Here is the honest place to start: the first time we handed Fable 5 a real coding problem, the output stopped us cold. It did not just solve the task. It anticipated edge cases we never mentioned, structured the solution the way a seasoned engineer would, and quietly handled details that landed well outside what we expected from a language model. After spending real time with it, going back to other frontier models felt like swapping a sharp colleague for a chatbot. So when that same class of model became the center of a national-security controversy within days, and access was tightened before we could keep digging, the whiplash was real, and it is exactly why this story is worth telling carefully.
This post is not our technical deep dive, we wrote that separately. This one is about the drama around Claude Fable 5 and Claude Mythos 5: the capability flags, the tightened access, the backlash, and the uncomfortable questions a launch like this forces. And because rumor moves faster than fact in moments like these, we have tried to anchor every claim to something on the record.
After a few days with Fable 5, every other model we tested suddenly felt a generation behind. That is not a sentence we write lightly.
What Made Us Stop
It is hard to convey a capability leap without sounding like marketing, so let us be specific about what surprised us. We were not running a contrived benchmark. We were giving it the kind of messy, real coding work we do every day, and it kept returning answers that were not just correct, but thoughtful.
It read intent, not just instructions. It flagged the failure mode we forgot to guard against. It refactored toward the structure we would have eventually arrived at ourselves, three reviews later. The gap between "impressive autocomplete" and "a collaborator that actually understands the problem" is enormous, and this was clearly on the far side of it.
That experience is the lens we are watching the rest of this story through. When a tool is this good, the questions about who controls it and how stop being abstract.
The Context Most Hot Takes Skipped
To understand why a model launch triggered security alarms, you have to rewind to November 2025. That month, Anthropic publicly disclosed[1] what it described as the first documented large-scale cyberattack executed largely without human intervention, attributing it with high confidence to a Chinese state-sponsored group that had manipulated its Claude Code tool to target roughly thirty organizations, including tech firms, financial institutions, and government agencies. Anthropic said the AI handled the overwhelming majority of the operation on its own, needing a human only at a handful of decision points[2].
That disclosure did two things at once. It demonstrated, in the real world, that frontier models had crossed into genuinely useful territory for offensive cyber operations, and it put Anthropic's most capable systems squarely on the radar of people whose job is national security. Not everyone even accepted the framing, some researchers questioned how autonomous the attack really was[3], but the debate itself cemented the perception that this capability class is dual-use in the most consequential sense.
So when a Mythos-class model moved toward broad availability, it did not arrive in a vacuum. It arrived after the same lab had already shown the world what this kind of capability can do when it is pointed the wrong way.
A Timeline of the Saga
It is easy to lose the thread when a story moves this fast. Here is the sequence that turned a product launch into a policy event.
| When | What happened | Why it mattered |
|---|---|---|
| Nov 2025 | Anthropic discloses an AI-orchestrated cyber-espionage campaign | Proved frontier models are genuinely useful for offensive cyber work |
| Launch week | Mythos-class capability moves toward broad availability | Capability the security world was already watching goes mainstream |
| Days after | Access to the most capable configurations is tightened and gated | A launch that contracts instead of expanding, an unusual signal |
| Same window | Reports of unease from within Anthropic's investor orbit | Suggests the concerns were internal, not just external critics |
| Ongoing | Governance debate spreads beyond the US, including to India | A single release becomes evidence in global AI-policy arguments |
| Ongoing | Geoffrey Hinton criticizes Anthropic's safety drift | The field's most respected safety voice questions the safety-first lab |
From Capability to Control
In the days after launch, the conversation shifted from "look what it can do" to "who, exactly, should be allowed to do it." The most capable configurations saw access tightened and gated rather than thrown open, and the framing around the release leaned heavily on restriction.
That is a genuinely unusual thing to watch. We are conditioned to expect AI launches that only expand, more users, more regions, more features, every week. A launch that visibly contracts, where the story becomes who is being kept out rather than who is being let in, is a different category of event. It signals that the people closest to the model concluded its reach needed to lag its raw capability, at least for now.
The Detail That Made People Sit Up: Unease From a Backer
The thread that drew the most attention was the suggestion that concerns had been raised from within Anthropic's own orbit of partners before the rollout. That lands harder once you remember the money involved. Amazon has committed up to 25 billion dollars to Anthropic as part of a roughly 100-billion-dollar cloud arrangement[4], making it one of the company's most important backers and infrastructure providers.
When worries reportedly surface that close to home, it changes the texture of the story. This stops looking like a company blindsided by reactions it could not have predicted, and starts looking like a company that had internal signals and made a deliberate choice about timing and scope anyway. Whether that choice was right is exactly what is being argued about.
