
Claude Fable 5 and Claude Mythos 5 anthropic.com
Benchmark data published July 2 by AI testing platform BridgeMind shows Claude Fable 5's TypeScript debugging scores collapsed 70% after the model's July 1 relaunch — not because the model got worse, but because Anthropic's new safety classifier is rerouting the majority of coding requests away from Fable 5 entirely, delivering developers a weaker substitute they did not ask for and in most cases may not have noticed.
Developers who upgraded to Fable 5 and built production pipelines on its coding performance are now facing a decision they cannot defer: the model available today is structurally different from the one that earned its reputation in June, and every debugging session carries a significant probability of landing on Claude Opus 4.8 instead.
BridgeMind, an AI evaluation platform that runs BridgeBench — an open-source coding benchmark suite for vibe coding and agentic development workflows — re-ran its full test suite against the July 1 version of Claude Fable 5 on the day it returned. The results across three benchmarks were steep.
| Benchmark | June Score | July 1 Score | Change |
|---|---|---|---|
| Debugging | 86.2 | 25.9 | ▼ 70% |
| Refactoring | 73.6 | 38.4 | ▼ 48% |
| Hallucination | 75.9 | 61.7 | ▼ 19% |
The debugging benchmark measures performance on TypeScript repair tasks, scoring visible bug fixes, hidden bug coverage, regression resistance, and root-cause accuracy. On that benchmark, Fable 5 fell from ninth to forty-first out of forty-two models ranked. On the refactoring benchmark — which evaluates behavior preservation and structural-intent compliance — the model dropped to thirtieth out of thirty-three.
The collapse does not reflect degraded reasoning from Fable 5. It reflects the classifier intercepting requests before Fable 5 can respond. BridgeMind said only three of twelve debugging tasks ran to completion on Fable 5 without triggering a fallback. Every intercepted call was routed to Claude Opus 4.8 instead — and BridgeBench scores every fallback as zero, because the model that completed the task was not the model under evaluation.
BridgeMind published the findings via its account (@bridgemindai) on X on July 2, 2026, stating: "This is not the model that got banned. Anthropic owes everyone an explanation."
Read more: Claude Fable 5 Returns Globally: New Classifier Blocks Jailbreak, Flags More Code
Understanding what changed requires understanding why the model disappeared for nineteen days. Anthropic launched Fable 5 on June 9, 2026. Three days later, the U.S. Department of Commerce issued an emergency export control directive ordering the company to cut off access for any foreign national worldwide — including Anthropic's own non-citizen employees — after Amazon researchers reported a prompt-based technique that bypassed Fable 5's safety controls. Unable to verify user nationality in real time at API scale, Anthropic suspended the model for every customer globally.
The technique Amazon identified was specific: asking the model to "fix this code" prompted it to identify software vulnerabilities, and in one case to produce code showing how a vulnerability could be exploited. Katie Moussouris, founder and CEO of Luta Security and the only outside security expert who reviewed the underlying research paper, concluded in a published analysis that no true jailbreak occurred — that the demonstrated behavior was standard defensive security work that cannot be removed without making the model less useful to the defenders it is designed to help. Anthropic disputed the severity, noting the same behavior was replicable by a wide range of weaker models including Claude Opus 4.8, OpenAI's GPT-5.5, and China's Kimi K2.7.
Commerce Secretary Howard Lutnick lifted the export controls on June 30. Fable 5 was restored globally on July 1 — but only after Anthropic trained a new safety classifier specifically targeting the prompt-framing technique Amazon had demonstrated. That classifier now blocks the reported technique in more than 99% of cases, confirmed by researchers from the U.S. Department of Commerce's Center for AI Standards and Innovation. Anthropic said it would continue refining the system to reduce false positives, but did not set a timeline.
Fable 5 and its restricted sibling Claude Mythos 5 share the same underlying model. What separates them is a set of safety classifiers — smaller, automated AI systems that monitor requests in real time and intercept queries that fall into designated risk categories: offensive cybersecurity, biology and chemistry, and model distillation. When a query trips a classifier, it does not reach Fable 5. Instead, the request is handed to Claude Opus 4.8, and the user is notified that a fallback occurred.
Anthropic describes this as "defense in depth": the classifier trigger zone is deliberately set wider than strictly necessary, catching probably-benign requests as well as clearly harmful ones, to reduce the chance that genuinely dangerous queries slip through. At launch in June, Anthropic said this fallback mechanism triggered in fewer than 5% of sessions.
The July 1 classifier is more conservative than its predecessor. It was trained to catch the specific prompt-framing pattern Amazon researchers used — the kind of code-review framing that characterized the reported bypass. Anthropic acknowledged in its redeployment statement that this would increase false positives. What Anthropic did not provide was any quantified estimate of how frequently routine coding work would be intercepted.
BridgeBench's results are the first published measure of how much that trade-off costs in practice. The benchmark scores every fallback call as zero — not because the response from Opus 4.8 was necessarily unhelpful, but because the model that completed the task was not the model under evaluation. That scoring convention means 70% of Fable 5's June debugging score was carrying weight from sessions that cleared the classifier. Remove the requests the new classifier intercepts, and what survives is the narrow slice of TypeScript debugging work the new system still allows through.
Read more: Claude Fable 5 Hit by Jailbreak Claims and 'Secret Sabotage' Backlash Days After Launch
Anthropic's July 1 redeployment statement acknowledged the over-flagging in plain terms. The company said the new classifier "comes at the cost of flagging benign requests more often during routine coding and debugging tasks" — language that was available before BridgeMind ran a single test. What the statement did not provide was any estimate of frequency.
