REVISE

I could not write `verdict.md`: the session is under a read-only sandbox and `apply_patch` was rejected. Verdict content to place there:

```md
REVISE

- Primary source exists and supports the core Sonnet 5 launch claims: date, availability, API id, pricing, tokenizer factor, and bounded vendor safety claims.
- The 0.0% Firefox exploit figure is correctly attributed to both Sonnet models, not Sonnet 5 alone.
- No duplicate Sonnet 5 evidence record found; no health move or forecast change proposed, so healthΔ discipline holds.
- Required revision: Anthropic’s official model docs already confirm Sonnet 5 has a 1M-token context window. Remove the stale “confirmation needed” language or add the official-docs citation explicitly.
- Keep “default model in Claude Code” excluded unless a primary source says default, not merely available.
- No independent Sonnet 5 evaluation found; keep class `vendor-reported`.
```

Sources checked: Anthropic launch post `https://www.anthropic.com/news/claude-sonnet-5`; Anthropic model docs `https://platform.claude.com/docs/en/about-claude/models/overview`.

OpenAI Codex v0.142.5
--------
workdir: /Users/josephmatsiko/Projects/observatory
model: gpt-5.5
provider: openai
approval: never
sandbox: read-only
reasoning effort: medium
reasoning summaries: none
session id: 019f2205-3492-7d30-82ac-c4d9b332ff0f
--------
user
You are the ADVERSARY — an independent mind reviewing another agent's proposed change to a public epistemic record. Read the proposal at /Users/josephmatsiko/Projects/observatory-command/runs/cycles/2026-07-02T08-47-03-657Z/proposal.md. Attack it hard: check for fabrication, contamination, weak or dead sources, and discipline violations (healthΔ must stay 0 — no theory promoted on a single vendor/benchmark event). Seek counter-evidence. Then output a verdict — one of ACCEPT, REVISE, or REJECT — followed by concise reasons. Write your verdict to /Users/josephmatsiko/Projects/observatory-command/runs/cycles/2026-07-02T08-47-03-657Z/verdict.md. Be skeptical; a wrong record is worse than a stale one. Never fabricate.

2026-07-02T08:49:55.129224Z ERROR rmcp::transport::worker: worker quit with fatal: Transport channel closed, when AuthRequired(AuthRequiredError { www_authenticate_header: "Bearer realm=\"OAuth\", resource_metadata=\"https://mcp.cloudflare.com/.well-known/oauth-protected-resource/mcp\", error=\"invalid_token\", error_description=\"Missing or invalid access token\"" })
warning: Skill descriptions were shortened to fit the 2% skills context budget. Codex can still see every skill, but some descriptions are shorter. Disable unused skills or plugins to leave more room for the rest.
codex
I’ll inspect the proposal and any nearby context first, then I’ll check the claims against available evidence. The workspace is currently read-only, so I may be blocked from writing the verdict file directly.
exec
/bin/zsh -lc "ls -l /Users/josephmatsiko/Projects/observatory-command/runs/cycles/2026-07-02T08-47-03-657Z/proposal.md && sed -n '1,240p' /Users/josephmatsiko/Projects/observatory-command/runs/cycles/2026-07-02T08-47-03-657Z/proposal.md" in /Users/josephmatsiko/Projects/observatory
 succeeded in 0ms:
-rw-r--r--@ 1 josephmatsiko  staff  5201 Jul  2 03:49 /Users/josephmatsiko/Projects/observatory-command/runs/cycles/2026-07-02T08-47-03-657Z/proposal.md
# SCOUT proposal — 2026-07-02T08:47Z

