Anthropic opens Claude Fable 5 to subscribers, DeFi exposed

Anthropic on June 10 released Claude Fable 5 to subscribers, a public version of its Mythos vulnerability model; researchers warn unaudited DeFi contracts may be easier to exploit.

Anthropic released Claude Fable 5 on June 10, making a subscription-accessible public version of its previously restricted Mythos vulnerability-finding model. Mythos had been available only to about 150 Project Glasswing partners and reportedly identified more than 10,000 critical vulnerabilities in major software.

Anthropic said Fable 5 includes hard safety limits. For high-risk topics such as cybersecurity, biology, chemistry and model distillation the model blocks responses and falls back to Claude Opus 4.8. In a social media post the company wrote, “Queries on a narrow range of topics will instead receive a response from our next-most-capable model, Opus 4.8.”

The company ran an external bug bounty and more than 1,000 hours of jailbreak testing before the release and reported no universal jailbreaks. Anthropic reported that requests classified as sensitive cybersecurity trigger the fallback in fewer than 5% of sessions, so most interactions proceed through Fable 5.

Security researchers and DeFi developers say the model’s software-engineering performance improves its ability to handle longer, more complex coding tasks. For many smart contracts written in Solidity, finding a vulnerability can resemble a programming or auditing task rather than a conventional cybersecurity attack, and those queries may not fall into the blocked categories.

White-hat hacker MevenRekt wrote on social media that “the cost and skill required to find exploitable flaws in smart contracts is about to drop to effectively zero.” With Fable 5 available to subscribers, auditors and attackers will have access to the same advanced tooling.

A lighter version of Anthropic’s architecture reportedly found a critical flaw in the Zcash protocol within 24 hours after four years of review by cryptographers. Security professionals reference that example as evidence that automated analysis can uncover nonobvious, long-standing bugs.

Security practitioners recommend immediate precautions for users and protocol operators: revoke token approvals for contracts that are not actively trusted, move significant holdings to hardware wallets, and reduce exposure to protocols without recent independent audits.

Developers and governance teams are being advised to increase defenses through regular third-party audits, on-chain monitoring, bug bounties, multisignature controls and timelocks for administrative actions.

Fable 5 expands access to advanced vulnerability-finding tools that were previously limited to a small set of partners. For decentralized finance, where contract code is public and systems are composable, broader access to automated analysis affects both auditing and exploitation of on-chain code.

Articles by this author