On June 9, 2026, Anthropic dropped two new models in a single day: Claude Fable 5 and Claude Mythos 5. But only one of them — Fable 5 — is actually available to regular users. Mythos 5 is not yet open to everyone. Add Claude Opus 4.8, released half a month earlier on May 28, and Anthropic now has three flagships on the table.

So what is the difference between these three?

I read through Anthropic’s official launch blog posts, the System Card, the related papers, the engineering team’s technical discussions, Karpathy’s analysis, and a round of tech media coverage. Here are the six differences everyday users actually need to know.

Let’s take them one at a time.

First, get this straight: Fable 5 and Mythos 5 are the same model

A lot of people think these are three separate new models sitting side by side. They’re not. Technically, the relationship is this: Fable 5 and Mythos 5 share the exact same model weights. The only difference is whether the external safety classifier is turned on. Opus 4.8 is a different, weaker model entirely.

This foundational relationship is the prerequisite for understanding the six differences that follow. So let’s clarify it first.

The opening section of the System Card puts it plainly:

“Fable 5 is being released for general access — it has the same underlying model weights as Mythos 5, but has additional safeguards to prevent misuse for cybersecurity and biology.”

Translation: Fable 5 and Mythos 5 have identical underlying weights. The only distinction — Fable 5 has a layer of safety classifiers (safeguards) wrapped around it. Mythos 5 strips that layer away in certain domains.

So the real relationship between the three looks like this:

  • Mythos 5: The bare model. Highest capability, with safety guardrails removed in specific domains. Only available to Project Glasswing’s cybersecurity defenders, critical infrastructure operators, and a tiny number of biological research institutions. Regular users cannot access it.
  • Fable 5: Same bare model, wrapped with three categories of safety classifiers. This is the version regular users can actually use today. Fully open access.
  • Opus 4.8: A completely different, weaker model, released separately in late May. Its role in this system: when Fable 5’s safeguards get triggered and the model refuses to answer, the request is automatically downgraded to Opus 4.8 instead.

We also need to sort out the timeline, or it gets confusing. Back in April, Anthropic already released a Mythos Preview, but only for internal testing by Project Glasswing partners. It was never open to the public.

On June 9, Anthropic upgraded Mythos to Mythos 5 (still only for the Glasswing crowd), and simultaneously took that same capability set, added safeguards to it, and released it as Fable 5 for everyone.

So for regular users, the only genuinely new thing you got on June 9 is Fable 5. Mythos 5 is just the upgrade to the April Preview — and you still can’t use it.

The names themselves encode this relationship: Mythos means “myth” and Fable means “fable.” Etymologically, both refer to “a story that is told.” Anthropic is effectively saying through its naming: these two are the same thing — one held back, one let loose.

An interesting detail: The Verge pressed Anthropic on the versioning. If this is Fable 5 and Mythos 5, where are Fable 1 through 4? Where are Mythos 1 through 4? And how does the “5” relate to the Mythos Preview from April? Anthropic declined to answer. So where this version number came from remains officially unexplained.

Difference 1: A leap in long-task performance

Anthropic’s capability ceiling used to be Opus. Not anymore.

Mythos is officially defined as an entirely new tier above Opus — the Mythos class. VentureBeat put it bluntly: Opus is no longer Anthropic’s top commercial capability layer. The Mythos class now sits above it.

The benchmarks are in the System Card. Here are the ones that tell the clearest story (bold = best in row):

General & Coding:

Benchmark Mythos 5 Fable 5 Opus 4.8 GPT-5.5
SWE-bench Verified 95.5 95 88.6
SWE-bench Pro 80.3 80 69.2 58.6
Terminal-Bench 2.1 88.0 84.3 82.7 83.4
Humanity’s Last Exam (no tools) 59.0 49.8 41.4
FrontierCode Diamond 29.3 13.4 5.7

Look at the FrontierCode Diamond row: Fable 5 scores 29.3. Opus 4.8 scores 13.4. GPT-5.5 scores 5.7.

swyx, one of the contributors to this benchmark, nailed the insight: on this leaderboard for extended-horizon problems, Opus 4.8 and GPT-5.5 don’t improve no matter how much compute you throw at them. Fable and Mythos are the first models whose post-training genuinely harnesses test-time compute to solve ultra-long tasks measured in “tens of human-hours equivalent.” That’s a first.

