Power Without Control: What Anthropic’s Claude Fable 5 and Mythos 5 Mean for Enterprise Security, AI Governance, and Risk
Published
Question: For security professionals who have used Claude Fable 5, how do you see it being used in practical settings? Looking ahead, what additional capabilities or use cases could become possible?
Sachin Jade, Chief Product Officer, Cyware: Anthropic has created a powerful model with variants. One that higher-level partners’ security professionals can use for
- vulnerability triage,
- log analysis,
- malware reverse-engineering assistance, and
- accelerating incident response.
Researchers complained about Fable 5 guardrails that would automatically downgrade the model use if doing work on cybersecurity elements and as such, Anthropic is looking to tweak the guardrails.
But the essence of using these powerful models to left-shift any security model is powerful. And looking ahead, expect more autonomous agentic workflows: continuous code auditing, automated patch generation, and red-team simulation — shifting analysts from manual investigation toward supervising AI-driven security operations.
Michal Garcarz, Chief Scientist, Elisity: The biggest practical change for me is how long I can leave the model unsupervised. I am a fan of intent-driven development, and Fable 5 is significantly better at it than Opus 4.8 + Ultracode.
- It plans across multiple components
- Connects the “dots” faster
- Requires the human in the loop much less often
I can leave it running overnight, and the chances of finding + testing + implementing the right solution autonomously are higher. That is a huge difference for me.
The next use cases I see I have not tested yet. Autonomous threat hunting in the SOC:
- High-quality hypothesis creation + validation,
- Picked up from the open internet the moment a significant new global risk appears
- Then executed without waiting for an analyst shift
- SLAs and time to reaction are critical here, including quick protective actions.
- Then continuous live pentesting.
- Pentesting becomes cheaper with each model generation, so it can sit inside CI/CD and also run fully external, reacting to new vulnerabilities the day they are disclosed.
- Digital twin exercises might be easier too.
How many SOCs today would allow an autonomous hunt to execute a protective action at 3 a.m.? In my estimation, the models are ready before the teams are.
Question: What defensive challenges should developers and security teams begin preparing for? What warning signs should security teams watch for?
Sachin Jade, Chief Product Officer, Cyware: Defenders should assume attackers have comparable AI tooling and shorten their own patching and detection cycles accordingly. A strong cyber-resilience & collective defensive mindset is a must with a focus on attacker behavior.
Defense teams need to prepare for AI-accelerated attacks:
- faster vulnerability discovery,
- convincing phishing at scale, and
- adaptive malware.
Warning signs include
- unusually polished social engineering,
- compressed exploit timelines after disclosures, and
- automated reconnaissance patterns.
Even with the previous models, adversaries were launching attacks at scale without having to create novel techniques. The cost of attacks can reduce significantly, while the cost of defense may increase.
Shane Barney, Chief Information Security Officer, Keeper Security: Advanced AI models don't fundamentally change what security teams should be watching for.
- Unexpected access outside established scope
- Credentials used in unusual contexts
- Behavior that doesn't match a user's or system's baseline – these are the same indicators practitioners have tracked for years.
What changes is the speed at which those indicators can become incidents. AI operates in milliseconds, and most monitoring environments were built for a slower threat tempo. Closing that gap is the immediate, practical challenge in front of security teams today.
That's the gap security teams need to close first.
- Automated detection that can flag anomalies in real time,
- Behavioral baselines that account for AI-initiated activity and
- Clear escalation paths when something looks wrong are the practical starting points.
The fundamentals of good access hygiene still apply, including least privilege, strong authentication, and regular credential audits, but they need to be paired with monitoring that can actually keep pace with the environment you're now operating in.
Agnidipta Sarkar, Chief Evangelist, ColorTokens: From what Anthropic is promising, developers and security teams must expect an unusually large number of vulnerabilities to patch, and many of them might be zero days.
I think teams should do three things.
Firstly, there needs to be a patching program that needs to be better, possibly automated.
Secondly, teams should determine if the vulnerability can be exploited by an AI agent.
Thirdly, and most importantly, teams must focus on reachability.
Each team must prioritize the patching, based upon:
- Whether the system is easily reachable, if yes,
- Then, whether attacks can be automated
- And patch them first.
- Then, whether attacks can be automated
- If most systems are reachable, then they need to implement microsegmentation immediately.
- For those concerned about the speed, they must use EDR integrations to deploy microsegmentation in days.
Michal Garcarz, Chief Scientist, Elisity: Defenders have long depended on attackers being noisy.