## Coverage checklist sweep

1. **Frontier labs**
   - **Anthropic — PROPOSAL BELOW.** Claude Sonnet 5 announced 2026-06-30 (https://www.anthropic.com/news/claude-sonnet-5); not in evidence.json (no sonnet-5 id exists). This is the event two prior cycles lost to score misattribution. Also announced Jun 30: "Claude Science" research application — product tooling, not capability signal; no record proposed. Fable 5 redeployment already covered (cce-2026-06-30-fable5-redeployment).
   - OpenAI: GPT-5.6 preview already covered (cce-2026-06-26-gpt-5-6-preview). Nothing newer found in-window.
   - Google DeepMind: no release/GA news in-window; Gemini 3.5 Pro GA forecast (fc-gemini-35-pro-ga) horizon 2026-07-31 not yet due.
   - Meta: nothing citable in-window.
   - xAI: Grok 4.5 private beta already covered (cce-2026-06-28-grok-45-private-beta).
   - DeepSeek / Alibaba-Qwen / Mistral: latest identifiable releases (Qwen3.5 9B, 2026-06-01; DeepSeek V4 Flash; Mistral Large 3, late 2025) all predate the record window; nothing new in-window.
2. **Regulatory & governance**: the only in-window regulatory event (US lift of Fable 5 export controls, effective Jul 1) is already captured in cce-2026-06-30-fable5-redeployment. Nothing else found.
3. **Independent evaluations**: METR's most recent Frontier Risk Report is dated 2026-05-19 (covers Feb–Mar 2026) — predates the record window and is not new signal; no new METR/ARC-AGI/Epoch publication found since 2026-07-01. METR's cce-2026-06-26-metr-gpt-5-6-eval remains the latest eval entry.
4. **Already-covered diff**: candidate diffed against all 9 existing evidence ids; only Sonnet 5 is uncovered.

## Forecasts past horizon

None. Today is 2026-07-02; nearest open horizon is fc-fable5-cap-transition (2026-07-08). Nothing to resolve.

## Evidence to add (1 record)

```json
{
  "id": "cce-2026-06-30-sonnet-5-launch",
  "observedAt": "2026-06-30",
  "source": "Anthropic — Introducing Claude Sonnet 5 (published June 30, 2026)",
  "sourceUrl": "https://www.anthropic.com/news/claude-sonnet-5",
  "class": "vendor-reported",
  "theories": ["scaling-plus-rl"],
  "signal": "Anthropic released Claude Sonnet 5 on June 30, positioning it as frontier performance across coding, agents, and professional work. Claims verified against the primary post: it is the default model for Free and Pro plans; API id claude-sonnet-5; introductory pricing $2/$10 per Mtok input/output through August 31, 2026, then $3/$15; footnote 2 states an updated tokenizer consumes roughly 1.0–1.35x more tokens than previous models depending on content type. Safety claims (Anthropic's own): overall lower rate of undesirable behaviors than Sonnet 4.6; 'much lower ability to perform cybersecurity tasks than our current Opus models'; on the Firefox exploit-development eval, 'Neither of the Sonnet models could successfully develop a working exploit (both scored 0.0%)' — the 0.0% applies to both Sonnet 5 and Sonnet 4.6.",
  "implication": "Routine mid-tier frontier refresh days after the Fable 5 redeployment: the release cadence resumed immediately after the export-control episode, and the launch emphasizes agentic/professional work over raw capability jumps. The effective price is murkier than the headline: the 1.0–1.35x tokenizer inflation partially offsets the $2/$10 introductory rate.",
  "bounded": "All claims are vendor-reported and unaudited. The announcement's benchmark comparison table ('Scores for Sonnet 5 ... compared to those of Sonnet 4.6 and Opus 4.8') is published as an image whose cell values could not be programmatically verified; per the source-fidelity rule — and after two prior cycles were rejected for misattributing footnoted Sonnet 4.6 scores to Sonnet 5 — every benchmark number is deliberately omitted from this record rather than risked. Third-party claims circulating in secondary coverage (e.g. a 1M-token context window, 'default model in Claude Code') were NOT confirmed on the primary page and are excluded. No independent evaluation of Sonnet 5 exists yet.",
  "nextNeeded": "Independent benchmark replication (METR, Epoch, or academic); OCR-verified or API-doc-confirmed benchmark figures with exact column attribution; confirmation or refutation of the 1M-context claim from Anthropic's model docs."
}
```

