Anthropic Lifts Mythos/Fable Ban, Launches Sonnet 5 To Rival Opus 4.8

Anthropic Lifts Mythos/Fable Ban, Launches Sonnet 5 To Rival Opus 4.8

Anthropic had a rough June. It also, somehow, ended June with a launch day strong enough to make people forget the first three weeks of it.

On the evening of 30 June, the company posted a short note on X: the Department of Commerce had lifted its export-control directive on Claude Fable 5 and Mythos 5, and access would begin returning the next day. Within hours of that post, Anthropic also introduced Claude Sonnet 5, a mid-tier model priced at a fraction of its flagship Opus 4.8 and built specifically to close the gap with it. A third announcement — Claude Science, a research workbench for scientists — landed in the same window, alongside news of a new Seoul office and a product called Claude Tag. Four separate-sounding pieces of news, one calendar day, and a pattern that gets easier to read the moment you line the dates up side by side.

They connect directly, and understanding how explains a great deal about the timing of both. The eighteen days of silence between the ban and the resolution, and the model Anthropic chose to launch the moment that silence ended, read as the same story told from two different rooms — a regulatory one in Washington, and a product one in San Francisco, running on entirely separate clocks that happened to strike the hour together.

Key Takeaways

  • The US Commerce Department lifted its export-control directive on Claude Fable 5 and Mythos 5 on 30 June, eighteen days after ordering Anthropic to disable both worldwide.
  • The same day, Anthropic launched Claude Sonnet 5 at a fraction of Opus 4.8’s price, narrowing the capability gap on several benchmarks and beating it outright on one.
  • A widely shared Senate testimony claim that Mythos “broke into” NSA classified systems was later walked back by the reporter who first quoted it — the underlying event was an authorised internal red-team exercise rather than an intrusion.
  • A cybersecurity evaluation shows Mythos 5 developing working exploits 88.4 per cent of the time against Opus 4.8’s 8.8 per cent — the number that actually explains why the two models sit in different regulatory categories.
  • China’s Zhipu used the shutdown window to launch an open-weight rival within a percentage point of Opus 4.8 on agentic benchmarks, at roughly a fifth of the running cost.

How A Pentagon Meeting Became A Federal Lawsuit

To understand why an export-control order over a chatbot reads like the plot of a fairly serious geopolitical thriller, it helps to know this was Anthropic’s second fight with the Trump administration this year — and the first one carried straight through into the second, unresolved.

In February, Defence Secretary Pete Hegseth met CEO Dario Amodei to discuss how the Pentagon could use Claude across its systems. The Department of Defence wanted unrestricted access for any lawful military purpose. Amodei drew the line at two things specifically: fully autonomous weapons, and domestic mass surveillance of American citizens. The meeting broke down. Days later, Trump posted on Truth Social ordering federal agencies to stop using Anthropic’s technology immediately, with a six-month phase-out for the Pentagon. Hegseth followed with something rarer still — the Defence Department designated Anthropic a “supply chain risk,” a label that had, until that point, been reserved almost exclusively for foreign adversaries.

Anthropic sued. Twice, in two courts, alleging First Amendment retaliation. At a hearing in San Francisco, government lawyer Eric Hamilton told the court the Pentagon had come to worry Anthropic might one day “sabotage or subvert IT systems” — a fear presented with the confidence of a finding. Judge Rita Lin pushed back hard. “That seems a pretty low bar,” she told him, and days later granted Anthropic a preliminary injunction, writing that the designation amounted to “classic First Amendment retaliation” and rejecting what she called “the Orwellian notion that an American company may be branded a potential adversary and saboteur of the U.S. for exposing a disagreement with the government.”

Anthropic won that round. It lost the parallel one — a separate appeals court denied a stay on the Pentagon’s own internal determination a fortnight later, reasoning that judicial caution should defer to “the Department of War” securing AI capability during active operations. The net effect, going into June, was a company excluded from direct Pentagon contracts, cleared to keep working with everyone else, and still mid-lawsuit against an administration it had already accused once of retaliating against it for the same refusal.

That is the room most coverage of the June export-control order forgot to walk into first.

The Viral Moment

Claude Fable 5 launched on 9 June — the first Mythos-class model Anthropic had ever put in front of the general public. Mythos itself, the fuller model underneath Fable’s safety layer, had been sitting behind a locked door since April, available only to roughly 200 vetted organisations under a programme called Project Glasswing: Amazon, Apple, Google, Microsoft, Nvidia, JPMorgan, the Linux Foundation, and a handful of government bodies among them. Fable 5 was supposed to be the safe version of that door, opened a crack.

