Fable 5 and Mythos 5 are the same underlying model with different safeguards. The structural question is who gets the unwrapped version, and what happens when the list of preferred customers grows.
Anthropic said its newest model was too dangerous to hand to the public. On Tuesday, the company made the same model free for anyone to use, with the danger dialed down. The version Anthropic kept behind a curtain, called Claude Mythos 5, is being given to a small circle of cyberdefense and infrastructure companies. The version anyone can sign up for, Claude Fable 5, is the same model wrapped in tighter limits: restrictions on cybersecurity tasks, restrictions on biology tasks, and an acceptable-use policy that has not yet been published in detail.
That is the actual story. It does not matter whether the model is scary, or whether Anthropic is being honest. Both can be true. The interesting question is structural: who gets the unwrapped model, and on what terms. The company has effectively turned AI safety into a product tier. One model, two safety rules, priced and distributed separately. The public gets the wrapped version. Preferred customers get the unwrapped one.
According to the BBC, which broke the news this week, Anthropic's own statement on the release calls Fable's capabilities "exceed[ing] those of any model we've ever made generally available." The same statement warns that "releasing a model this capable comes with risks." Both lines are doing real work, and both are accurate. The model is unusually capable. The company has also decided to ship it.
What changed between April and this week is the safety wrapper, not the underlying system. In April, Anthropic said Claude Mythos was too capable to release publicly and routed it to a closed testing group. The reasoning, the BBC reports, was that the model could be used to exploit or hack computer systems at a level the company was not ready to defend against. The Mythos tier is still gated. What got released on Tuesday, Fable 5, keeps the same raw capability but adds the constraints Anthropic originally said were necessary.
The question the press release does not answer is who is in the Mythos tier, and who decides. The BBC reports that the trusted-access list currently includes "cyberdefenders and infrastructure providers" and that Anthropic expects that list to widen. The framing matters. A cyberdefender is a customer who uses the unwrapped model to find vulnerabilities in their own systems. An infrastructure provider is a customer who runs the unwrapped model inside a critical system. Both are useful buyers. Both are also the kind of buyer whose decisions affect everyone else, including people who never opted in to the AI rollout.
This is where the "unknown, unknown" framing becomes useful. François-Philippe Champagne, Canada's finance minister, has used the phrase in policy discussions about AI risk in financial systems. The point is not that nobody knows anything. The point is that the public-visible risk assessment, the one a regulator or a journalist can audit, is necessarily a step behind what a sufficiently capable model is actually doing in the wild. When the unwrapped version of that model sits in the hands of a small group of preferred customers, the audit gap widens. The public sees a wrapped product and a usage policy. The trusted customer sees the underlying capability. The two views of the same model do not have to agree.
Anthropic has commercial reason to widen the gap further. The BBC reports that Anthropic is expected to become a public company soon, with its private valuation having neared $1 trillion (£747 million). Whether that number is precise or not, the direction is. A tiered-release model gives Anthropic a way to monetize the unconstrained capability without the public-relations cost of a fully unconstrained launch. Preferred customers pay for the unwrapped build. The general public gets the wrapped build and the reassurance narrative. Both revenue lines scale independently. The "responsible rollout" framing stops being a public-interest story and starts being a go-to-market story with a safety coat on top.
The critics quoted in the BBC's piece, including technology, finance, and government leaders, are not all making the same argument. Some are warning that the model surfaces genuine cybersecurity risk, including reports of roughly 10,000 critical security flaws identified during internal testing. That number deserves the caveat the BBC itself attached: a "reported finding" is not a "fixed vulnerability." A finding is a problem the model is good at spotting. A fix is what an engineer does about it. The number shows the model has unusual reach into attack surface. It does not, by itself, prove the wrapped release is unsafe, or that the unwrapped release is. The honest read is somewhere in the middle: the model is sharp enough to be useful for offense and defense at the same time, and the company has decided that the right way to allocate that sharpness is by customer tier.
That structural choice is what the rest of the AI industry is now watching. If Anthropic's tiered release works commercially and politically, expect the same architecture from every other lab with a flagship model and an upcoming event. The pattern is straightforward. Wrap the public model in the limits that make a press release possible. Sell the unwrapped model to the buyers who can show they know how to handle it. Treat the difference as a feature, not a hedge. The hedge framing invites regulators to ask what the limits are for. The feature framing invites customers to ask what the next tier costs.
The unresolved question is governance. Who decides what counts as a "trusted" customer today, and what changes when the list grows from cyberdefenders and infrastructure providers to, say, financial institutions, defense contractors, or a foreign government? The BBC reports that Anthropic expects the trusted list to widen. The press release does not say who signs off on a new buyer, what the review process looks like, or what an excluded buyer can do about it. The wrapped public model is at least partly auditable: anyone can read the acceptable-use policy, see the API restrictions, and observe the product behavior. The unwrapped trusted model is not. The auditability of the public tier is real. The opacity of the private tier is also real. The two facts coexist inside the same product launch, and the press release does not invite the reader to compare them.
A practical test will arrive soon. The first reported misuse of the unwrapped Mythos tier, or the first public report that a wrapped Fable 5 user got around the cybersecurity or biology limits, will tell readers which way the balance is tilting. Until then, the structure is the message: one model, two safety rules, and the difference is decided by Anthropic and its preferred customers, not by the public that the wrapped version is aimed at.