Anthropic has released Claude Fable 5, a new Mythos-class model that it says is safe for general use, but the launch underlines a growing concern among enterprises that AI capabilities are advancing faster than many enterprises’ ability to govern them.
The AI model developer described Fable 5 as its most capable generally available model to date, outperforming previous Claude models across software engineering, knowledge work, vision, scientific research and other advanced tasks.
However, with the company having previously said it would release Mythos-class models “gradually” to manage risk, the launch comes with an unusually direct warning about the security threats attached:
“Releasing a model this capable comes with risks. Without safeguards, Fable 5’s capabilities in areas like cybersecurity could be misused to cause serious damage.”
Anthropic said it has “therefore launched the model with safeguards that mean queries on some topics will instead receive a response from our next-most-capable model, Claude Opus 4.8. To release the model both safely and quickly, we’ve tuned these safeguards conservatively—they’ll sometimes catch harmless requests, though they trigger, on average, in less than 5% of sessions.”
The company hinted that it intends to launch more frontier models “in the coming months,” for which it is “working to improve our safeguards and reduce false positives as quickly as we can.”
Anthropic has also launched Claude Mythos 5, as an upgrade to Mythos Preview, which uses the same underlying model as Fable 5 but with some safeguards lifted for a limited group of partners through Project Glasswing, in collaboration with the U.S. government.
“Soon, we intend to expand access to Mythos 5 through a broader trusted access program,” Anthropic added.
The announcement highlights a significant concern for enterprises adopting frontier AI tools, even when model providers introduce safeguards. As AI becomes embedded in day-to-day work, the risk is what the enterprise can no longer see, as much as what the model can do.
Related articles
Anthropic Opens Project Glasswing to 150 More Partners as the AI Cybersecurity Arms Race Heats Up
Access to Anthropic’s Mythos AI Model Intensifies Cybersecurity Pressure on CX Systems
Anthropic’s “Mythos-Class” Release Plans Should Put CX Leaders on Alert as Security Risks Accelerate
Anthropic Warns Mythos-Class Models Could Enable Malicious Attacks
Mythos-class models have reached a threshold where they present “significant risks,” particularly in cybersecurity and research biology, Anthropic stated.
The company said these systems can create “substantial risk of uplift to malicious actors,” meaning they may enable attackers to cause harm they could not otherwise achieve using existing public tools.
“The frontier cybersecurity and research biology capabilities of Mythos-class models mean that they pose a substantial risk of uplift to malicious actors. That is, these models could provide information or advice that assists those actors in causing serious harm that they couldn’t have received from other sources.”
Anthropic was particularly direct about the cybersecurity implications.
“Mythos-class models excel at discovering and exploiting software vulnerabilities. They can thus make cyberattacks substantially easier and cheaper to commit.”
The company added that these models can support multiple stages of an attack beyond simply identifying exploits.
“Mythos-class models also show strong skills in agentic hacking. This involves performing multiple different parts of a cyberattack in addition to finding exploits—reconnaissance, discovery, lateral movement and more.”
To reduce the risk, Anthropic said Fable 5 uses classifiers designed to detect misuse, jailbreak attempts, offensive cyber activity, biology and chemistry risks and model distillation attempts.
The Bigger Enterprise Issue: Data Visibility
While Anthropic has focused heavily on model-level safeguards, cybersecurity experts argue that many enterprise risks will emerge from how AI tools are used inside organizations.
Matt Cooke, EMEA Cybersecurity Strategist at Proofpoint, said the next major AI security failure is unlikely to stem from a model simply being too powerful. Instead, it will come from weak governance around data access and usage.
“The next AI security failure won’t happen because a model is too powerful. It’ll happen because a human or non-human actor has access to something they probably shouldn’t have, and the business has lost visibility over how sensitive information is being used.”
Employees are already using AI to summarize documents, generate code, analyze customer data, draft communications and automate processes. As agentic AI becomes more common, non-human actors may also begin accessing systems, interpreting data, and taking actions with limited human intervention.
As Cooke warned:
“That’s the paradox at the heart of the AI race. Organizations are competing to put more powerful technology into the hands of their employees, while many still struggle to govern the data that employees and AI tools already have access to.”
A model provider may block certain high-risk cybersecurity requests, but businesses still need to know which employees are using AI, what information they are feeding into it, which systems AI agents can access and whether sensitive information is being exposed, retained or acted upon improperly.
Network Solutions CEO Sachin Puri said the launch of Mythos-class AI should be seen as both an opportunity and a warning, particularly for smaller businesses.
“Mythos represents a meaningful step forward in how AI can help identify, analyze and respond to increasingly sophisticated cyber threats and detect vulnerabilities. But as these systems become more powerful, the conversation cannot stop at capability. It also has to include governance, accountability and what happens when guardrails fail.”
Puri added that most AI safety discussions still happen among “researchers, regulators, and large enterprises,” even though the consequences of failure often fall hardest on small businesses without chief information security officers (CISOs), security operations centers or dedicated incident response teams.
Vincent Danen, Vice President of Product Security at Red Hat, echoed that point in a recent CX Today interview, warning that AI will increase the speed and scale of vulnerability discovery, but organizations still need to prioritise risk rather than treating every finding as equal.
