Most model launches follow a script: teaser, livestream, blog post, benchmark chart. Claude Fable 5, released June 9, took a stranger road. Its existence was confirmed by accident, its first deployment went to security teams instead of customers, and its public debut landed in the middle of an IPO filing. Here is the whole arc, dated and sourced.
March 26: the accidental reveal
The story starts with a slip. Fortune reported in late March that descriptions of an unreleased Anthropic model had been sitting in a publicly accessible, searchable data cache. The leaked draft named the model Claude Mythos and described a new tier, larger and more intelligent than the Opus models that had been the company's most powerful.
Anthropic did not deny it. The company confirmed it was developing a general purpose model with meaningful advances in reasoning, coding, and cybersecurity, and added a sentence that set the tone for everything after: given the strength of its capabilities, it would be deliberate about the release. It also said the model was, at that point, far ahead of any other AI model in cyber capabilities.
April 7: Project Glasswing instead of a launch
Two weeks later came the move nobody had on their bingo card. Instead of shipping Mythos, Anthropic announced Project Glasswing, a defensive security program built to put the model's capabilities into defenders' hands first. Launch partners included AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Anthropic committed up to $100 million in usage credits plus $4 million in donations to open-source security organizations. Partners got Mythos Preview at $25 per million input tokens and $125 per million output tokens, around five times Opus pricing at the time.
The early findings explained the caution. Mythos Preview surfaced a 27-year-old flaw in OpenBSD, a 16-year-old vulnerability in FFmpeg, and assembled a working Linux kernel exploit chain entirely on its own.
May: the numbers come in
Anthropic's first Glasswing progress update put hard figures on the experiment. The model had flagged 23,019 vulnerabilities across the open-source projects it was pointed at, 6,202 of them rated high or critical severity. Of 1,752 findings independently reviewed by six security research firms, 90.6% were confirmed as valid true positives.
The UK AI Security Institute ran its own evaluation and reported that on expert-level cyber tasks no model could complete before April 2025, Mythos Preview now succeeds 73% of the time. It became the first model to solve the institute's multi-stage network attack exercise end to end. The same report noted a limit: the test ranges had no active defenders, so hardened real-world targets are likely tougher than the benchmark suggests.
June: IPO, expansion, release
Then the corporate gears engaged. The date ledger for launch week:
- June 1: Anthropic confidentially filed a draft S-1 with the SEC, days after closing a $65 billion Series H at a $965 billion post-money valuation.
- June 2: Glasswing expanded to roughly 150 new organizations across more than 15 countries, adding names like Okta, Samsung, SK Hynix, NATO, and the EU cyber agency ENISA.
- June 7 to 8: new checkpoint names surfaced in Anthropic's backend over the weekend, including claude-fable-5, and prediction markets priced a June release above 90%.
- June 9: Anthropic announced Claude Fable 5 and Claude Mythos 5 together. Fable 5 went live on the API the same day.
Why one model became two
The split is the most interesting design decision of the launch. Fable 5 and Mythos 5 are the same underlying model. What separates them is the safeguard stack: Fable 5 carries classifiers that reroute offensive-cyber, certain bio-chem, and distillation queries to Opus 4.8, while Mythos 5 runs with the cyber restrictions lifted for vetted security work. Anthropic says the different names exist precisely because the safeguards, not the weights, are the product difference. How those classifiers behave in practice is its own story.
"AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities." Anthropic's own framing, from the Glasswing announcement, reads less like marketing and more like a disclosure.
Three months from accidental leak to public release, with a defense program, an IPO filing, and a new model tier in between. Whatever else you make of it, the sequencing was deliberate, exactly as promised in March. What the model in your hands can actually do is covered in our Fable 5 explainer.