Claude Fable 5 and the New Reality of AI-Enabled Third-Party Risk

Anthropic recently announced the release of Claude Fable 5, a public version of its more powerful Mythos AI model. Technology that was previously only accessible to a select few organizations is now available to businesses at an enterprise level. AI vendors are building the guardrails while threat actors are studying their attack vectors. Essentially, we are giving the keys to the AI world to businesses and hoping the guardrails hold steady. Security teams need to prepare even faster now. Mythos is no longer a theoretical risk. 

Why Fable 5 matters for security teams

To me, the bigger story of Anthropic’s Fable 5 release is what it signals for security teams: AI is becoming more powerful, more embedded in business workflows, and harder to contain within traditional risk management processes. Anthropic has even warned that AI is quickly approaching recursive self-improvement, or the ability for AI systems to improve themselves without direct human intervention. For anyone who remembers a time when autonomous systems were the stuff of Science Fiction, this feels a little too close. We are certainly in uncharted territory in which we must adapt quickly. 

Fable 5’s safety guardrails: A good start (but not enough)

Fable 5 is the publicly available, more heavily guarded version of Anthropic’s Mythos-class model. It comes with safety classifiers, fallback behavior, and hard limits around high-risk areas like cybersecurity, biology, chemistry, and model distillation. Anthropic has also said it will require 30-day retention on Fable 5 and Mythos 5 traffic, even for some enterprise customers that previously had zero-retention agreements.

This is huge. On one hand, it shows that Anthropic is taking misuse seriously, which is a concern many security professionals have voiced. More capable models need more monitoring, more visibility, and more safeguards. On the other hand, it also highlights a much larger issue for businesses: the more powerful these models become, the more risk they introduce around data access, retention, permissions, and third-party exposure.

Often, we give these models access to our data in order to help us scale faster. The tradeoff is that with more access to our data, if the AI tool, connected system, or identity layer is compromised, a threat actor could potentially gain access to that same sensitive data.

CISOs cannot rely on vendor guardrails alone to manage this risk. Safety classifiers are important, but they are not a complete security strategy. Models can be jailbroken. Bitsight Threat Intelligence has observed threat actors across all three buckets (ransomware, hacktivists, and nation-state actors) discussing ways to jailbreak various AI models.

The real risk: Data access and permissions

While Anthropic is taking security seriously, it is fair to plan for a world where not every competing model releases with the same level of safeguards. And even when the model provider is doing the right things, enterprises still need to understand how these tools are being used across their business, their vendor ecosystems, and the level of data the AI models have access to.

Businesses are giving AI systems more permissions than ever before. AI tools are being connected to code repositories, cloud environments, customer data, ticketing systems, internal documents, collaboration tools, and security workflows. In many cases, these tools are not just generating text. They are taking action, calling tools, writing code, analyzing vulnerabilities, and making recommendations that can affect real business operations.

The third-party problem

While a company can decide to steer clear of AI with unprecedented access to data, are their vendors doing the same? What about the SaaS platforms, managed service providers, software suppliers, support tools, analytics platforms, or security providers that may be using frontier AI behind the scenes? That is where the risk gets complicated.

That creates a new set of questions security teams need to ask:

• What AI models are our vendors using?
• What data do those models touch?
• Are prompts, outputs, or logs retained?
• Do vendors have zero-retention terms, or are those terms changing as models become more capable?
• What permissions do AI tools have inside business-critical systems?
• Can those tools access sensitive customer, employee, or operational data?
• How are vendors monitoring misuse, jailbreaks, and abnormal behavior?
• And if a vendor uses AI to write or maintain software, how are they validating that code before it reaches us?

This is where AI risk starts to look a lot like third-party risk.

Speed as a new attack surface

The other piece that matters is speed. Fable 5 and similar models show how quickly advanced AI can help with software development, analysis, and complex technical tasks. That is exciting for builders, but it also changes the equation for defenders.

Finding bugs is getting cheaper and faster. Turning vulnerability information into something actionable is getting easier. Threat actors will use these same capabilities to move faster from disclosure to exploit development. It can be easy to forget that the same tools we are using for our defenses, threat actors are also studying and have access to. That does not mean every vulnerability becomes an immediate crisis, but it does mean security teams need a better way to understand what actually matters.

Not every CVE applies to every business. Not every vulnerability creates the same level of risk. The challenge is knowing which exposures affect your organization, which ones affect your vendors, and which ones are seeing threat actor chatter or signs of exploitation. Prioritization needs to be prioritized.

Where Bitsight can help

Security teams need visibility into their own internet-facing assets, but they also need visibility into the extended ecosystem they depend on. They need to understand where critical vendors may be exposed, where fourth-party dependencies may create risk, and where a new vulnerability could have business impact. It's also important to understand which threat actors are relevant to you, your industry, and to your vendors. Just as not every CVE will apply to every company, not every threat and threat actor will either. 

This is especially important in an AI-enabled threat environment. If AI compresses the time between vulnerability disclosure and exploitation, organizations cannot wait for manual vendor notifications or annual questionnaires. They need continuous visibility, real-time intelligence, and a way to prioritize the risks that matter most. 

Bitsight does this through:

• Real time threat intelligence 
• CVE prioritization with the DVE score
• Threat actor tracking 
• Mitre Mapping 
• Third-Party Risk Management
• Threat intelligence for third party

Why this all matters

The takeaway from Fable 5 is not simply that one model is powerful or that one vendor has made a specific data-retention decision. The biggest thing to understand is that frontier AI is becoming operational infrastructure. It is being embedded into the tools businesses use every day, including the tools their vendors use every day. That means AI governance, third-party risk management, exposure management, and vulnerability prioritization are now part of the same conversation. 

The organizations that handle this well will not be the ones trying to patch everything or block every possible AI use case. They will be the ones that know where they are exposed, understand which risks matter to their business, and can act quickly when AI changes the speed of the threat landscape. Fable 5 is a reminder that AI capability is moving fast. Risk management needs to move faster.