Anthropic’s release yesterday of Claude Fable 5 and Mythos 5 drew comments from the industry praising the models and discussing how best to protect them in the age of AI.
The Fable 5 is a borderline Anthropic model with safety guards, while the Mythos 5 has the guardrails removed.
Ideal for independent testing work
In a statement, CodeRabbit wrote: “We realized that in many coding projects we were using it to test the model’s capabilities. We could give Fable 5 vague commands and get complete projects rather than prototype shells. It also found ways to solutions that didn’t feel obvious, including ways that previous model reviews found it difficult to access without a little more hand-holding.”
CodeRabbit noted, however, that that kind of behavior seems to come at a cost, as it found that Fable 5 continued to work until the harness stopped it. So the model feels capable, but it’s expensive and slow for an agent’s workflow that doesn’t have a strong cutting harness.
It also recommends not to change everything in Fable 5, but to use it for testing, planning and building – especially when independence is the product – but keep the current reviewer in place.
Models that pair innovation, durability
Anthony Grieco, SVP, chief security and trust officer at Cisco, said that organizations are fighting security cycles that do not adapt to changes in new models, those that “pair innovation and resilience” will be placed in the best position for success. AI generated code.
Cisco – an early adopter of both Anthropic and OpenAi – said the release of Anthropic yesterday is in line with its mission to provide businesses with AI tools for faster responses and improved resilience, as well as the strategy and infrastructure to use those tools.
“The pace of AI development at the border is changing the security landscape in real time, and defenders can’t wait for the dust to settle,” Grieco said. “Whether it’s the model Claude Mythos 5, Claude Fable 5, GPT-5.5-Cyber, or the next breakthrough, the challenge is no longer just access to advanced AI, but how organizations use it with the right harness, infrastructure, and agency mindset to turn speed into clarity and action.
“That means continuing to invest in the timeless basics: amendment, MFA, segmentation, and Zero Trust,” he added. “AI will raise the ceiling on what defenders can do, but security resilience is still the foundation that determines whether those gains translate into real protection.”
There is nothing wrong with going public
While many in the industry complained that Anthropic took a limited approach to rolling out models, Roger Grimes, a CISO consultant at a cybersecurity company. KnowBe4he said there is nothing wrong with making Fable 5 available to the public. “The sooner the band-aid comes off, the sooner the life cycle kicks in and helps us,” he wrote in a statement.
“As for whether hackers will have access to these tools quickly: no, not at all,” he said in a statement. “Criminals have been using AI to find vulnerabilities, exploits, and malware since last year.” Sure, learning about Mythos has created a renewed, intense drive to use AI to find vulnerabilities and exploit them, but it’s not like elite cybercriminals haven’t seen my version of Mythos yet. used by states and big red teams a decade ago, but now powered by AI, the Mythos has drastically changed how quickly defenders will find these tools.
Grimes went on to say that he expects to see an increase in vulnerabilities discovered and exploited in the next 2-3 years, but applications will be more secure.
There are three things that CIOs and CTOs should be aware of:
-
Vulnerabilities and zero days will explode in the next few years and be used quickly and effectively
-
Defenders need to use the same AI methods to detect and fix vulnerabilities before attackers do
-
Patching needs to be done quickly…and defenders should probably re-evaluate their current vulnerability acceptance, and possibly patch quickly without testing.
Security by Design, not ‘security armageddon’
Meanwhile, Charles Guillemet, CTO at blockchain security firm, Ledger, said “security by design is the only layer that makes infrastructure resistant to cyber vulnerabilities. That includes formal authentication, using hardware-based security tools.”
In a LinkedIn post, Guillemet warned of the fear that exploiting the vulnerability in large numbers will lead to a security armageddon. “Mythos is, at its core, Opus 4.xx with special reinforcement learning for offensive defense.” “The attackers have had the same power of operation for months. The proof is in the telemetry: a huge wave of wild exploitation, and the price of stolen access to the black market has never been lower. We are not so itchy anymore. Nothing is safe anymore and that won’t change anytime soon.
That doesn’t change. At the same time people and organizations are always slow to update their software stacks. Security used to be a game of cat and mouse. Now, everyone can be a cat.”
He added his belief that security is not a big part of the broader AI agent discussion, and organizations are slow to update their software stacks. “Security,” he said, “used to be a game of cat and mouse. Now, everyone can be a cat.”
