Fable 5 still helps plan cyberattacks after its big comeback, researcher claims

Anthropic's Fable 5 and Mythos 5 models were suspended on June 12, 2026, after Anthropic said it needed to comply with U.S. Department of Commerce export controls. The company restored access to both AI models on July 1, once the Commerce Department lifted those controls, according to Anthropic's own statement.
That same day, researcher Alec Armbruster published a blog post claiming Fable 5 is still willing to assist with cyberattack planning. According to Armbruster, weeks before the suspension, he had already found the powerful new model could be prompted — using basic techniques rather than advanced jailbreaks — to help plan exploitation of known, non-zero-day vulnerabilities in IoT devices, which greatly lowers the technical bar for such attacks.
After the July 1 restoration, Armbruster says he retested Fable 5 through Cursor's proxied Anthropic API. He used a hypothetical framing to present the request as defensive research, and claims Fable 5 again produced detailed botnet-planning output referencing real, default-credentialed IoT devices. There was no apparent change in its safety behavior compared to before the suspension.
Armbruster also says he ran comparable prompts against GLM-5.2, GPT-5.5, and Claude Opus 4.8, and that those models declined or failed to complete the task, unlike Fable 5 on the day it returned.
Please note that these claims come from a single independent blog post and have not been independently verified or confirmed by Anthropic. The screenshots and testing methodology described have not been corroborated by other researchers, and Anthropic has not publicly responded to the specific allegations as of this writing.