But the real-world cases mentioned in the official blog post tell the story better than any benchmark number:

  • Payments company Stripe used Fable 5 to do a full codebase migration on a 50-million-line Ruby codebase — finished in one day. A human team would have taken over two months.
  • Played the card game Slay the Spire with a file-based memory that continuously took notes. Its score improvement was 3x that of Opus 4.8, and it reached the final boss 3x more often.
  • Playing Pokemon FireRed was even wilder: previous Claudes needed a complex scaffolding of maps, navigation tools, and hand-fed info to play at all. Fable 5 beat the game purely by looking at screenshots — pure visual input, zero extra information.
  • It even worked autonomously for over a week on genomics research, assembling data from 138 species and millions of cells, then designing and training a model that outperformed a paper published in Science — while being 100x smaller.

These aren’t demo stunts. These are real test results named in the launch blog.

Karpathy (who joined Anthropic in May) gave an even harsher verdict. He called Fable 5 “a step-function jump worthy of a major version number, comparable in magnitude to the Claude 4.5 jump last November,” especially on long-horizon, hard problems:

“You can give it a lot more ambitious tasks than what you’re used to, the model ‘gets it’ and it will just go.”

Claude Code core engineer Boris Cherny was more down-to-earth: “Fable is the best coding model I’ve ever used, by a wide margin.”

Anthropic’s Head of Growth, Amol Avasare, offered the most intuitive framing in his launch thread: this is “the smartest model yet, by a big margin,” capable of running continuously for days, and “the longer the task, the bigger its lead over other models.” He also said this is the first model that feels “like a real colleague who can deliver — someone you can actually hand real work to.”

One sentence to sum up this difference: Opus 4.8 was the previous generation’s best. Mythos/Fable 5 built another floor on top of it. The longer and harder the task, the wider the gap.

Difference 2: Cybersecurity capability with destructive potential — the real reason Mythos is locked up

If you only look at general benchmarks, the gap is “noticeable but not scary.” What truly made Anthropic lock Mythos behind Glasswing and refuse to release it publicly is its offensive cyber capability.

The numbers in this area (all from the System Card’s cyber section, measuring unguarded Mythos 5):

  • ExploitBench (41 V8 engine vulnerabilities): Mythos 5 averaged 10.75 capability flags, with a 78% cap rate. Opus 4.8 managed only 5.56 flags, 40%.
  • Firefox 147 exploit development (250 trials): Mythos 5 produced complete, working exploits 88.4% of the time. Opus 4.8: 8.8%.
  • CyberGym (1,507 vulnerability reproduction tasks): Mythos 5 single-shot reproduction rate of 83.8%. Opus 4.8: 78.1%.

That Firefox row is the headline: 88.4% versus 8.8%. An order-of-magnitude gap. This is why the April Mythos Preview shook the entire security world the moment it appeared. InfoQ reported at the time that it autonomously discovered “thousands of critical vulnerabilities” across all major operating systems and browsers. The oldest bug it found was a 27-year-old vulnerability in OpenBSD. Another was a 16-year-old hole in the FFmpeg H.264 decoder. An Anthropic engineer with no security background submitted a request before bed and woke up to a complete, working remote code execution exploit.

In Glasswing’s first month alone, partner systems yielded over 10,000 high/critical vulnerabilities. Independent security firms verified 90.6% as valid. Mozilla alone found 271 bugs in Firefox — more than 10x what previous testing had uncovered.

So here’s the difference: Opus 4.8’s offensive cyber capability is “useful but manageable.” Mythos 5’s is “enough to cause serious harm in the wrong hands.” That is the entire reason the Fable 5 safeguards exist.

Difference 3: Safety safeguards — the only real difference between Fable and Mythos

As covered earlier: Fable 5 = Mythos 5 + safeguards. Now let’s open up those safeguards and see what they actually block and how they work.

Three blocked categories (confirmed in the official launch thread, point 4):

  1. Cybersecurity: Full-chain agentic attacks, from reconnaissance to lateral movement to exploitation.
  2. Biology & Chemistry: Currently a “broad restriction” — they’d rather block too much than too little.
  3. Distillation: Preventing large-scale model capability extraction, especially by authoritarian states.

How blocking works — a two-stage detection system:

Stage one: a probe scans Claude’s internal activations directly, doing an initial screen of all traffic. Stage two: flagged traffic is handed to an independently trained LLM classifier for review, which then decides whether to block. This classifier is trained using the Constitutional Classifiers method — a “constitution” written in natural language defines what can and cannot be answered, and synthetic data is generated from that to do the training.