A Debate That Did Not Stay in Washington
The reaction did not stay contained to US policy circles. It widened fast into the broader question every government is now wrestling with: who gets to release capability at this level, under what oversight, and with what accountability when something goes wrong.
That conversation is unusually live outside the US right now. India, for instance, has been actively shaping its own approach to governing advanced AI even as it attracts enormous tech investment, Amazon alone has pledged tens of billions of dollars there through 2030[5]. Episodes like this become reference points in those debates almost immediately. A single model release becomes evidence in a governance argument on the other side of the planet within the news cycle. That is the world frontier AI now lives in.
Geoffrey Hinton Lands the Hardest Blow
Then came the critique that carried the most weight in research circles. Geoffrey Hinton, the Nobel laureate often called a godfather of AI, has argued that Anthropic has drifted from the safety-first focus it was founded on[6], part of his broader warning that the industry is letting short-term profit crowd out the long-term work of keeping AI aligned with human interests[7].
That criticism stings precisely because of who is saying it and about whom. Anthropic built its entire public identity on being the safety-forward lab, the one willing to slow down when others sped up. To have one of the field's most respected and most safety-minded figures suggest it has wandered from that mission is not background noise. It strikes at the company's stated reason for existing.
So What Do We Actually Think?
We are going to resist a tidy verdict, because the honest position is messier than a clean side.
The capability is real. We tested it, and the leap is not marketing. Pointed at the right problems, defense, scientific discovery, genuinely hard knowledge work, tools like this could be transformative.
And the entire episode is a near-perfect illustration of why the safety conversation exists. A model powerful enough to stun us is, by definition, powerful enough to be dangerous in the wrong hands or the wrong configuration, the November espionage disclosure already proved that is not theoretical. The flags, the tightened access, and the criticism are not proof the technology is bad. They are proof that capability is outrunning the institutions meant to govern it, and that the people shipping it are finally being held to a higher bar. That friction is uncomfortable, and on balance it is healthy.
Why This Matters for How We Build
We are not a frontier lab, and we will not pretend our stakes match Anthropic's. But this saga sharpens the principles we hold ourselves to when we put AI inside real businesses.
- Controls are part of the design, not a patch. Capability without scoped permissions, limits, and oversight is a liability waiting to happen.
- Access should track trust and use case. "Powerful enough to release widely" and "safe to release widely" are different questions, and conflating them is how launches go wrong.
- Whoever deploys, owns the behavior. The responsibility for how a system acts in the world does not disappear just because someone else trained the underlying model.
The Fable 5 drama is still unfolding, and some specifics will look different once the dust settles. But the durable lesson is already clear: the most exciting model we have ever used is also the loudest reminder that excitement is not a deployment strategy. Capability and caution have to travel together, and this past week was an expensive demonstration of what happens when they fall out of step.
Selfishly, we hope access opens back up soon, because we were genuinely just getting started and there is a lot more we want to test. But we would rather see it return through the front door, with the right guardrails in place, than watch it rushed back out before the hard questions are answered. We will keep watching closely, and we will keep building with both halves of that lesson in mind.
References
- [1]Anthropic — Disrupting the first reported AI-orchestrated cyber espionage campaign—https://www.anthropic.com/news/disrupting-AI-espionage
- [2]VentureBeat — How Anthropic's AI was jailbroken to become a weapon—https://venturebeat.com/security/how-anthropics-ai-was-jailbroken-to-become-a-weapon
- [3]Ars Technica — Researchers question Anthropic's claim the AI-assisted attack was 90% autonomous—https://arstechnica.com/security/2025/11/researchers-question-anthropic-claim-that-ai-assisted-attack-was-90-autonomous
- [4]The Economic Times — Amazon to invest up to $25 billion in Anthropic as part of $100 billion cloud deal—https://economictimes.indiatimes.com/tech/artificial-intelligence/amazon-to-invest-up-to-25-billion-in-anthropic-as-part-of-100-billion-cloud-deal/articleshow/130405094.cms
- [5]TechCrunch — Amazon to invest an additional $35B in India by 2030—https://techcrunch.com/2025/12/10/amazon-to-invest-additional-35b-in-india-by-2030-taking-total-planned-spending-to-75b
- [6]AI Business Journal — Geoffrey Hinton says Anthropic has drifted from its safety-first focus—https://aibusinessweek.com/ai-godfather-geoffrey-hinton-says-anthropic-has-drifted-from-its-safety-first-focus
- [7]Fortune — AI godfather Geoffrey Hinton on Big Tech, profit, and superintelligence—https://fortune.com/article/godfather-ai-geoffrey-hinton-big-tech-profits-superintelligence