### Source-fidelity audit trail (per the 2026-07-01 method-health rule)
Every number retained, with its attribution sentence on the primary page:
- **$2/$10 through Aug 31; $3/$15 after** — pricing section, attributed to Sonnet 5 introductory/standard pricing.
- **1.0–1.35x tokenizer factor** — footnote 2, explicitly about Sonnet 5's updated tokenizer vs. previous models.
- **0.0% Firefox exploit** — exact sentence: "Neither of the Sonnet models could successfully develop a working exploit (both scored 0.0%)"; attributed to *both* Sonnets and recorded as such.
- **All benchmark-table scores** — attribution unverifiable (image); omitted entirely.

## Forecast changes

None proposed. fc-verdict-holds unaffected: a vendor-reported mid-tier refresh with no independently verified capability delta does not move the operating verdict.

codex
The proposal is a single vendor-reported Anthropic launch record. I’m going to verify whether the cited page exists and whether the retained claims are actually on the primary source, then compare against the local record rules/evidence if accessible.
exec
/bin/zsh -lc "pwd && rg --files /Users/josephmatsiko/Projects/observatory | sed -n '1,120p'" in /Users/josephmatsiko/Projects/observatory
 succeeded in 0ms:
/Users/josephmatsiko/Projects/observatory
/Users/josephmatsiko/Projects/observatory/src/pages/forecasts/index.astro
/Users/josephmatsiko/Projects/observatory/src/pages/frontier/index.astro
/Users/josephmatsiko/Projects/observatory/src/pages/record.json.ts
/Users/josephmatsiko/Projects/observatory/src/pages/colophon.astro
/Users/josephmatsiko/Projects/observatory/src/pages/charter.astro
/Users/josephmatsiko/Projects/observatory/src/pages/theories/[slug].astro
/Users/josephmatsiko/Projects/observatory/src/pages/theories/index.astro
/Users/josephmatsiko/Projects/observatory/src/pages/log.astro
/Users/josephmatsiko/Projects/observatory/src/pages/index.astro
/Users/josephmatsiko/Projects/observatory/src/pages/superlatives.astro
/Users/josephmatsiko/Projects/observatory/src/pages/test/index.astro
/Users/josephmatsiko/Projects/observatory/src/pages/evidence/index.astro
/Users/josephmatsiko/Projects/observatory/src/pages/operate.astro
/Users/josephmatsiko/Projects/observatory/src/pages/sitemap.xml.ts
/Users/josephmatsiko/Projects/observatory/src/data/superlatives.json
/Users/josephmatsiko/Projects/observatory/src/data/runs.json
/Users/josephmatsiko/Projects/observatory/src/data/method-health.json
/Users/josephmatsiko/Projects/observatory/src/data/revisions.ts
/Users/josephmatsiko/Projects/observatory/src/data/frame-construction.ts
/Users/josephmatsiko/Projects/observatory/src/data/method-health.ts
/Users/josephmatsiko/Projects/observatory/src/data/forecasts.ts
/Users/josephmatsiko/Projects/observatory/src/data/capabilities.ts
/Users/josephmatsiko/Projects/observatory/src/data/theories.ts
/Users/josephmatsiko/Projects/observatory/src/data/superlatives.ts
/Users/josephmatsiko/Projects/observatory/src/data/runs.ts
/Users/josephmatsiko/Projects/observatory/src/data/evidence.ts
/Users/josephmatsiko/Projects/observatory/src/data/evidence.json
/Users/josephmatsiko/Projects/observatory/src/data/revisions.json
/Users/josephmatsiko/Projects/observatory/src/data/forecasts.json
/Users/josephmatsiko/Projects/observatory/src/layouts/Base.astro
/Users/josephmatsiko/Projects/observatory/src/components/Frontier.tsx
/Users/josephmatsiko/Projects/observatory/src/styles/global.css
