Takumi byGMO's Policy on the Mythos-Class Model Claude Fable 5

Anthropic's new Mythos-class model, Claude Fable 5, was released today, June 10, 2026. Here we share how Takumi byGMO, our AI agent for security assessment and penetration testing, will support this model.

Overview of Claude Fable 5 and Our Existing Plans

Claude Fable 5 is Anthropic's latest AI model, released on June 10, 2026. It is rooted in the same underlying model weights as "Claude Mythos 5", the model widely noted for its strong cybersecurity capabilities. On top of that, it has stronger safeguards against misuse than Mythos 5.

From "System Card: Claude Fable 5 & Claude Mythos 5":

Fable 5 is being released for general access—it has the same underlying model weights as Mythos 5, but has additional safeguards to prevent misuse for cybersecurity and biology.

The Claude Fable 5 and Claude Mythos 5 models have drawn particular expectation and interest for use in cybersecurity.

As a notable result related to these models, "Claude Mythos Preview", the predecessor of Claude Mythos 5, has already contributed to the discovery of 23,000 vulnerabilities (see "Project Glasswing: An initial update"), to the point where government agencies including Japan's Financial Services Agency and Ministry of Health, Labour and Welfare have issued advisories to critical institutions (see the FSA advisory).

In light of this, Takumi byGMO had reported the following plan for the period after the general release of Mythos-class models, with the aim of supporting security engineers who protect Japanese businesses in their use of these models (original).

Deployment plan following the general release of "Mythos-class models"

• AI penetration testing (a new feature in which an AI agent attempts to break into a system until it reaches a goal): deployed and available within at most 5 business days after the model's general release
• AI security assessment and automated fixing (an AI agent automatically discovers and fixes vulnerabilities): we maintain delivery on current-tier models, while adding a mode that lets you specify the use of Mythos-class models (and comparable high-end models), particularly for inspecting and fixing business logic
• "Takumi Guard" and "Takumi Runner" (features that protect the software supply chain): deployed first into our underlying Threat Intelligence platform and used for malware discovery and analysis, resulting in faster and more accurate detection of malicious OSS packages than before

Note: For tasks where our own benchmarks show that a "Mythos-class model" is not necessarily required, we use existing models. This achieves maximum inspection performance at minimum cost.

Our Policy on Claude Fable 5

After evaluation by our specialist team, we have decided to hold off on deploying Claude Fable 5 for the AI penetration testing feature (the new feature to be released) as we judged it unnecessary for this release, and to instead begin operating it on Opus 4.8 and models of an equivalent tier, which already record sufficient performance. Our approach to other features is the same: in principle, we continue to operate on models other than Fable 5 that deliver sufficient performance.

Background to This Policy

The background to this policy is as follows.

• The model's safeguards can be triggered excessively. As a result, even security reviews and penetration tests that we judge not to violate the model provider's terms, our own terms, or applicable laws may fail to deliver stable performance.
• Existing models (Claude Opus 4.8, and other models from Google and OpenAI) already show certain results with our harness. While we expect further performance gains from high-end models in the future, multi-stage attacks are realistically achievable in scenarios that do not require special 0-day (or complex 1-day) vulnerabilities.

Our View on the Performance of Existing Models

The latter point in particular, that models up to and including Opus 4.8 have already reached a certain level, deserves attention.

The System Card for Claude Mythos 5 and Fable 5 and similar materials describe performance gains on benchmarks such as ExploitBench, OSS-Fuzz, and CyberGym. These generally have the exploitation of browsers and binaries in mind, and their evaluation of the ability to compromise web systems and cloud is limited.

The set of capabilities improved in Claude Mythos 5 can be imagined to be very important for organizations that face threats which exploit 0-day or highly complex N-day vulnerabilities.

On the other hand, the organizations that should assume threats of this intensity are limited. Typical system compromises start with people as the entry point, or with more basic mistakes (for example, unintentionally exposed admin consoles, weak passwords, well-known arbitrary code execution vectors such as React2Shell, unmaintained VPN appliances, unintentionally left secrets, and so on). The attack process after an attacker has completed initial intrusion also does not necessarily require complex 0-day or N-day vulnerabilities.

Assuming this minimal set of threats that most of our customers should be aware of, we believe that models prior to Claude Fable 5, such as Opus 4.8, are capable of sufficient simulated attacks. For example, our benchmark set includes scenarios that steal data on the cloud through multi-stage attacks with the simple configuration shown below. This is well within reach of pre-Opus 4.8 models combined with our harness.

Our Commitment to Safety

If the model's safeguards are relaxed in the future, and once we have confirmed that we have safe safeguards and a harness appropriate to the model's performance, we will reconsider deploying Claude Fable 5.

In the use of AI for cybersecurity, the fact that benign and malicious use are two sides of the same coin is an unavoidable and important problem. Takumi byGMO and its provider, GMO Flatt Security, have kept this in mind and have applied basic controls such as organization authentication and ownership verification. We will continue to coordinate with model providers and with international efforts on AI safety, and we remain committed to the safe delivery of AI technology.

Availability of the AI Penetration Testing Feature

The AI penetration testing feature, which we had said would be deployed and available within at most 5 business days after the general release of Mythos-class models, will be rolled out to customers in stages from Monday, June 15, after internal re-adjustment. To ensure stable delivery, the feature will be made available gradually.

Unlike the existing assessment features, the AI penetration testing feature has the AI attempt highly flexible attacks until it reaches a given goal (for example, stealing information within a specific cloud resource in scope). It is effective when you have already identified important information and components that would be damaging if compromised, through cloud asset inventory, threat modeling, and the like.

Contact

As we roll out the AI penetration testing feature from June 15 onward, customers who would like priority access, or who are interested in the details of the feature, can contact their sales representative or reach out through our website.