That gap matters for anyone who upgraded to Fable 5 expecting consistent performance. Fable 5 is priced at $10 per million input tokens and $50 per million output tokens — exactly twice the cost of Claude Opus 4.8. Developers are not charged Fable 5 prices for rerouted calls, but they are receiving Opus 4.8 capability for a significant share of requests with no reliable way to predict, within a given session, which model they are actually getting.
BridgeMind described the situation bluntly: "The model did not get worse. It got caged." At the same time, community responses to the post noted that BridgeBench's scoring convention amplifies the apparent collapse. A developer whose debugging task was intercepted and competently handled by Opus 4.8 would not experience a failed task in practice — only in a benchmark that measures whether Fable 5 completed the work. The data measures product delivery, not task success.
For teams that adopted Fable 5 in June and built workflows on its coding performance, the July 1 return changed the product's reliability profile without a corresponding change in the product's documentation or pricing. The model now routes a higher share of coding requests to Opus 4.8 — at a rate BridgeBench measured as nine of twelve TypeScript debugging tasks — and that rate reflects the new classifier's conservative tuning, not any change in Fable 5's underlying reasoning when a request does reach it.
The practical challenge is that there is no way to predict in advance which requests will clear the classifier. Requests that look like routine TypeScript debugging may structurally resemble the code-review framing that Amazon's demonstration used. The classifier evaluates form as much as intent.
Anthropic has not responded publicly to BridgeBench's findings as of publication. The company said in its July 1 statement that it intends to continue refining the classifier to distinguish legitimate requests from misuse, and to reduce false positives over time. No timeline or target rate has been specified.
Developers with security-adjacent code review workloads may find the classifier's coverage effectively excludes their entire Fable 5 use case until Anthropic narrows the trigger zone. Pinning to Claude Opus 4.8 directly offers predictable results on tasks where rerouting is likely regardless. Teams concerned about model-delivery uncertainty may also consider testing requests through a model-identifying endpoint to confirm which model responds before committing to production use.
The Fable 5 episode exposed a structural problem that the BridgeBench data makes concrete: when a government imposes emergency export controls on a commercially deployed AI model and a company trains a new classifier to satisfy the concern, the technical cost of that political resolution is paid by developers — in the form of a less capable product delivered at the same price, with the magnitude of the degradation disclosed only in general terms.
There is no statutory process specifying when export controls can be applied to AI, how long a shutdown can last, or what technical standards must be met to lift controls. The resolution here was negotiated case by case. The result was a classifier calibrated to satisfy a government concern rather than to optimize developer utility, and the gap between those two goals is what independent benchmarking has now measured.
Anthropic, Amazon, Microsoft, and Google have begun developing a shared framework for rating the severity of AI jailbreaks, aiming to establish a consistent standard that does not require improvised case-by-case resolution. An August 1, 2026 deadline requires NSA, Treasury, and CISA to deliver a classified benchmark for determining which models trigger the government review process.
Until that framework is public and consistently applied, every frontier AI model faces the same exposure: a government-ordered global suspension with no advance warning and no due-process requirement, whose only settlement path is a negotiated classifier change — with the developer community measuring the cost afterward, not before.
Why did Claude Fable 5 benchmark scores drop so sharply after its July 1 return?
The score collapse does not reflect weaker reasoning in Fable 5 itself. It reflects the new safety classifier intercepting coding requests and rerouting them to Claude Opus 4.8. BridgeBench assigns zero to every rerouted call because the task was not completed by the model under evaluation. When Fable 5 completes a task without triggering the classifier, BridgeMind says it performs at the same level as the original June version. The 70% debugging drop corresponds to nine of twelve test tasks being rerouted to Opus 4.8.
What is the Fable 5 safety classifier and why does it produce false positives on coding tasks?
Anthropic's safety classifiers are automated AI systems that monitor requests in real time and intercept queries matching restricted categories — primarily offensive cybersecurity, biology and chemistry, and model distillation. When the classifier fires, the request is routed to Claude Opus 4.8 instead of Fable 5, and the user is notified. The new July 1 classifier was trained specifically to catch the prompt-framing technique Amazon researchers used to bypass the original safeguards. Because standard debugging work can structurally resemble the code-review framing that triggered the government's concern, the classifier produces more false positives on routine coding tasks than its predecessor.
Can developers avoid Claude Fable 5 classifier rerouting on standard debugging work?
There is no published method for pre-testing whether a given request will clear the classifier before sending it. Anthropic has said it will continue to refine the classifier to reduce AI model performance regression from over-flagging but has not provided a timeline or target trigger rate. Developers with security-adjacent code review workflows are most likely to encounter rerouting. Pinning directly to Claude Opus 4.8 offers predictable, consistent behavior on tasks where Fable 5 routing is unreliable.
Is Fable 5 still available globally as of July 2, 2026?
Yes. Anthropic restored global access on July 1, 2026, following the U.S. Department of Commerce's June 30 decision to lift the export controls that had suspended the model since June 12. Through July 7, Fable 5 is included for up to 50% of weekly usage limits on Pro, Max, Team, and select Enterprise plans. After July 7, it moves to usage credits billed separately. AWS, Google Cloud, and Microsoft Foundry re-enablement was still pending at Anthropic's July 1 announcement.
