On Monday, Anthropic shipped Claude Fable 5, its most powerful publicly available model, to general release. The same day, it confirmed that an unrestricted version of the same underlying system — branded Claude Mythos 5 — remains available exclusively to vetted partners working in cyberdefense and critical infrastructure. Same model. Two doors. One of them has a bouncer.

This is not a safety policy. It is a licensing regime with a press kit.

The timing is instructive. Last week, Anthropic executives were on the record warning that frontier AI systems were becoming too dangerous to release without extraordinary precautions. Five days later, the company released its most capable model yet to anyone with an API key — provided that model’s more troubling capabilities are routed to an older, weaker system when the prompt gets spicy. The spicy queries, meanwhile, are still being answered. Just not by Fable. And not for you.

The Classifier Is the Product, Not the Safeguard

Fable 5’s architecture is revealing. When a user submits a prompt that Anthropic’s safety classifiers deem sensitive, the query is silently handed off to Claude Opus 4.8 — a previous-generation model — rather than being processed by Fable 5 directly. The user never knows this happened. The response just appears, competent but unremarkable, and the conversation continues.

This is clever engineering. It is also a business arrangement dressed as a safety measure. The company gets to claim it has “safeguarded” the public model while maintaining — and monetizing — the unconstrained version through a parallel channel. The classifier is not a wall. It is a tollbooth.

“We’re not saying the dangerous queries shouldn’t be answered,” one engineer at a competing lab told me over Slack DMs Monday afternoon. “We’re saying they shouldn’t be answered by the cheap tier.”

He is not wrong. Mythos 5 exists. It works. It answers things Fable 5 won’t. The only question is who gets to ask — and that question is being answered by a contracts desk, not a safety committee.

The Cyberdefense Carve-Out Is Doing a Lot of Work

Anthropic’s public framing emphasizes that Mythos 5 access is restricted to partners working on “cyberdefense and infrastructure.” This sounds reassuring until you consider what those words actually cover in 2026.

Critical infrastructure includes energy grids, water systems, telecommunications, and financial networks. Cyberdefense includes offensive security research, vulnerability discovery, and — in the parlance of every government agency that buys these tools — “capability development.” The Venn diagram between defensive research and offensive tooling has been a circle for decades. Everyone in the security industry knows this. Anthropic knows this. The only people who are supposed to be comforted by the word “cyberdefense” are the ones not paying attention.

And the vetting process itself is a black box. Anthropic has not published criteria. It has not disclosed partner names. It has not explained what happens when a vetted partner asks Mythos 5 to do something that would trigger Fable 5’s classifier. The company’s posture is: trust us, we’ve thought about this, and also we will not tell you what we thought.

What the Two-Tier Release Actually Signals

The conventional reaction to Monday’s launch will split along predictable lines. Safety advocates will applaud the classifier architecture as a responsible compromise. Accelerationists will grumble about censorship and demand full Mythos access. Both reactions miss what is actually happening.

Anthropic is not choosing between safety and capability. It is bifurcating the market. The public gets a model that is safe enough for regulatory consumption and enterprise procurement checklists. The government and its contractors get a model that is capable enough for the work that actually pays the bills — long-term defense contracts, infrastructure security, and the kind of high-stakes deployment that does not show up in benchmark tables.

This is not a failure of the safety-first ethos. It is the logical endpoint of it. If you genuinely believe your models are too dangerous for unrestricted release, and you also genuinely believe someone needs to use them for national security purposes, then the only coherent position is a two-tier system. The incoherence is pretending the top tier does not exist while your press releases talk about responsibility.

Monday’s launch makes explicit what has been implicit since the first frontier model safety debate: the question is not whether dangerous capabilities should exist. It is who gets to wield them, and whether the rest of us get to know.

Sources