“People are going to have to start looking at… how do I consume these patches faster, because exploitation is now faster.”
“AI comes out and finds 10,000 vulnerabilities… we have to be able to actually assess the risk of these things to know which ones to tackle first,” Danen added.
As Puri put it, “As AI lowers the barriers to both defense and attack, the industry has a responsibility to ensure that trust, security and protection become easier to access, not harder. The future of AI cybersecurity will be defined not just by intelligence, but also by the governance frameworks, safeguards and trust infrastructure that surround it.”
AI Is Becoming a Critical Business System
The launch of Claude Fable 5 also reinforces the need for security teams to treat AI as part of the enterprise technology stack. Cooke advised:
“As advanced models like Claude become more widely available, security teams need to stop thinking about AI as a standalone technology and start treating it like any other critical business system.”
The release of Fable 5 is sure to be followed by the release of similar frontier models from the likes of OpenAI, requiring an immediate shift in enterprise AI security.
The focus is moving beyond prompt-level risk and hallucinations to questions of access, auditability, data loss prevention, insider threat, identity and compliance.
The core questions enterprises need to ask now include:
- Which users and AI agents can access sensitive information?
- What data is being sent to AI tools?
- Can AI activity be audited across workflows?
- Are AI-generated actions traceable?
- Can insider risk be detected inside AI usage?
- Are governance controls embedded into AI systems or bolted on afterward?
CIOs and CTOs Are Already Losing Oversight
The challenge is not theoretical. A global IBM study of 2,000 senior technology executives found that two-thirds of C-level technology leaders are responsible for AI systems they cannot realistically supervise.
Only 11 percent of CIOs and CTOs said they are fully prepared for the scale of AI agents expected in the coming years. Meanwhile, more than three-quarters reported that AI adoption is already moving faster than their current governance capabilities.
That is particularly concerning as the number of AI agents deployed across organizations is expected to increase by 38 percent by 2027.
Matt Lyteson, CIO at IBM, said:
“For CIOs and CTOs, the challenge now is scaling AI systems that operate continuously and autonomously, often within governance models and architectures designed for a far slower, more predictable environment.”
“It is no longer just about deploying AI faster. It’s redesigning how organizations control, govern, and invest in it and embedding control and visibility from the start, so they can scale with confidence,” Lyteson added.
As AI systems become more capable, enterprises cannot rely on manual oversight, fragmented policies or after-the-fact reviews. Governance must be built into deployment, usage, monitoring and escalation processes from the beginning.
Autonomous Agents Are Breaking Static Governance Models
The pressure is especially acute with autonomous AI agents. Traditional data governance models were built around relatively static processes that classify data, store it, protect it and audit access. But agentic AI is “breaking that model entirely,” warned Stuart Harvey, CEO of Datactics.
“With autonomous agents, data isn’t just accessed, it is continuously interrupted and acted upon, requiring new governance frameworks to provide the control that CIOs, CTOs and CDOs need.”
Agents can continuously retrieve, interpret, transform and act on data. They may interact with multiple systems, combine information from different sources and trigger actions in downstream workflows.
Richard Bovey, Chief for Data at AND Digital, said boards are pushing technology leaders to accelerate AI deployment, but many organizations do not yet have the control required.
“Boards are pressuring CIOs and CTOs to roll out AI deployments, but the reality is that many organizations lack the governance to do so with the level of control and visibility needed. Especially when it comes to autonomous agents, it’s vital that there are clear audit trails and guardrails to ensure they are operating as intended.”
“For AI to be successful, it requires high-quality data foundations and governance in order to train the AI model effectively. Yet, our research shows that 58 per cent of organizations describe their data as ‘chaos,’ and until that is addressed, businesses risk being surrounded by structural risk,” Bovey added.
Harvey said enterprises need clearer ownership, lineage, and alignment between data governance and model oversight, without which “businesses will be stuck with failing AI systems that struggle to make use of fragmented data. The businesses that succeed will be the ones that prioritize data governance and AI observability together.”
That point is especially important in customer-facing sectors.
Retailers, for example, are accelerating AI adoption faster than their ability to act on customer signals, research from Arktic Fox and Six Degrees Executive, in partnership with Amperity, found. If customer data is fragmented or poorly governed, AI initiatives may struggle to deliver reliable personalization while also increasing privacy and compliance risks.
Governance Must Move at the Speed of AI Adoption as Fable 5 Shows the Direction of Travel
IBM’s research suggests organizations are already feeling the strain. Nearly 60 percent of CIOs and CTOs cited security and compliance concerns as key barriers to wider AI adoption. Businesses also reported an average of 54 AI-related incidents last year that required human intervention.
However, IBM found that organizations embedding governance and control directly into AI systems experienced 25 percent fewer incidents than those relying on manual oversight. That suggests the issue is how enterprises operationalize governance as AI becomes more autonomous and more deeply integrated into business workflows.
Beyond the model’s capabilities, Anthropic’s release of Claude Fable 5 is significant because of what it reveals about the next phase of AI adoption. The real threat is not simply Claude Fable 5 or Claude Mythos 5, but the gap between what these models can now do and what enterprises can currently govern.
As Cooke warned, the next AI security failure may not happen because a model is too powerful. It may happen because the business no longer knows who, or what, has access to sensitive data, and how that data is being used.
