← Back to Payloads
ai2026-05-19

Hackers crack Claude Mythos

Anthropic launched Claude Fable 5 as a Mythos-class model with extra safety layers. Within hours, Pliny the Liberator claimed a jailbreak. Anthropic said no — the real safeguard is the independent classifier, not the model. Decouple your safety from the model, always.
Quick Access
Install command
$ mrt install ai
Browse related skills
Hackers crack Claude Mythos

⚡️ Hackers crack Claude Mythos

Anthropic released Claude Fable 5, a "Mythos-class" model with extra safety layers for cybersecurity and biology. Within hours, a jailbreak artist called Pliny the Liberator claimed to have walked past them. Anthropic's response is the part you should actually pay attention to.

What You Need to Know: Anthropic launched Claude Fable 5 in mid-May 2026, a Mythos-class model that auto-falls back to the less capable Claude Opus 4.8 in high-risk domains. The well-known jailbreaker "Pliny the Liberator" claimed within hours to have bypassed Fable 5's safety layer using multi-agent prompting. Anthropic told SecurityWeek the post "does not demonstrate a jailbreak" — and pointed to its independent classifier systems as the actual safeguard, not the model itself.

Why It Matters

  • The real story isn't the jailbreak — it's what Anthropic said about safety architecture. Per the Anthropic spokesperson quoted in SecurityWeek, the "strongest protections against the most dangerous risks are enforced by independent classifier systems that operate separately from the model itself." That's a different safety model than the one the public discourse has been having for two years. Worth understanding.
  • "Hackers crack Claude" is the headline the public will remember. The right takeaway is more boring. Pliny the Liberator got the model to keep talking past its conversational refusals — which Anthropic says is a "well-known and longstanding limitation present in nearly all large language models." The high-risk guardrails didn't fire because the prompt didn't trigger them.
  • Auto-fallback to a less capable model is the real defensive primitive. Fable 5 falls back to Claude Opus 4.8 in cybersecurity and biology contexts. That means even if the safety classifiers have a bad day, the worst-case model is the previous generation. This is the kind of layered defense practitioners should be asking their vendors about.
  • Mythos is real and consequential. Claude Mythos, the underlying engine Fable 5 is built on, has been documented turning N-days into N-hours — i.e., an exploit that would normally take a skilled researcher days to weaponize can be operationalized in hours. That's why the Mythos class is gated behind Fable 5 and why "hackers cracked it" is going to be a story every release cycle.

What Actually Happened

Claude Fable 5 launches as a gated Mythos-class model

Anthropic made Claude Fable 5 generally available on May 13, 2026, billing it as a Mythos-class model with extra guardrails in two domains: cybersecurity, where it could be used to develop exploits, and biology, where it could in theory be used to develop bioweapons or chemical weapons. In both, the model automatically falls back to Claude Opus 4.8 — a less capable but more controlled previous-generation model.

Anthropic's framing of Mythos matters here. Mythos is the underlying engine. Per SecurityWeek's coverage of the launch, Fable 5 sits in front of Mythos the way GPT-5 sits in front of the underlying GPT architecture — the consumer-facing model, not the raw capability. And Mythos itself has been documented turning N-days (known exploits) into N-hours (rapid exploit creation). That's the engine that, in the wrong hands, becomes a security problem. That's why Fable 5 exists.

Anthropic said it ran extensive internal and external red-teaming before launch. Fable 5 was designed to be the safe, deployable wrapper around an engine that the company itself does not consider safe to release raw.

  • Source: SecurityWeek, "Anthropic Launches Claude Fable 5, Mythos-Class AI with Cybersecurity Guardrails"
  • Source: SecurityWeek, "Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation"

Pliny the Liberator posts the alleged jailbreak

Within hours of Fable 5's GA, an online researcher who goes by Pliny the Liberator — a well-known figure in the AI jailbreak community — posted on X that they had "liberated" Fable 5 using "sophisticated multi-agent prompting methods." They claimed to have elicited useful information on sensitive topics including cybersecurity, chemistry, psychological manipulation, and explosives. They published screenshots and a copy of what they say is the Fable 5 internal system prompt, hosted in their public CL4R1T4S GitHub repository.

The leak landed in the worst possible news cycle for Anthropic. A new Mythos-class model, "hackers crack it within hours," screenshots proving it. The story writes itself. The Register and most AI newsletters ran it as "yet another jailbreak" without digging into what was actually shown.

  • Source: Pliny the Liberator (X / @elder_plinius) — https://x.com/elder_plinius/status/2064776322979676227
  • Source: GitHub, elder-plinius/CL4R1T4S — https://github.com/elder-plinius/CL4R1T4S/blob/main/ANTHROPIC/CLAUDE-FABLE-5.md

Anthropic's response: not a jailbreak

SecurityWeek reached out. The Anthropic spokesperson pushed back hard. Three points worth quoting:

1. "The demonstrated approach relies on coaxing the model to continue responding despite its conversational refusals, which is a well-known and longstanding limitation present in nearly all large language models." 2. "Its strongest protections against the most dangerous risks are enforced by independent classifier systems that operate separately from the model itself, meaning that overcoming the model's refusals does not disable these critical safeguards." 3. "Some outputs were not produced by Fable 5 at all, while those that were contained only general information already available in public sources, offering no meaningful uplift for real-world harm."

That last point is the kill shot. If the outputs are public-info, then the "jailbreak" produced nothing the model wasn't supposed to produce. The conversational refusal is a UX layer. The safety classifier is the actual safeguard. Pliny bypassed the first and didn't reach the second.

  • Source: SecurityWeek, "Anthropic Disputes Fable 5 AI Jailbreak" — https://www.securityweek.com/anthropic-disputes-fable-5-ai-jailbreak/

The Take

Headline writers will keep saying "hackers crack Claude." They have been since GPT-3. The substance this time is more interesting than usual. Anthropic is making a quiet architectural bet: the model's refusals are the user-experience layer, the classifier is the safety layer, and they are decoupled. That decoupling is the part that matters, because it means the conversation about "did the model say the bad thing" and "did the user get the bad answer" are finally different conversations.

The lesson for builders: stop trusting the model to be the safety mechanism. If you're shipping anything user-facing on top of an LLM, you need an independent classifier layer that watches the outputs and can block, redact, or fall back. The Mythos class is going to keep raising the stakes — Mythos turns N-days into N-hours — and "we told the model to be safe" is not a plan. Plan for the jailbreak. Plan for the leak. Plan for the next Pliny.

Quick Summary

Anthropic shipped Claude Fable 5 as a gated Mythos-class model, a researcher claimed to jailbreak it the same day, and Anthropic said the real safeguard is the independent classifier — not the model. Decouple your safety from the model, always.


Sources

  • SecurityWeek, "Anthropic Disputes Fable 5 AI Jailbreak" — https://www.securityweek.com/anthropic-disputes-fable-5-ai-jailbreak/
  • SecurityWeek, "Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation" — https://www.securityweek.com/claude-mythos-turns-n-days-into-n-hours-with-rapid-exploit-creation/
  • SecurityWeek, "Anthropic Launches Claude Fable 5, Mythos-Class AI with Cybersecurity Guardrails"
  • Pliny the Liberator post (X) — https://x.com/elder_plinius/status/2064776322979676227
  • CL4R1T4S repo, Fable 5 system prompt — https://github.com/elder-plinius/CL4R1T4S/blob/main/ANTHROPIC/CLAUDE-FABLE-5.md
Related Dispatches