MythosLM

Independent reference. Not affiliated with, endorsed by, or sponsored by Anthropic PBC. Details.

Claude Mythos and Cybersecurity: Why Cyber Is a Covered Domain

Safety & cyber informational Last reviewed Updated

Why cybersecurity sits behind a classifier

Mythos-class models reason about software, networks, and exploitation at a level above Opus. That capability is genuinely dual-use: a model good enough to help a security team find and patch a vulnerability is, by construction, good enough to help someone weaponize it. Anthropic's response is not to make the model worse at security but to gate the most sensitive uses behind safeguards.

On Fable 5, cybersecurity is one of three classifier-covered domains (alongside biology/chemistry and distillation). When a request trips the cyber classifier, Fable 5 does not answer with the full Mythos-class model. Instead it reroutes the request to Claude Opus 4.8 and tells the user that a reroute happened. This "classifier fallback" affects fewer than 5% of sessions, so ordinary security learning, code review, and defensive work are largely unaffected.

How Glasswing changes the picture

The uplift that makes cyber sensitive is also exactly what makes Mythos-class useful for critical-infrastructure defense. Project Glasswing exists to put the classifier-lifted model — Mythos 5 — in the hands of vetted defenders who can use full cyber reasoning under contract and oversight. So the same capability is restricted on the public model and deliberately enabled for screened cyberdefense organizations.

What these pages do and don't do

This explainer describes the policy architecture only. It does not provide operational attack guidance; the point is to clarify why a domain is gated and what the gate does, not how to defeat it.

Frequently asked questions

Does Fable 5 refuse all cybersecurity questions?

No. Only requests that trip the cyber classifier are rerouted to Opus 4.8, and that is fewer than 5% of sessions. Routine defensive security, code review, and education generally answer normally on Fable 5.

Why is the same capability allowed under Glasswing but not publicly?

Glasswing puts Mythos 5 behind vetting, contracts, and oversight so full cyber reasoning can be used for defense by screened organizations, rather than being openly available to anyone.

Is Mythos 5 just better at hacking?

Mythos 5 is the same underlying model as Fable 5 with classifiers lifted. It is more capable across the board, including cyber, which is precisely why access is restricted to vetted cyberdefense use.

Sources & further reading

Facts on this page link to their source. Quotes are kept under 15 words and attributed; figures labelled unofficial are third-party until Anthropic publishes system-card numbers.