The crack closed on 12 June, three days later, at 5:21pm Eastern. Commerce Secretary Howard Lutnick sent a letter to Anthropic ordering it to cut off Fable 5 and Mythos 5 access for any foreign national, anywhere, including Anthropic’s own non-citizen staff. Enforcing that selectively, across a user base in the hundreds of millions, on same-day notice, sat somewhere between impractical and impossible — so Anthropic switched both models off for everyone. Its statement that evening called the government’s stated concern — a jailbreak technique it said amounted to little more than “asking the model to read a specific codebase and fix any software flaws” — a probable misunderstanding, and noted the same technique worked on OpenAI’s GPT-5.5 too.

That might have stayed a contained, technical dispute. It stopped being one on 21 June, when a fortnight-old line of Senate testimony went viral, stripped of every caveat that had shipped with it. Senator Mark Warner had told a Senate Intelligence Committee briefing on 11 June — the day before the export order — that NSA and Cyber Command chief General Joshua Rudd had privately told him Mythos “broke into almost all of our classified systems, not in weeks, but in hours.” Ten days of quiet followed. Then the quote detonated across social media as “NSA confirms AI hacked classified systems,” and the export ban suddenly had a far more dramatic explanation than a jailbroken chatbot.

It is worth pausing on what Fable 5 actually cost and offered before any of that testimony surfaced, because the commercial shape of the product explains why its loss stung as much as it did. Anthropic had priced it at a premium — roughly $10 per million input tokens and $50 per million output tokens, by third-party trackers’ accounting — attached a mandatory 30-day data-retention policy that pushed Microsoft to restrict its own use of the model, and folded it into Pro, Max, Team, and seat-based Enterprise plans on a temporary basis, with a shift to standalone usage credits scheduled for 23 June. That transition stayed permanently on the drawing board. The export order arrived first, and Fable 5 went dark eleven days before its own pricing plan was due to take effect.

The correction arrived almost as fast as the panic. Shashank Joshi, The Economist’s defence editor and the reporter who first published Warner’s line, posted publicly that it would be “a mistake to read that literally,” noting the capability described “surely depends on using Mythos alongside other tools under very particular conditions.” A US official separately told him that Warner “may have misunderstood” what Rudd had actually said. Multiple outlets subsequently confirmed the episode was an authorised red-team exercise — the NSA using Mythos, by invitation, to probe its own networks for weaknesses, standard defensive practice rather than an outside breach by any party. Warner’s actual argument in that hearing, lost entirely in the viral version, ran the opposite way to alarm: he was making the case for mandatory pre-release government testing of frontier models, using Anthropic’s own caution as the example of why voluntary testing alone fell short. “Thank God it was Anthropic,” is how he put it.

The NSA’s own position has stayed silence — confirmation withheld, retraction withheld, the account left exactly where contested classified testimony tends to sit: real enough to shape a policy response, uncertain enough that any headline treating it as settled is running ahead of the actual record.

Why Mythos Stays Locked, Opus Runs Free

Here is the part of the story that got the least attention and deserves the most: Anthropic’s own numbers, published the same day as Sonnet 5, show precisely why Mythos and Opus occupy different regulatory universes — and the gap runs wide.

The company ran an evaluation, developed with Mozilla, testing how often each model could develop a working exploit for real vulnerabilities in Firefox 147, before those flaws were patched in version 148. Sonnet 4.6 and Sonnet 5 both scored 0.0 per cent on working exploits, with partial success rates of 8.8 and 13.2 per cent respectively. Opus 4.8 developed a full working exploit 8.8 per cent of the time, with partial success at 68.8 per cent. Mythos 5 developed a full working exploit 88.4 per cent of the time, with partial success at 90.0 per cent.

Sit with that gap for a second, because it is the entire regulatory argument in one chart. Opus 4.8 — Anthropic’s actual flagship, sold today to anyone with a credit card — succeeds at building a real software exploit less than one time in ten. Mythos 5 succeeds nearly nine times in ten. That gap separates two different categories of tool, and it explains why Anthropic built two separate gating mechanisms rather than one. Project Glasswing controls who ever touches Mythos’s raw weights — roughly 200 vetted partners, full stop, size and reputation earning zero exceptions. A second, less-discussed system called the Cyber Verification Program runs alongside it, live today on the native Claude Platform, AWS, and Microsoft Foundry, with Google Vertex coming, and it works differently by design: it grants vetted organisations reduced-guardrail cyber access specifically on Opus and Sonnet, where the underlying capability ceiling sits at roughly a tenth of Mythos’s. Organisations already enrolled carry that access straight over to Sonnet 5 automatically, a detail buried in a footnote but worth surfacing, because it shows Anthropic treating Opus-tier cyber risk as manageable through verification and Mythos-tier risk as manageable only through outright exclusion.