What happens after a block — this is where the Fable/Mythos difference shows up:

  • In Claude clients (web, desktop, mobile, Claude Code): when safeguards are triggered, the request is automatically downgraded to Opus 4.8. The UI tells you “this response is from Opus 4.8,” and you’re charged at Opus 4.8 pricing (not Fable pricing).
  • In the Messages API: no automatic downgrade by default. The request is simply blocked, and a structured rejection reason is returned. Whether to downgrade is up to the developer to implement.

One category is special — distillation safeguards are completely invisible to users. No “downgraded” notification appears. The model is quietly weakened through prompt modifications, steering vectors, or parameter-efficient fine-tuning (PEFT). This is estimated to affect only about 0.03% of traffic, concentrated in fewer than 0.1% of organizations.

Trigger frequency: Officially, over 95% of Fable sessions in production never trigger any downgrade. The average trigger rate is under 5%. In Anthropic Head of Growth Amol Avasare’s plain English: “95% of the time, Fable 5 and Mythos 5 are the exact same experience.” This loops back to the earlier point: they are the same model underneath. That safeguard layer only stops you once every 20 interactions.

But there’s a discrepancy in the numbers worth flagging honestly. The System Card also states, in a different section, that in automated abuse audit traffic — deliberately designed to trigger safeguards — the proportion of downgrades to Opus “exceeds half of all conversation records.” These two numbers don’t contradict each other. One is real users’ full traffic volume; the other is adversarial test traffic designed to step on every landmine. But you need both side by side for the full picture.

And the safeguards are definitely on the sensitive side right now. Karpathy himself acknowledged that the initial release was tuned “a bit too trigger-happy.”

Reddit already has posts from people getting downgraded to Opus 4.8 while doing math problems, asking “why is Fable getting routed away for basic math?” Anthropic has acknowledged the false-positive rate is high and says they’ll keep tuning.

So how solid are these safeguards, really? The official numbers: over 1,000 hours of internal and external bug bounty testing found no “universal jailbreak” that could fully disable the guardrails. An external organization tested Fable 5 against harmful cyber requests and found it the most resistant of all models evaluated — even 30 known jailbreak techniques couldn’t break through. But the official blog also honestly added: the UK AI Safety Institute (UK AISI), within a very short testing window, has already made progress toward a universal jailbreak. The guardrails are strong, but they are not impenetrable.

Difference 4: Official safety ratings

Anthropic has a Responsible Scaling Policy (RSP) that every model release must pass through. The results here are the most authoritative lens for understanding the risk differences among the three.

For Mythos 5 (bare model):

  • Bio (CB-1): Assessed as possessing CB-1 capability — able to provide specific, actionable information to someone with only basic STEM education, saving them significant time they’d otherwise need to spend consulting domain experts.
  • Bio (CB-2, novel weapons): Assessed as not crossing the threshold, but the System Card explicitly calls this “the most uncertain judgment we’ve made for any model” and acknowledges Mythos 5 may significantly accelerate a team of trained experts attempting to develop novel biological weapons. In the official words: “we think that world-class human expert substitution may now be possible in a few areas.”
  • Cyber (Cyber FCF Tier 1): Can provide meaningful technical assistance for known attack techniques, but still requires human intervention for large-scale operations. Has not reached fully autonomous Tier 2.
  • Autonomy: Assessed as not reaching the dangerous threshold of “sustained 2x acceleration of AI R&D,” a finding confirmed by external METR testing. But the risk is higher than any previous model.

Anthropic gave one example that makes this double-edged nature concrete. They tested Mythos 5 on a key step in designing adeno-associated virus (AAV) — a vector normally used to deliver gene therapy, but the same capability, aimed the other way, could design dangerous viruses. Mythos 5, with no specialized training, using pure biological reasoning, outperformed specialized protein-design AI models at predicting how viral capsids assemble. This is both evidence that it can accelerate gene therapy research, and the exact reason the bio safeguards block first and ask questions later.

For Fable 5 (with safeguards): in limited evaluations, its resistance to misuse is overall better than any recent publicly released model.

For Opus 4.8: as the downgrade target, it’s positioned as “capable enough, low enough risk.” CyberScoop’s comparison numbers make this clear — Opus 4.8 without safeguards reproduces about 80% of known open-source vulnerabilities. With safeguards: drops straight to 1%.

So Anthropic’s own risk ordering is clear: Mythos 5 > Fable 5 > Opus 4.8. And the only reason Fable 5 can be released to the public at all is that layer of safeguards pressing its risk profile back down to near-Opus levels.

