CyberScan
AI-assisted vulnerability assessment and pentest. Continuous asset discovery, risk prioritization, NIS2.
Discover CyberScan →
Cybersecurity
Offensive and defensive security, vulnerability management, NIS2 compliance. Skills and tools for those who protect systems.
Discover →
Admina Enterprise
Open Source AI governance: audit trail, PII redaction, bidirectional ALLOW/BLOCK/REDACT policies on any model, local or remote.
Discover Admina →
Artificial Intelligence
On-premise AI architectures, local LLMs, RAG, autonomous agents. The intelligence you can’t afford to see switched off should be owned.
Discover →What Anthropic announced
On 1 July 2026 Anthropic restored global access to Claude Fable 5, after the export controls that kept it offline were lifted. It is the tail of the story we already covered: on 12 June the US government ordered the suspension of Fable 5 and Mythos 5, and Anthropic disabled them worldwide within hours (we wrote about it in When a government switches off an AI model). From shutdown to reopening, 18 days passed.
The reopening is not symmetric, and this is where the story gets interesting for security:
- Fable 5 is available to everyone again, across Claude Platform, Claude.ai, Claude Code and the other surfaces.
- Mythos 5, the more capable variant, returns only for approved US organizations via Project Glasswing, with fewer safeguards and an explicit focus on defensive cybersecurity.
The cause: a “cyber” jailbreak
The measure originated from a jailbreak discovered by Amazon researchers: prompted to examine some code, Fable 5 identified a number of software vulnerabilities and, in one case, produced code demonstrating how one could be exploited. The point Anthropic makes in its post-incident analysis is blunt: the same demonstration was reproducible by practically every model tested, including Claude Opus 4.8, GPT-5.5 and Kimi K2.7. It was therefore not a capability unique to Fable 5, and according to the company the bypass “did not expose any unique Mythos-level cyber capabilities”, being “routine defensive cybersecurity work”.
The new safeguards and jailbreak severity
To reopen, Anthropic introduced a safety classifier targeting the reported technique, blocking it in over 99% of cases, accepting as a tradeoff an increase in false positives during legitimate coding and debugging. The CAISI (Center for AI Standards and Innovation) independently validated the safeguards, calling them “extraordinarily strong”.
Crucially, the company made explicit a framework to assess the severity of a cyber-jailbreak across four criteria: how far the technique extends capability beyond existing tools, how many distinct offensive tasks it enables, how easily it can be weaponized into a real attack, and how discoverable it is. It is a way to separate a curiosity from a concrete threat, and it comes with a HackerOne program dedicated to cyber-jailbreaks.
The distinction between the two models sums it up: Mythos 5, Anthropic states, “can be used to find and exploit software vulnerabilities more effectively than any other model, and all but the most skilled human security experts”; Fable 5, by design, “provides no such unique offensive capabilities”. The strong offensive capability exists, but it is confined behind Project Glasswing, to approved defenders.
Government and the cyber frontier
In the background is an Executive Order of 2 June 2026, “Promoting Advanced Artificial Intelligence Innovation and Security”, establishing a four-part collaboration framework: government access and evaluation before release for national-security-relevant models, rapid information sharing on safeguards and jailbreaks, dedicated teams for joint research, and shared voluntary security standards across frontier labs. It is the same “cyber Executive Order” we saw behind the gated release of GPT-5.6 Sol: frontier AI and cybersecurity now pass through a government table.
Our take
For anyone defending systems the operational lesson is clear: frontier models have become serious tools for vulnerability research and exploitation. It is a double-edged capability. On one side it empowers defenders (triage, patch development, assisted pentest, security education); on the other it lowers the barrier for attackers. When AI-assisted offense becomes real, defense has to raise its game accordingly: this is exactly the ground we work on with CyberScan and our cybersecurity services.
Then there is the now-recurring theme of access. The strongest defensive capability (Mythos 5) is reserved for approved US organizations: a European defender simply cannot access it. And a closed model remains something a foreign government can switch off and back on at its discretion. It adds to the lesson of the Fable case and of GPT-5.6: frontier AI is dual-use technology under government governance. The answer we keep arguing for is to own the operational floor (open-weight models, on-premise, as discussed for DwarfStar 4 and GLM 5.2) and to govern the stack (Open Intelligence, Secure Governance, Admina for auditable AI on any model).
A note of balance: reopening in 18 days, with safeguards validated by an independent body and a declaredly transparent process, is a sign that governance can work without freezing innovation. But “switchable and filterable at a government’s decision” remains a factor that, for anyone planning over several years, must be counted in.
