’t eliminate leak risk. Anthropic hasn’t publicly disclosed the deployment architecture.

How is Mythos 5 different from just using an unrestricted open-source model?

Capability. Mythos 5 scores 95% on SWE-bench Verified and 91/100 on Every Senior Engineer. The best open-source models are significantly below this. For organizations that need both unrestricted access AND frontier capability, Mythos 5 is currently the only option. For those willing to trade some capability for unrestricted access, open-source alternatives exist.

Will there be more Mythos-class models in the future?

Almost certainly. Mythos is now an established tier in Anthropic’s model hierarchy. Future models that exceed certain capability thresholds will likely follow the same pattern: restricted deployment (Mythos) alongside a safeguarded public release. This is Anthropic’s answer to the “how do you release powerful models responsibly” question.

The Bigger Picture

Mythos 5 is a preview of how frontier AI might be deployed going forward: maximum capability for authorized users, safeguarded capability for everyone else. Whether you think that’s responsible governance or dangerous gatekeeping probably depends on your priors about institutions, power, and technology.

For most of us, the practical reality is that Fable 5 is an incredible tool that makes us dramatically more productive. The Mythos version is interesting to know about, but unless you’re reading this from inside a SCIF, it’s not going to be part of your workflow anytime soon.

You might also like

Claude Fable 5 Complete Guide: Benchmarks, Pricing, and What's New (2026)

Everything you need to know about Claude Fable 5: benchmarks, pricing, safeguards, Mythos 5, and how it compares to Opus 4.8.

Claude Fable 5 with Aider: Configuration and Cost Management

Configure Aider to use Claude Fable 5. Covers .aider.conf.yml setup, cost control strategies, architect mode, and when to pair Fable with cheaper models.

Claude Fable 5 API Guide: Authentication, Pricing, and First Request (2026)

Complete Claude Fable 5 API tutorial with Python and TypeScript examples. Covers authentication, pricing, streaming, batch API, and extended thinking.

Claude Fable 5 with Claude Code: Setup, Cost Tips, and First Impressions

Learn how to use Claude Fable 5 in Claude Code. Covers model switching, session costs, prompt caching, extended thinking, and when to pick Fable over Sonnet.