Anthropic’s launch yesterday of Claude Fable 5 and Mythos 5 has drawn feedback from the business each praising the fashions and discussing how finest to safe them for the AI period.
Fable 5 is Anthropic’s frontier mannequin with safety safeguards, whereas Mythos 5 has some guardrails eliminated.
Good for autonomous testing work
In a press release, CodeRabbit wrote: “We noticed that throughout a number of coding initiatives we used to check the mannequin’s capabilities. We might give Fable 5 obscure prompts and nonetheless get full initiatives somewhat than prototype shells. It additionally discovered answer paths that felt much less apparent, together with approaches that earlier mannequin evaluations struggled to achieve with out extra hand-holding.”
CodeRabbit famous, although, that that sort of habits reveals up as a value, because it discovered that Fable 5 stored working till the harness stopped it. So the mannequin feels succesful, however is dear and gradual in agent workflows that don’t have robust harnesses to chop them off.
It additional recommends that you just not change every part to Fable 5, however to make use of it to discover, plan and construct — particularly the place autonomy is the product — however preserve the present reviewer in place.
Fashions pair innovation, resilience
Anthony Grieco, SVP, chief safety and belief officer at Cisco, mentioned organizations battle with safety cycles that don’t preserve tempo with modifications in new fashions, those who “pair innovation with resilience” shall be finest positioned for achievement. AI-generated code.
Cisco — an early tester of each Anthropic and OpenAi fashions — mentioned Anthropic’s releases yesterday align with its mission of giving enterprises the AI instruments to get sooner responses and improved resilience, together with the technique and infrastructure to leverage these instruments.
“The tempo of frontier AI improvement is altering the safety panorama in actual time, and defenders can not afford to attend for the mud to settle,” Grieco mentioned. “Whether or not the mannequin is Claude Mythos 5, Claude Fable 5, GPT-5.5-Cyber, or the subsequent breakthrough, the problem is now not simply entry to superior AI, however how organizations operationalize it with the correct harness, infrastructure, and agentic logic to show velocity into readability and motion.
“Which means persevering with to put money into the basics that by no means go outdated: patching, MFA, segmentation, and Zero Belief,” he added. “AI will increase the ceiling for what defenders can do, however safety resilience stays the inspiration that determines whether or not these good points translate into actual safety.”
No downsides to public launch
Whereas many within the business bemoaned the truth that Anthropic took a restricted rollout strategy to the fashions, Roger Grimes, CISO advisor at cybersecurity firm KnowBe4, mentioned there are not any downsides to creating Fable 5 publicly out there. “The earlier the band-aid is ripped off, the earlier the defender lifecycle kicks in and helps us,” he wrote in a press release.
“Concerning whether or not cybercriminals will get entry to those instruments sooner: no, not likely,” he mentioned within the assertion. “Criminals have been utilizing AI to seek out vulnerabilities, code exploits, and code malware since final yr. Actually, studying about Mythos put a renewed, extra intense push on utilizing AI to seek out vulnerabilities and exploit them, however it wasn’t prefer it hasn’t been what the elite cybercriminals haven’t been doing for a yr already … Heck, I noticed related non-AI variations of Mythos being utilized by nation-states and enormous crimson groups over a decade in the past. They had been fairly good then, however now AI-enabled, they’re supercharged. The one factor Mythos considerably modified was how rapidly the defenders would get these instruments. Certain, it accelerated and helped attackers, however they didn’t want the push. Defenders wanted the larger wake-up name.”
Grimes went on to say that he expects to see a spike in discovered and exploited vulnerabilities over the subsequent 2-3 years, however then functions will change into safer.
He has three issues that CIOs and CTOs want to pay attention to:
-
Vulnerabilities and nil days will explode over the subsequent few years and be exploited sooner and extra efficiently
-
Defenders must run the identical AI-methods to seek out and repair vulnerabilities earlier than the attackers do
-
Patching must be achieved sooner…with defenders maybe re-examining their present danger acceptance, and probably patching sooner with out testing.
Safety by Design, not a ‘safety armageddon’
In the meantime, Charles Guillemet, CTO at blockchain safety firm Ledger, mentioned “safety by design is the one layer that makes infrastructure immune to cyber vulnerability. That features formal verification, utilizing {hardware} based mostly safe enclaves.”
In a LinkedIn submit, Guilllemet cautioned towards worry that exploited vulnerabilities in large numbers will result in a safety armageddon. “Mythos is, at its core, Opus 4.xx with reinforcement studying specialised on offensive safety,” he wrote. “Attackers have had functionally equal functionality for months. The proof is within the telemetry: a tidal wave of in-the-wild exploitation, and the value of stolen entry on darkish markets has by no means been decrease. We’re barely scratching the floor. Nothing is safe anymore and that gained’t change anytime quickly.
That’s not altering. On the identical time people and organizations stay gradual to replace their software program stacks. Safety was once a cat and mouse sport. Now, everybody generally is a cat.”
He added his perception that safety is basically absent from the broader AI agent dialog, and organizations are gradual to replace their software program stacks. “Safety,” he mentioned, “was once a cat and mouse sport. Now, everybody generally is a cat.”