Fable 5’s job, architecturally, was to let Mythos’s non-cyber capabilities reach the public while routing anything touching offensive security, biology, chemistry, or model distillation to Opus 4.8 instead. Anthropic says that routing triggered on fewer than 5 per cent of Fable 5 sessions. The government’s position, sharpened considerably by the Rudd testimony regardless of how loosely that testimony travelled afterward, held that a 5 per cent leak rate on a model this capable left too wide a gap for a classifier to close on its own.

88.4 Per Cent

That number belongs to Mythos alone, and it is worth treating it that way in any comparison of what Anthropic shipped this week, because Sonnet 5 sits far below it.

The Cheaper Twin

Sonnet 5 launched on 30 June as, in Anthropic’s own words, its most agentic Sonnet model yet — one built to plan, use browsers and terminals, and run unsupervised at a level that used to require a larger, pricier model. The pitch is sufficiency rather than parity: close enough to Opus, at a third of the running cost, for most of what you’re actually building.

The numbers mostly support it. Sonnet 5 scores 63.2 per cent on the SWE-bench Pro coding benchmark against Opus 4.8’s 69.2 per cent — a real gap, but one that shrank considerably from Sonnet 4.6’s 58.1 per cent. On Terminal-Bench 2.1, it is 80.4 per cent against Opus 4.8’s 82.7 per cent — close enough that the difference barely survives a rounding argument. And on one benchmark that measures sustained knowledge work — GDPval-AA v2 — Sonnet 5 actually wins outright, 1,618 to Opus 4.8’s 1,615. It is a modest three-point margin on a scale that runs into the thousands, but a genuine one, and the first time Anthropic’s mid-tier model has beaten its own flagship at anything rather than merely approaching it.

Pricing is where the real separation lives. Sonnet 5 launched at an introductory $2 per million input tokens and $10 per million output tokens through 31 August, rising afterward to $3 and $15. Opus 4.8, unchanged since its own May launch, sits at $5 and $25 — outright more than double Sonnet 5’s standard rate, and five times its introductory one. Anthropic’s own cost-performance charts, plotting pass rate against cost per task on a logarithmic scale, tell the shape of the story better than either number alone: Sonnet 5’s curve starts around $2 a task at roughly 60 per cent and climbs to the low eighties by the time it reaches extra-high effort near $18; Opus 4.8’s curve starts higher, around $8, and tops out near the same low-eighties ceiling by $25. The two curves converge at the top even though they start from very different floors — meaning that for a meaningful slice of real workloads, a developer can now buy Opus-adjacent performance at Sonnet-tier pricing, provided they are willing to spend more compute per task to get there.

Two customers Anthropic quoted at launch make the pitch better than any chart does. “Claude Sonnet 5 gives our agents a strong execution layer for multi-step software engineering work,” said Zimu Li, a member of technical staff at Factory. “We handed Claude Sonnet 5 a two-part job — update Salesforce account tiers, send a launch announcement to enterprise contacts — and it finished end to end,” said Zapier senior engineer Daniel Shepard. “That used to stall halfway.”

Safety moved in the same direction as capability, which is to say: better than before, still behind the flagship. On Anthropic’s automated misalignment audit — a 1-to-10 scale where lower is safer — Sonnet 5 scored 2.53, a real improvement on Sonnet 4.6’s 2.89, but still well behind Opus 4.8’s 2.10 and Mythos Preview’s 1.95. Anthropic says cybersecurity sat outside Sonnet 5’s deliberate training scope entirely, and the Firefox exploit numbers back that up — a 0.0 per cent working-exploit rate matches Sonnet 4.6’s score exactly. The company shipped cyber safeguards on by default regardless, calibrated less strictly than Fable 5’s, on the logic that a model this close to Opus in general intelligence warranted the same category of guardrail independent of specific training in that category.

Anthropic also flagged a same-day correction to its own launch post: an earlier version of the BrowseComp chart used a simpler evaluation methodology that, the company admitted, “had the result of underestimating Sonnet 5’s performance.” The corrected chart is the one now published, matched to the methodology in the system card. Read generously, it is diligence. Read less generously, it is worth noting that self-corrections on launch day tend to run in one direction only — toward the new model looking better.

