Anthropic’s launch yesterday of Claude Fable 5 and Mythos 5 has drawn feedback from the trade each praising the fashions and discussing how finest to safe them for the AI period.
Fable 5 is Anthropic’s frontier mannequin with safety safeguards, whereas Mythos 5 has some guardrails eliminated.
Good for autonomous testing work
In a press release, CodeRabbit wrote: “We noticed that throughout a number of coding initiatives we used to check the mannequin’s capabilities. We may give Fable 5 imprecise prompts and nonetheless get full initiatives somewhat than prototype shells. It additionally discovered resolution paths that felt much less apparent, together with approaches that earlier mannequin evaluations struggled to achieve with out extra hand-holding.”
CodeRabbit famous, although, that that type of habits reveals up as a value, because it discovered that Fable 5 stored working till the harness stopped it. So the mannequin feels succesful, however is dear and gradual in agent workflows that wouldn’t have sturdy harnesses to chop them off.
It additional recommends that you simply not change all the pieces to Fable 5, however to make use of it to discover, plan and construct — particularly the place autonomy is the product — however maintain the present reviewer in place.
Fashions pair innovation, resilience
Anthony Grieco, SVP, chief safety and belief officer at Cisco, stated organizations wrestle with safety cycles that don’t maintain tempo with modifications in new fashions, those who “pair innovation with resilience” shall be finest positioned for fulfillment. AI-generated code.
Cisco — an early tester of each Anthropic and OpenAi fashions — stated Anthropic’s releases yesterday align with its mission of giving enterprises the AI instruments to get quicker responses and improved resilience, together with the technique and infrastructure to leverage these instruments.
“The tempo of frontier AI improvement is altering the safety panorama in actual time, and defenders can not afford to attend for the mud to settle,” Grieco stated. “Whether or not the mannequin is Claude Mythos 5, Claude Fable 5, GPT-5.5-Cyber, or the following breakthrough, the problem is now not simply entry to superior AI, however how organizations operationalize it with the fitting harness, infrastructure, and agentic logic to show velocity into readability and motion.
“Which means persevering with to spend money on the basics that by no means go old-fashioned: patching, MFA, segmentation, and Zero Belief,” he added. “AI will increase the ceiling for what defenders can do, however safety resilience stays the inspiration that determines whether or not these good points translate into actual safety.”
No downsides to public launch
Whereas many within the trade bemoaned the truth that Anthropic took a restricted rollout strategy to the fashions, Roger Grimes, CISO advisor at cybersecurity firm KnowBe4, stated there aren’t any downsides to creating Fable 5 publicly accessible. “The earlier the band-aid is ripped off, the earlier the defender lifecycle kicks in and helps us,” he wrote in a press release.
“Relating to whether or not cybercriminals will get entry to those instruments quicker: no, probably not,” he stated within the assertion. “Criminals have been utilizing AI to search out vulnerabilities, code exploits, and code malware since final yr. Actually, studying about Mythos put a renewed, extra intense push on utilizing AI to search out vulnerabilities and exploit them, however it wasn’t prefer it hasn’t been what the elite cybercriminals haven’t been doing for a yr already … Heck, I noticed comparable non-AI variations of Mythos being utilized by nation-states and enormous purple groups over a decade in the past. They have been fairly good then, however now AI-enabled, they’re supercharged. The one factor Mythos considerably modified was how rapidly the defenders would get these instruments. Positive, it accelerated and helped attackers, however they didn’t want the push. Defenders wanted the larger wake-up name.”
Grimes went on to say that he expects to see a spike in discovered and exploited vulnerabilities over the following 2-3 years, however then purposes will develop into safer.
He has three issues that CIOs and CTOs want to concentrate on:
Vulnerabilities and 0 days will explode over the following few years and be exploited quicker and extra efficiently
Defenders have to run the identical AI-methods to search out and repair vulnerabilities earlier than the attackers do
Patching must be completed quicker…with defenders maybe re-examining their present danger acceptance, and doubtlessly patching quicker with out testing.
Safety by Design, not a ‘safety armageddon’
In the meantime, Charles Guillemet, CTO at blockchain safety firm Ledger, stated “safety by design is the one layer that makes infrastructure proof against cyber vulnerability. That features formal verification, utilizing {hardware} based mostly safe enclaves.”
In a LinkedIn submit, Guilllemet cautioned in opposition to worry that exploited vulnerabilities in huge numbers will result in a safety armageddon. “Mythos is, at its core, Opus 4.xx with reinforcement studying specialised on offensive safety,” he wrote. “Attackers have had functionally equal functionality for months. The proof is within the telemetry: a tidal wave of in-the-wild exploitation, and the worth of stolen entry on darkish markets has by no means been decrease. We’re barely scratching the floor. Nothing is safe anymore and that gained’t change anytime quickly.
That’s not altering. On the similar time people and organizations stay gradual to replace their software program stacks. Safety was once a cat and mouse sport. Now, everybody could be a cat.”
He added his perception that safety is basically absent from the broader AI agent dialog, and organizations are gradual to replace their software program stacks. “Safety,” he stated, “was once a cat and mouse sport. Now, everybody could be a cat.”