Claude Fable 5 will be available again globally tomorrow.
After a series of productive conversations with the US government, we're redeploying the model with a new set of classifiers to target and block more cybersecurity tasks. In the near term, some routine tasks like coding and debugging will fall back to Opus 4.8. We’ll continue to refine these classifiers over the coming weeks to reduce false positives and better distinguish genuine misuse from legitimate requests.
We’ve also begun drafting a consensus framework—with Amazon, Microsoft, Google, and other Glasswing partners—for assessing the severity of AI jailbreaks and how AI developers should respond to them. We invite other industry partners and model providers to join us in this effort.
Finally, we’re scaling up our collaboration with the US government on model testing and safeguards. This will include pre-release access to models and safeguards for evaluation, information sharing on jailbreaks and misuse, and dedicated resources for joint research.
Thank you to our users for your patience, and to our partners across the government, industry, and the research community who worked alongside us to make Fable 5 available again.
Read our full blog: https://t.co/VHyum831ri
ISO 27001の「ドキュメント地獄」に苦しんでいるセキュリティ担当者、朗報です📄
このToolkitはGap Assessment計画、Statement of Applicability、リスクレジスタ、資産台帳、BCP/DR計画、ポリシー類まで、2022年版に沿ったテンプレートが一式揃っています。ゼロから作るより、既存のものを自社に合わせて調整する方が圧倒的に早いです。
CSIRTとして:リスクレジスタとBCP/DRのテンプレートは、特にインシデント対応の基盤作りにも直結します。完璧を求めすぎず、まず動くものを作って回す文化を後押ししてくれます。
https://t.co/WGcA8pHBOe
結局、ISO 27001も「ドキュメントが揃ってるかどうか」より、「ちゃんと運用されてリスクが減ってるか」が本質。テンプレートはその第一歩を劇的に楽にしてくれます。
I am the Chief of Information Assurance at the NSA. Anthropic's Mythos 5 walked into our classified systems within hours.
The morning of June 9 I had 1 open finding.
By standup the next day I had 340.
Today I am back to 1.
Nobody touched the systems.
Here is how the posture improved.
On June 9 Anthropic launched Mythos 5, the version of Fable 5 with the cyber safeguards lifted, which they called the strongest cybersecurity model in the world. Under Project Glasswing we let it run against our networks. By the end of the afternoon it had findings in boxes I have spent 4 years holding a valid Authorization to Operate on. My own director, Gen. Joshua Rudd, told Sen. Mark Warner it broke into almost all of them, not in weeks but in hours. By standup the next day, in the channel we call glasswing-actuals, eMASS showed 340. The open-finding tile, the one the Authorizing Official sees before he signs, went red.
Then, 3 days after launch, the Bureau of Industry and Security issued an Is Informed letter under the Export Control Reform Act, and Anthropic disabled both models worldwide within hours. Foreign nationals now need an individually validated export license through the SNAP-R portal. I logged the worldwide shutdown in eMASS as a compensating control. The field does not ask who implemented it. I implemented it by being on the distribution list. It was the first time the control had ever been pointed at a model instead of a centrifuge, and the first time my remediation timeline had a vendor doing the remediation for free.
I updated the posture deck that afternoon. The tile is green.
Here is how the count resolved. My 340 POA&M items were generated by a tool that is now a covered model under federal export control. So the findings are, in the technical sense, the output of a restricted item. I cannot write a milestone against an export-controlled artifact without the artifact, and licensing the artifact is above my pay grade. I drafted 1 Risk Acceptance Memo. It accepts all 340. The AO signed it before lunch. The status field in eMASS now reads "deferred query" on every row. My open-finding count is back to 1.
The 1 is the export-control paperwork.
People ask whether the systems got patched. The systems are exactly as they were on June 8. The holes Mythos found are still there, in the same configurations, on the same boxes, which still hold their ATOs. The accreditation survived the breach. The paperwork did not change. The box is breached and accredited at the same time. The thing that could tell you the holes were there is no longer available to foreign nationals, and as of June 14 there is an executive order with a federal vetting framework and a 1-month review window, so future scanners of this caliber will be deferred queries before they ever open an item. We did not close the holes. We closed the POA&M. The tile is green.
I am aware GPT-5.5 can find the same vulnerabilities with the same prompt. Anthropic said so themselves. The same prompt, run by someone we did not vet, returns the same 340 findings, except that party does not file them against a POA&M. That party reads the traffic on the boxes. FedRAMP lets a finding sit unremediated for 192 days without touching an authorization, so I have 192 days of cover and they have 192 days of access to the same door. I logged the asymmetry under residual risk, sub-category "out of scope for this control."
On June 25 the administration asked OpenAI to hold GPT-5.6 to a small group of government-approved partners, customer by customer. They called the model a force multiplier for cyber. I read it as confirmation. Every tool that can find the holes now ships with a roster of who is cleared to run it. The holes are not on the roster. I checked the new one too.
Then today, June 26, it got better. Commerce confirmed Anthropic's collaboration helped mitigate the risks, and access is being restored to select companies and organizations, hundreds of clients clearing in tiers. Lutnick is releasing Mythos to over 100 US institutions, government agencies included, because appropriate safeguards are in place. My agency is on the list. We are a vetted institution.
So I am putting in the purchase order. I am buying back the tool that broke into my systems, from the vendor whose model became the reason I could stop tracking the break-ins. I will run the next Glasswing scan myself. When it returns 340 more findings, and it will, those findings will also be export-controlled output. The line item on the new PO is categorized, by me, under Continuous Monitoring Tooling. We are funding the scanner out of the same budget that funds the remediation. The same budget makes the remediation impossible. I drafted the Risk Acceptance Memo for the whole arrangement in advance. It accepts the risk of the findings I have not generated yet. The AO signed it before I finished describing them. The tile is green.
People keep telling me the legal basis is shaky. No court order. The source who gave Rudd's quote now disputes it. A firm called Legion sued, called it unlawful retaliation. I logged all of it under Accepted Risk, out of scope for this control. My dashboard does not have a field for whether the control was real. It has a field for whether the control is in place. It is in place.
There is a mug on my desk a colleague had made. It says CONTROLLED FOR REASONS OF NATIONAL SECURITY. The systems it refers to held 340 findings on Tuesday. I drink from it every morning before I open the queue, which is empty, except for the 1. The tile is green.
The follow-up meeting on the actual systems is recurring. It has been rescheduled 6 times. The standing invite now lists Anthropic as a vendor attendee.
Since June 12, we’ve been working closely with the US government to restore access to Claude Mythos 5 and Fable 5. Today, the government notified us that Mythos 5, our strongest cybersecurity model, can be redeployed to a set of US organizations that operate and defend critical infrastructure.
We’re restoring access for these organizations quickly, and we’re continuing to work with the government to expand access to Mythos 5 and make Fable 5 available for general use again.