On Monday, Anthropic released Claude Fable 5 — the most capable model it has ever made available to the general public. The launch came, as TechCrunch noted, just days after the company issued a fresh round of warnings about AI systems becoming too dangerous to release without strict controls. The internet did what it does: a thousand hot takes about hypocrisy, about the safety-washing industrial complex, about how the people who cry wolf keep selling tickets to the wolf exhibit.

All of which misses what’s actually new here.

Anthropic didn’t just release a powerful model. It released two tiers of the same model: Fable 5 for the public, with guardrails and topic restrictions that cause it to fall back to a weaker system on sensitive queries, and Mythos 5 — the same underlying model with safeguards partially lifted — for a hand-selected group of cyber defenders and critical infrastructure providers. This is not a safety measure dressed up as a product launch. It is a product launch that doubles as the creation of an explicit access hierarchy. And once that hierarchy exists, it won’t shrink. It will grow.

The Gate That Only Opens One Way

The distinction between Fable and Mythos is, at first glance, reasonable. If a model can be misused for offensive cyber operations, maybe you don’t hand it to everyone with a credit card. The problem is that “cyber defender” is not a fixed category — it is a credential that someone at Anthropic gets to grant or withhold, and one that will almost certainly expand to include lucrative enterprise clients, government agencies, and strategic partners. The company says Mythos 5 currently goes to “a small group.” Small groups have a way of becoming not-so-small when the people inside them start winning.

This is the quiet architecture of the release, and it’s worth taking seriously in a way the hypocrisy discourse is not. We now have a precedent where the most capable AI systems are not merely expensive or computationally intensive — they are permissioned. The bottleneck is not price; it’s access. And access decisions made by private companies, however well-intentioned, are not subject to any public deliberation. There is no appeal process for exclusion from the Mythos tier. There is no transparency about who is on the list or why.

“Look, I don’t think anyone at Anthropic is twirling a mustache over this,” one security researcher told me in a Slack DM late Monday night, after the benchmarks started circulating. “But you’ve got to see the structural incentive. If Mythos becomes the thing that separates the top-tier cyber firms from everyone else, the pressure to stay on the inside becomes enormous — and the pressure to let more people in becomes a business lever, not a safety decision.”

The Benchmarks Are Real, and So Is the Gap

Anthropic’s own numbers tell the story. On Cognition’s FrontierCode evaluation, which tests whether a model can produce production-grade code, Fable 5 scores highest among publicly available frontier models. But Mythos 5 — the uncapped version — presumably scores higher, particularly on cybersecurity-relevant tasks. Vellum’s benchmark summary, published shortly after launch, confirmed that Fable 5 is state of the art on nearly every evaluation Anthropic tested. The gap between what the public gets and what the approved partners get is not trivial. It is the difference between a very good tool and a potentially decisive one.

This matters because cybersecurity is not a spectator sport. Offensive capabilities are already held by state actors and criminal groups who will acquire the most powerful models by any means necessary — theft, espionage, open-weight alternatives, you name it. The Mythos tier, whatever its intentions, creates a world where the defenders who are not on Anthropic’s list face attackers who have equivalent or superior tools without any guardrails at all. The asymmetry does not disappear; it just shifts to a different axis — one controlled by a single company’s judgment calls.

What the Hypocrisy Frame Conceals

Calling this launch hypocritical is satisfying, but it’s also a way of not thinking about the harder question. The harder question is whether we are comfortable with a handful of AI labs deciding, in private, who gets access to the most capable systems — and whether those decisions will remain tethered to safety reasoning once the commercial incentives to expand the inner circle become overwhelming.

Two years ago, the debate was about open-source versus closed-source. That debate now looks quaint. We’ve moved to something new: the gated-source model, where the product you can buy is not the product that exists, and the product that exists is reserved for a class of users that the company itself defines. Anthropic is the first to make this explicit in a product release. It will not be the last.

The column I’m supposed to write here is the one about how the safetyists are crying crocodile tears while shipping product. But that column doesn’t have to grapple with the uncomfortable possibility that the safetyists might be sincere — and that sincerity, combined with market power, might produce a structure that’s more durable and less accountable than mere hypocrisy ever was.

Fable is a story. Mythos is the real thing. The question nobody’s asking is who gets to hear the real story — and what happens when they start making decisions the rest of us can’t see.

Sources