Every part of Sonnet 5’s launch arrived with company, too. The same 30 June window carried Claude Science, a workbench pre-loaded with more than sixty scientific databases and Anthropic’s first announced pre-clinical drug programmes; Claude Tag, a new way for teams to work with Claude; and a freshly opened Seoul office with new partnerships across South Korea’s AI ecosystem. Four product and expansion stories, one company, one day — arriving in the same news cycle as an export-control resolution the company had spent eighteen days publicly struggling to end. A single launch beating that drum would read as good timing. Four of them, stacked deliberately against the one story Anthropic most needed the world to stop leading with, reads like a communications team that understood the assignment.

Beijing’s Open Window

While Fable 5 and Mythos 5 sat dark, somebody else was very much awake.

One day after the shutdown, China’s Zhipu — trading as Z. ai — released GLM-5.2 as an open-weight model, MIT licensed, 750 billion parameters, running on domestic chips. The message landed loud rather than subtle. “Frontier intelligence should not belong to only a few people, nor be subject to withdrawal by a handful of rules at any moment,” the company said in a statement built to be quoted, and quoted it duly was. Founder Tang Jie called the US restrictions “deeply regrettable” and, in a reply to Elon Musk questioning how fast China could close the capability gap, wrote simply: “won’t take that long.”

The market moved immediately. Zhipu’s Hong Kong-listed shares jumped as much as 48 per cent in a single session; JPMorgan lifted its price target from HK$950 to HK$1,400; Bank of America initiated coverage with a buy rating. GLM-5.2 landed within a single percentage point of Opus 4.8 on a closely watched agentic benchmark, according to reporting, at roughly a fifth of the running cost — and researchers found it performing on par with top US labs on some cyber benchmarks too, close enough to Mythos-class capability that the comparison stopped sounding like marketing. Even David Sacks, previously among the loudest voices arguing Anthropic’s safeguards fell short of strict enough, posted approvingly of a Wall Street Journal headline arguing the American crackdown had handed China exactly the opening it needed. “President Trump was exactly right” about winning the AI race through export over restriction, Sacks wrote — a notably different tune from the one he had been singing three weeks earlier.

Anthropic had company in feeling this. OpenAI’s own GPT-5.6 preview was separately limited “because of a government request” the same week — confirmed independently by CNBC — and the company’s public response echoed Anthropic’s argument almost word for word: “We don’t believe this kind of government access process should become the long-term default. It keeps the best tools from users, developers, enterprises, cyber defenders, and global partners who need them.” One analyst estimated that roughly 40 per cent of America’s AI engineering workforce was born in China — meaning a nationality-blind export order locks out a meaningful share of the people who built the systems in question, a detail that has quietly revived talk of “brain flight” toward the labs on the other side of the restriction.

Vindication is in short supply for both sides here — the government’s approach and Anthropic’s alike. This reads less like a clean win for either party and more like two governments and three labs discovering, in real time, that frontier AI capability now moves fast enough to make eighteen days of caution genuinely expensive, whichever side of the caution you happen to be arguing.

The View From Delhi

This reaches well past Silicon Valley, and treating it as a purely American story misses where the actual switching costs will land.

India is one of the largest developer markets for Claude outside the US, and the practical lesson of the past three weeks lands uncomfortably for anyone who has built product on a single foreign API: a model that was commercially available at breakfast can turn into a compliance violation by dinner, on the strength of an order from a government you don’t operate in, for reasons you may only ever see partially documented. Fable 5’s shutdown swept up Indian developers alongside Britain’s AI Security Institute — the world’s leading body for independently testing and jailbreaking frontier models — locked out of systems it had been actively auditing on behalf of a Five Eyes ally. When an allied government’s own AI-safety regulator can be cut off with ninety minutes’ notice, the case for architecture that stays independent of any single provider’s continued goodwill writes itself, and Indian CTOs read that lesson the same week their American counterparts did.

Sonnet 5’s pricing sharpens that case rather than softening it. At $2 to $3 per million input tokens, it stands as the first genuinely credible Opus-adjacent option for Indian teams running high-volume agentic workloads — customer support automation, document processing, coding assistance at scale — where Opus 4.8’s $5 floor has served as a real ceiling on what gets built. Every rupee of engineering budget that previously stopped short of an Opus-powered feature because the token economics fell short of the bar now has a second model to test against, and Sonnet 5’s introductory pricing window through August gives Indian product teams a genuinely low-risk quarter to run that comparison before the standard rate lands.