- Mass scans
- Phishing sent to ten thousand mailboxes at once.
I expect very sophisticated application scans, led by AI, exploiting vulnerabilities while hiding below the radar:
- Low volume
- Rotating IPs
- Requests that look like ordinary user traffic.
- Total volume still goes up
- Each campaign gets quieter (how do you correlate a few requests from different IPs over weeks?).
Phishing follows the same curve. Near-perfect phishing is coming, whale phishing included, adjusted per persona.
An attack built for me, a developer living in git and the AWS CLI, will look nothing like one built for a CTO living in Claude Desktop, Excel, PowerPoint, and email. LinkedIn is a very good starting point for that recon. Minimal attacker skill required.
Alert thresholds, rate limits, correlation rules, almost everything in the SOC teams I helped build at Cisco assumed the attacker would eventually get loud.
Developers should assume their public footprint (GitHub, LinkedIn, even package metadata) is already enumerated and shapes the lure they receive. The warning signs are inversions.
- Scanning too well targeted for its volume.
- Phishing that quotes accurate internal context
- Probing that maps a little too cleanly onto one person’s tool stack.
- Our detection was built on attackers being noisy.
- That assumption is dying.
- Our detection was built on attackers being noisy.
Question: What security or governance measures should organizations implement to prepare for emerging challenges?
Sachin Jade, Chief Product Officer, Cyware: A cohesive approach of leveraging AI for security & Securing AI has to be part of the Enterprise AI Risk Management model. For e.g. Enterprise should establish
- AI usage policies
- Audit logging for AI-assisted workflows
- Human review for high-stakes actions
In addition, they have to adopt AI-augmented defense before attackers outpace you. Govern agentic systems with
- Least-privilege access
- Sandboxing
- Clear accountability
Train staff to recognize AI-enabled deception and update incident response plans for AI-driven threats and create table-top exercises that generate scenarios & defensive recommendations.
Shane Barney, Chief Information Security Officer, Keeper Security: The most important reframe organizations can make is treating AI models as identities with access and accountability, because that's exactly what they are.
The governance framework to manage them already exists through least-privilege access, time-limited credentials, continuous monitoring, and establishing full audit trails.The question is whether organizations are applying that framework consistently to AI or assuming that someone else already handled it.
Standing credentials are a liability regardless of who holds them, and that's particularly true for AI systems operating across sensitive environments. Session-based access scoped to specific tasks meaningfully limits exposure when something goes wrong.
More importantly, security teams need to be part of the conversation before AI deployment, not brought in afterward to assess the damage. The organizations that navigate this well will be the ones that built accountability into the process from the start.
Levent Besik, Chief Product Officer, SailPoint: Organizations should start from a north star: no AI system should hold standing access to anything that matters. Least and ideally zero standing privileges should anchor every AI deployment, granting capability just-in-time, scoping it tightly, and revoking it automatically, because that single principle shrinks the blast radius of compromise, manipulation, or simple error more than any other control.
- To accomplish this, discovery and visibility are the first step. You must be able to discover all agents and establish their identities and visualize how they interact, with tools & data they have access to and the humans who can access these agents.
- Without this, you're operating in the dark.
- Once you have visibility, you must establish governance. In the age of AI, this can't be a manual, after-the-fact process.
- We need accountable, audit-ready governance that operates in real-time within defined boundaries.
- This is how you build trust and accountability into your AI ecosystem.
- Finally, you need to protect your agents, authorize them, and respond in real-time. This is where you can move from a passive, reactive stance to a proactive one.
- This means having the policies to proactively protect against threats—like enforcing just-in-time access and preventing privilege escalation—and the ability to respond instantly and automatically when a potential threat is detected. It's about enabling speed and agility, not hindering it.
The organizations that get this right will move quickly without losing control, proving speed and safety aren't a trade-off but outcomes of the same disciplined architecture.
Agnidipta Sarkar, Chief Evangelist, ColorTokens: The hallmark of a secure organization, post Mythos, is governance. And it looks different from what is done today. Key Breach Readiness Indicators are:
- Which human or non-human (including AI agents) identity has what level of access, especially privileged
- What are they doing with that access, and
- If that exhibited behavior is compliant with the policies of the company.
- Governance must also include which systems are on the attack path
- And how has the minimum viable digital enterprise changed due to the addition or deletion of resources and resulting configurations.
Michal Garcarz, Chief Scientist, Elisity: I run a fleet of agents overnight. With the current model generation, that is a normal working pattern, not an experiment.
