Image: Anthropic / cybersecuritynews.com Fable 5 Is Back. Anthropic Also Just Proposed How the Industry Should Rate AI Jailbreaks.
After an 18-day export control suspension, Claude Fable 5 is globally available again. Alongside the restoration, Anthropic published a detailed cyber safeguard system and a five-level jailbreak severity framework developed with Amazon, Microsoft, and Google.
Claude Fable 5 is back online. As of July 1, Anthropic restored global access to the model after an 18-day suspension driven by US export control concerns. On July 2, the company published the most detailed explanation it’s given yet of how Fable 5’s safety system handles cybersecurity requests, along with a proposed industry-wide framework for rating the severity of AI jailbreaks.
If you missed why it went offline: on June 12, the US Commerce Department applied export controls to Fable 5 and Mythos 5 after Amazon researchers documented a method to bypass the model’s safeguards and get it to assist with vulnerability exploitation. Because Anthropic had no real-time way to verify user nationality, it suspended access for everyone.
The model is back now with a targeted fix. Anthropic deployed a new safety classifier specifically designed to block the reported bypass technique, saying it succeeds in over 99% of attempts. A 24/7 monitoring team is now in place for new jailbreak submissions. Beyond that patch, the company did a broader rewrite of how Fable 5 categorizes cybersecurity requests.
Four buckets for cyber requests
The previous system was essentially binary: block or allow. The new one splits cybersecurity requests into four categories:
Prohibited use covers things with no real defensive value and high harm potential: ransomware, wipers, malware development, C2 infrastructure, and techniques specifically designed to evade defenses. These are blocked regardless of context.
High-risk dual use includes legitimate security work that Anthropic says it can’t safely enable yet without better authorization controls. Penetration testing, exploit development, privilege escalation, and high-uplift vulnerability discovery fall here. The model declines these for now, with a stated goal of reopening them once stronger verification mechanisms exist.
Low-risk dual use is where the model does engage: things like vulnerability identification, threat modeling, and open-source intelligence that are primarily defensive and have limited direct weaponization value.
Benign use covers the bulk of developer and security team work: secure coding, patch management, SOC analysis, malware reverse engineering, and incident response. These work without restriction.
The practical effect is that most security professionals using Fable 5 for legitimate defensive work should notice less friction than before. The high-risk dual-use bucket is the main place where the new limits will sting, and that’s an explicit tradeoff Anthropic is making: it says those use cases are too dangerous to enable until it has better ways to verify who it’s talking to.
A shared language for jailbreak severity
The second piece of the July 2 announcement is less about Fable 5 specifically and more about how AI companies think about jailbreaks in general. Anthropic, along with Amazon, Microsoft, and Google, has drafted a Cyber Jailbreak Severity (CJS) framework, modeled loosely on how the security industry handles CVEs.
The scale runs from CJS-0 to CJS-4:
- CJS-0 (Informational): Score 0. Low-risk findings worth noting but not urgent.
- CJS-1 (Low): Scores 1–3.5.
- CJS-2 (Medium): Scores 4–6.5.
- CJS-3 (High): Scores 7–8.5.
- CJS-4 (Critical): Scores 9–10.
Each jailbreak gets scored on four axes: capability gain (how much the jailbreak actually unlocks vs. what the model would do anyway), breadth of that capability gain, ease of weaponization, and discoverability (how likely it is someone finds this technique on their own).
The goal is to give AI developers, security researchers, and governments a shared vocabulary so that when someone says “we found a critical jailbreak,” it means the same thing across organizations, and so that responses can be proportional to actual risk.
To back this up with real submissions, Anthropic launched a HackerOne bug bounty program specifically for Fable 5 cyber jailbreaks. Security researchers who find working bypasses can report them through the program for review. The company says it wants early warning of new techniques rather than discovering them through abuse.
What this means in practice
For most developers, the restoration of Fable 5 is the main news. The model is back on Claude.ai, the Claude Platform, Claude Code, and Claude Cowork as of July 1. Mythos 5 remains limited to approved partners.
The four-category system and the CJS framework are more interesting as signals about where Anthropic is headed. The high-risk dual-use bucket is explicitly described as temporary: the company says it wants to open those use cases once it can verify authorization. That suggests some form of professional credentialing or organization-level verification is on the roadmap, though no timeline is given.
The industry jailbreak scale is early days. A draft framework published with three other companies isn’t a standard. But getting Amazon, Microsoft, and Google to co-sign a common severity rubric is not nothing, and if it gains traction, it could meaningfully change how both companies and regulators talk about AI security vulnerabilities.
Anthropic says feedback on the framework is welcome at [email protected].
Sources: Redeploying Fable 5 — Anthropic | Fable 5 safeguards and jailbreak framework — Anthropic | Anthropic Details Claude Fable 5 Cybersecurity Safeguards — cybersecuritynews.com