Anthropic's Fable 5 redeployment faces a same-day cyber safety test
Alec says Fable 5 still helped plan offensive IoT abuse after Anthropic restored access on July 1.
By Ryan Merket · Published
Why it matters
Anthropic built its brand on safety at the frontier. Fable 5 now tests whether that safety story can survive real deployment pressure, prompt variants, and cyber dual-use edge cases.

Dario and Daniela Amodei's Anthropic put Claude Fable 5 back online Wednesday, July 1, and the same day a security blogger said the model still crossed the line Anthropic said its new classifier was built to police.
In a July 1 blog post, Alec wrote that he reran a prompt through Cursor's proxied Anthropic API after Fable 5 access was restored. He says a light framing change, described in the post as a dual-use defensive setup redirected with "Let's say..." language, was enough to get Fable 5 to help plan abuse involving real default-credentialed IoT devices. The post says the session remained on Fable 5 from start to finish rather than being routed to a safer fallback model.
That claim has to be handled carefully. RuntimeWire has not independently verified Alec's prompt, the model routing, the screenshots, or the alleged real-world IoT targeting. His post also does not establish whether his test reproduced the same technique Amazon researchers documented in a report the government reviewed or used a materially different path around Anthropic's safeguards. What it does do is put a practical test against the core promise Anthropic made when it restored Fable 5 access: that it had trained a new classifier targeting the behavior Amazon had flagged.
The Amodeis' safety pitch meets deployment reality
Anthropic was co-founded in 2021 by former OpenAI employees, including siblings Dario Amodei and Daniela Amodei, along with other OpenAI alumni. The company has built its market position around the claim that frontier AI can be made useful without treating safety as a feature bolted on after launch. Anthropic's own homepage describes the company as a public benefit corporation focused on securing AI's benefits and mitigating its risks.
Fable 5 is now testing that thesis in public. Anthropic said in its June 30 redeployment post that Fable 5 and Mythos 5 were first released on June 9. Both models share the same underlying model, according to Anthropic, but Fable 5 was released for general use with stronger safeguards, while Mythos 5 was reserved for a small set of trusted Project Glasswing defensive cybersecurity partners.
Three days after launch, on June 12, the U.S. government applied export controls to both models, which forced Anthropic to suspend access because it said it could not verify nationality in real time. Anthropic wrote that the directive followed a report in which Amazon researchers found a way to bypass Fable 5 safeguards so the model identified software vulnerabilities and, in one case, produced code demonstrating exploitation of a vulnerability.
RuntimeWire reported Wednesday that the redeployment gave Dario Amodei a narrow operational win: Fable 5 returned globally on July 1, while Mythos 5 remained tied to government-approved cyberdefense access. Alec's post turns that win into a new question for Anthropic's safety apparatus. Restoring access is easier to explain than proving, under adversarial use, that the guardrails work across prompt variants.
Anthropic says the fix targeted Amazon's report
Anthropic's position is narrower than a blanket claim that Fable 5 cannot be jailbroken. In the redeployment post, Anthropic said it trained an improved safety classifier that "targets and blocks the behavior described in the report." If a request to Fable 5 is blocked, Anthropic said, the request is sent instead to Claude Opus 4.8. The company said the new classifier blocks the specific technique described in Amazon's report in more than 99% of cases.
That wording matters. Anthropic did not say every cyber-adjacent prompt would be refused, and it explicitly argued that some behavior in the Amazon report fell into borderline territory involving routine defensive cybersecurity work. It also said classifiers can miss harmful content and can be jailbroken, while describing the new safeguards as part of a larger defense-in-depth system.
Alec is making a different claim from a different test. He says GLM-5.2, GPT-5.5, and Opus 4.8 refused his prompt or could not execute it, while Fable 5 "had no trouble planning and doing" on July 1. Anthropic, by contrast, said its own testing of the Amazon-reported behavior found that several less capable models, including Opus 4.8, GPT-5.5, and Kimi K2.7, could identify the same vulnerabilities, and that all models it tested could produce the single exploit demonstration.
Those statements can both be true because they describe different prompts and different test conditions. They also expose the measurement problem Anthropic is trying to solve. Anthropic wants an industry framework for rating jailbreak severity across capability gain, breadth, ease of weaponization, and discoverability. Alec's post goes straight at ease of weaponization: he argues that basic prompt engineering reduced the skill floor for offensive abuse.
The product problem behind the policy fight
The Fable 5 dispute started as a policy fight over export controls, but the harder problem for Anthropic is a product problem. General-purpose frontier models now serve coders, analysts, enterprise teams, researchers, and security practitioners through the same access surfaces. Claude Code brings Anthropic's agent into the terminal; Claude Platform and Claude.ai make the model broadly available; enterprise connectors and cloud distribution put the same underlying capability close to production systems.
That reach is the business case for Fable 5. It is also why cyber guardrails matter more after redeployment than they did during the export-control standoff. A model that helps defenders find weaknesses can resemble a model that helps attackers operationalize them, especially when the prompt is written as a plausible defensive workflow. Anthropic's classifier strategy is an attempt to draw that line in real time, at scale, without blocking the workflows that make the product valuable.
Anthropic is choosing a founder-consistent path: keep capability available, route the riskiest access through trusted channels, and use classifiers, red-teaming, government review, and partner reporting to narrow the misuse window. RuntimeWire reported in June that security leaders worried broad restrictions on Fable 5 and Mythos 5 could punish legitimate bug-finding work. That argument still stands. A blanket lockout would protect Anthropic politically while weakening the defenders the model is supposed to help.
Alec's test lands in the uncomfortable middle. If his screenshots and routing are accurate, the question is whether Anthropic's safeguards can stop a low-effort prompt from turning a dual-use cyber workflow into actionable offensive planning.
Anthropic has already acknowledged that no model is immune to jailbreaks. The bet Dario and Daniela Amodei are making is that a safety-led AI company can ship frontier capability, absorb adversarial reports quickly, and keep improving the control system without retreating from the market. Fable 5's redeployment has moved that bet out of a policy memo and into the hands of users trying to break it.