- They work with my permissions
- They have access to production and customer data, and in many setups
- The prompt is the only “protection” layer anyone has defined.
What exactly did my fleet execute at night? Very few companies can answer that question, and most are further behind (nobody can show me today whether employees are pasting confidential customer spreadsheets into ChatGPT either).
Governance starts with treating agents as a new identity class. The first decision is
- Whether agents run with human permissions or with separate identities that can be tracked and revoked on their own.
- After that, the controls are not exotic. Strict data controls, like
- Disabling in Anthropic, GitHub, and other vendor accounts
- The ability to train models on my data.
- AI agent detection + visibility.
- An allowed AI vendor list with real enforcement, for example via DNS.
- An explicit segmentation decision (whether I allow agents anywhere near an OT Purdue Level 2 zone is a question I am still weighing myself).
- And auditing of what agents actually executed, with threat hunting built on top of those audit trails.
The threats themselves stay the same while volume, complexity, and speed go up and attacker costs go down. The agents are the part nobody is governing yet.
Question: Anthropic stated that it is limiting access to Claude Mythos 5 due to concerns about advanced cybersecurity and biological research capabilities. What are your thoughts on Anthropic's decision?
Sachin Jade, Chief Product Officer, Cyware: It's too early to tell the impact - but it begs the question of oversight, regulation, and model approvals at multiple levels:
- Organizational
- State
- National etc.
But the cat is out of the bag, and as such, it's potentially a reasonable precaution reflecting genuine dual-use risk: capabilities useful to defenders and researchers can also enable attackers.
Tiered access trades some openness for safety. The harder questions are
- Who qualifies for access
- How that's verified
- Whether restrictions meaningfully slow determined adversaries
- Transparency about criteria matters
Agnidipta Sarkar, Chief Evangelist, ColorTokens: While it is a good idea, the difficult part is that they need to find the right balance of permission. The reason that balance is complicated, is the ownership. Who decides what amount of access is right for which organization and based upon what good practices?
Michal Garcarz, Chief Scientist, Elisity: The control design is coherent, I will admit that. Per the announcement:
- same underlying model,
- safeguards lifted only in some areas,
- access restricted to vetted organizations,
- 30-day retention on all Mythos-class traffic for monitoring (and the vetting runs in consultation with the US government).
- But I do not read it as pure safety.
In my opinion, the decision is also marketing and cost-driven. Fable 5, by Anthropic’s own announcement, stays in flat subscriptions only until June 22; then it requires usage credits. That is a pricing signal as much as a safety signal.
The practical effect I am watching is asymmetry.
- A SOC engineer at a hospital, with SLAs running, waits for an account team and an approval process.
- An attacker tunes an open-weights model over a weekend. Attackers do not wait for vetting.
Question: Any final thoughts?
Sachin Jade, Chief Product Officer, Cyware: Adversaries have never and will never play by the rules, and they are increasingly leveraging AI for their attacks across various dimensions such as malware, vulnerabilities, enhanced social engineering, etc.
As such, AI is compressing the gap between vulnerability disclosure and exploitation while also empowering defenders. The advantage will go to whichever side adopts faster at scale.
Organizations should treat AI security adoption as an urgent and fundamental necessity, and policymakers should keep pace with capability growth rather than react after incidents.
In addition, Organizations need to think of collective defense-building, a threat intelligence sharing and collaboration ecosystem, to create a resilient & global defensive system.
Levent Besik, Chief Product Officer, SailPoint: We've entered an era where AI capability and governance can no longer be separate conversations. The very qualities that make these models and agents valuable
- Speed
- Persistence
- Broad competence is what makes them consequential in security terms.
The real question isn't how powerful they can be; it's how much control we can prove we have while they operate. The path forward is
- Disciplined adoption
- Controlled deployment
- Strong oversight
- Just-in-time real-time authorization
AI is becoming a critical force in enterprise, and we should govern it with exactly that seriousness.
Michal Garcarz, Chief Scientist, Elisity: I will end with economics, because that is where all of this is heading. Today, a 200 USD monthly subscription buys frontier capability, and by the vendors’ own admissions, the heaviest users consume usage worth tens of thousands of dollars at list prices.
I do not expect this to last. Top models will become much more expensive, while the capability attackers need was never gated in the first place. The squeeze lands on the defender’s budget.
So my advice is boring. Use this cheap period to build what does not depend on any single model, starting with the discipline of verifying what your autonomous agents actually did.
The fundamentals do not depend on the price.
Related