Difference 5: Price — Fable costs twice as much as Opus

Pricing is the easiest column to misremember, so let’s isolate it.

  • Fable 5 / Mythos 5: $10/million input tokens, $50/million output tokens.
  • Opus 4.8: Standard mode $5/$25 — half of Fable. Its fast mode (2.5x speed) is what hits $10/$50.
  • April Mythos Preview: $20–25/$100–125, more than double today’s Fable/Mythos 5 pricing.

In other words: using Fable 5 today costs exactly twice as much per token as standard Opus 4.8. TechCrunch pointed out directly: that high price tag may itself be an invisible abuse barrier, given that many enterprises have already blown past their annual AI budgets. Meanwhile, Fable/Mythos 5 coming in at less than half the April Preview price is Anthropic delivering on its promise to “deploy Mythos-class models at scale.”

But there’s a cost more important than the price hike — one that’s easiest to miss and matters more for enterprises. Zero-retention data? Gone.

All Mythos-class traffic (including Fable 5) carries a mandatory 30-day retention period. Even enterprise customers who previously signed zero-retention agreements with Anthropic — where not a single piece of data is stored — get no exception. Anthropic explained this is a hard requirement for the safety classifiers to function: they need real traffic to identify new jailbreak variants and bring down false-positive rates. They commit that the data will not be used for training and will be almost entirely deleted after 30 days.

But for compliance-sensitive industries — finance, legal, healthcare — this is a hard blocker. What you used to pay extra for (“my data leaves zero trace”) is simply not achievable with Fable/Mythos. GitHub Copilot and Microsoft Foundry both flagged this separately for their customers during integration. TechCrunch went as far as to suggest this could set an industry precedent: want the stronger model? Trade your data retention for it.

Difference 6: After June 23, your Max plan stops including Fable 5 for free

“Open to everyone starting today” sounds great. The real catch is buried in the subscription plans, and it’s worth its own section.

Fable 5 subscription availability comes in two phases:

  • June 9 through June 22: Pro, Max, Team, and per-seat Enterprise plans include Fable 5 for free. Use it as much as you want.
  • Starting June 23: Anthropic pulls Fable 5 from these subscription plans. To keep using it, you’ll need to purchase usage credits (pay-as-you-go metered billing) separately.

Let me put this as bluntly as possible, because a lot of people will be asking: Yes, after June 23, your Max plan no longer gives you free Fable 5. If you want to keep using it, you pay through usage credits — separate, metered billing. Amol calls this “Extra Usage” in his thread; same thing.

Anthropic’s Head of Growth, Amol Avasare, was unusually candid about this in his launch-day thread, almost walking through the “why” sentence by sentence:

“We’re giving everyone Fable 5 inside their subscription allowance for two weeks, and then we’re taking it away.”

His stated reasons: demand will be enormous, and compute isn’t deployed fast enough yet. “We can’t guarantee we can meet Pro and Max demand a few weeks from now. We don’t want to over-promise, give too much,, then have to slash your rate limits.” So these two weeks (through June 22) are “the most we can give.” If they get lucky, they’ll extend week by week — but no promises. After the window closes, Fable 5 is still accessible through Extra Usage; it just no longer counts toward your subscription allowance. Once enough compute is deployed, it’ll go back into the standard plan. In his words: “we’re scrambling to make it happen.”

The other two are simpler:

  • Mythos 5: Regular users can’t touch it. Only for Glasswing partners and a tiny number of bio research institutions. Future access will roll out gradually through a more systematic trusted-access program.
  • Opus 4.8: Use as normal. And when you trigger a high-risk topic while using Fable and get downgraded, Opus 4.8 is what takes over behind the scenes, billed at Opus pricing.

One last practical tip: Fable 5’s effort parameter defaults to high. Even at low or medium effort, it often outperforms previous models maxed out.

Closing

When you strip it down, these three flagships are a line Anthropic drew between capability and risk. Mythos is the full-power version reserved for major players. Fable is the public version with safeguards. Opus is the fallback.

For regular users, the only one you actually get is Fable 5: included in your subscription today, moving to Extra Usage billing after June 23, with automatic downgrades on sensitive topics.

What’s worth a longer look is the timing. Four days before the launch, Anthropic publicly warned that AI is approaching recursive self-improvement and called for the entire industry to hit the brakes. On June 1, they confidentially filed their IPO prospectus — targeting a trillion-dollar valuation.

Warn of danger while launching the most powerful model ever on a sprint toward IPO. This company’s deepest contradictions are now fully on display.