But the same eighteen days that made Sonnet 5 commercially urgent also made GLM-5.2’s downloadable, self-hostable, India-deployable weights look considerably more interesting to any CTO who sat through the blackout with production systems calling a model that had briefly vanished from the map. Expect the sovereign-AI argument — host it yourself, own the weights, stay free of any foreign directive — to gain real traction in Indian enterprise procurement conversations over the next two quarters, driven less by any change in the underlying technology and more by a risk model that just received a very expensive, very public demonstration.

Austria has already made the logic explicit at government level: its State Secretary for Digitalisation wrote formally to the European Commission urging EU member states to explore hosting Anthropic’s infrastructure within the bloc, citing the American restrictions as the direct cause. India has yet to make that move, and the domestic conversation about whether it should has grown considerably louder since 12 June — a live question for anyone tracking the Bharat AI stack ambitions sitting alongside Meity’s own frontier-model conversations this year.

What Happens Before August

Two dates now matter more than the headline resolution does.

The first is 8 July, when Anthropic’s identity-verification rollout — government ID plus a live selfie check, run through the Peter Thiel-backed firm Persona — takes effect. Trackers following the story closely describe this as the likely mechanism for a durable “US-first” restoration path: verify nationality before granting Fable 5 access, a workaround for a directive that real-time enforcement can barely keep pace with. It is also, on its face, the kind of identity infrastructure that draws exactly the surveillance-risk criticism Amodei spent February refusing to enable for the Pentagon — a tension in Anthropic’s own position that remains, for now, unaddressed by anyone at the company.

The second is 1 August, the deadline set by Trump’s 2 June executive order for the NSA, Treasury, and CISA to finalise a formal review framework for “covered frontier models.” Both Anthropic and OpenAI are reportedly pushing hard for exactly this — a codified, statutory process to replace the current arrangement, where a single Friday-afternoon letter from Commerce can take a product offline worldwide on administrative authority alone, ahead of any judicial review, ahead of any published evidence, and on a timeline the company only ever learns after the fact. Whether that framework lands on schedule, and whether it resembles anything either company is actually asking for, will say more about the next eighteen months of frontier AI regulation than anything in this week’s news cycle.

As of this writing, Anthropic’s own tweet remains the most precise thing anyone has said about where things actually stand: the export controls are lifted, and access “will begin restoring” from 1 July — a forward commitment rather than a completed one. Live status trackers following the rollout hour by hour reported Fable 5 still returning errors for general users even after the announcement, with only a narrower cohort of trusted US organisations confirmed live under Mythos 5’s partial restoration. Confirmed policy and confirmed product are, for the moment, still two different sentences.

Whether that gap closes cleanly in the coming days, or drags the way the original “coming days” promise did on 17 June, is the one part of this story that remains, for now, everyone’s open question — Anthropic included.

FAQ

Why did the US government ban Claude Fable 5 and Mythos 5?
Commerce Secretary Howard Lutnick cited national security, pointing to a jailbreak technique in Fable 5. Anthropic called the finding narrow and said the same technique worked on other public models. Senate testimony about Mythos breaching NSA systems went viral separately and was later clarified as referring to an authorised internal security test rather than an outside intrusion.

Is Claude Fable 5 available again?
The Commerce Department lifted the export-control directive on 30 June. Anthropic said restoration would begin the next day. As of this writing, general access to Fable 5 remained independently unconfirmed; Mythos 5 access stays restored only for a limited list of vetted US organisations.

Is Claude Sonnet 5 better than Opus 4.8?
Only partly — Opus 4.8 leads on agentic coding and computer-use benchmarks. Sonnet 5 narrows the gap significantly and wins outright on one knowledge-work benchmark, while costing less than half as much per million tokens at standard pricing.

What is the difference between Mythos 5 and Fable 5?
They share the same underlying model. Fable 5 routes cybersecurity, biology, chemistry, and model-distillation requests to Claude Opus 4.8 instead of answering directly. Mythos 5 has those safety classifiers removed and is available only to vetted partners under Anthropic’s Project Glasswing programme.

How much does Claude Sonnet 5 cost?
$2 per million input tokens and $10 per million output tokens through 31 August 2026, rising to $3 and $15 thereafter. Opus 4.8 costs $5 and $25 per million tokens, unchanged from its May launch.



end of article

Leave a Comment