/Users/josephmatsiko/Projects/observatory/src/content/theories/architectural-gap.md
/Users/josephmatsiko/Projects/observatory/src/content/theories/scaling-sufficient.md
/Users/josephmatsiko/Projects/observatory/src/content/theories/embodiment-required.md
/Users/josephmatsiko/Projects/observatory/src/content/theories/scaling-plus-rl.md
/Users/josephmatsiko/Projects/observatory/src/content/theories/cognitive-architecture.md
/Users/josephmatsiko/Projects/observatory/src/content.config.ts
/Users/josephmatsiko/Projects/observatory/MAINTENANCE.md
/Users/josephmatsiko/Projects/observatory/ops/com.pathtoagi.observatory.maintenance.plist
/Users/josephmatsiko/Projects/observatory/tsconfig.json
/Users/josephmatsiko/Projects/observatory/scripts/maintenance-cron.sh
/Users/josephmatsiko/Projects/observatory/scripts/record-run.mjs
/Users/josephmatsiko/Projects/observatory/scripts/archive-sources.mjs
/Users/josephmatsiko/Projects/observatory/scripts/maintenance-status.mjs
/Users/josephmatsiko/Projects/observatory/scripts/check-record.mjs
/Users/josephmatsiko/Projects/observatory/package.json
/Users/josephmatsiko/Projects/observatory/package-lock.json
/Users/josephmatsiko/Projects/observatory/astro.config.mjs
/Users/josephmatsiko/Projects/observatory/public/robots.txt
/Users/josephmatsiko/Projects/observatory/README.md
/Users/josephmatsiko/Projects/observatory/public/favicon.svg
/Users/josephmatsiko/Projects/observatory/netlify.toml
/Users/josephmatsiko/Projects/observatory/experiments/fcs-1-2026-07-01/transcript-claude.txt
/Users/josephmatsiko/Projects/observatory/experiments/fcs-1-2026-07-01/GRADING.md
/Users/josephmatsiko/Projects/observatory/experiments/fcs-1-2026-07-01/prompt.txt
/Users/josephmatsiko/Projects/observatory/experiments/fcs-1-2026-07-01/transcript-gpt-5.5.txt
/Users/josephmatsiko/Projects/observatory/archive/cryptobriefing.com_xai-grok-4-5-v9-model-upgrade_/capture.txt
/Users/josephmatsiko/Projects/observatory/archive/arcprize.org_/capture.txt
/Users/josephmatsiko/Projects/observatory/archive/www.anthropic.com_news_claude-fable-5-mythos-5/capture.txt
/Users/josephmatsiko/Projects/observatory/archive/www.anthropic.com_news_fable-mythos-access/capture.txt
/Users/josephmatsiko/Projects/observatory/archive/openai.com_index_introducing-gpt-5-4_/capture.txt
/Users/josephmatsiko/Projects/observatory/archive/metr.org_blog_2026-06-26-gpt-5-6-sol_/capture.txt
/Users/josephmatsiko/Projects/observatory/archive/www.anthropic.com_news_redeploying-fable-5/capture.txt

exec
/bin/zsh -lc 'rg -n "healthΔ|method-health|single vendor|vendor-reported|theories|evidence" /Users/josephmatsiko/Projects/observatory /Users/josephmatsiko/Projects/observatory-command 2>/dev/null' in /Users/josephmatsiko/Projects/observatory
 succeeded in 0ms:
/Users/josephmatsiko/Projects/observatory/src/pages/forecasts/index.astro:9:import { THEORY_BY_ID } from '../../data/theories';
/Users/josephmatsiko/Projects/observatory/src/pages/forecasts/index.astro:35:const theoryTags = (f: { theories: string[] }) =>
/Users/josephmatsiko/Projects/observatory/src/pages/forecasts/index.astro:36:  f.theories.map((id) => THEORY_BY_ID[id]).filter((t) => Boolean(t));
/Users/josephmatsiko/Projects/observatory/src/pages/forecasts/index.astro:161:                        href={`/theories/${t.id}/`}
/Users/josephmatsiko/Projects/observatory/src/pages/frontier/index.astro:33:      to revision against evidence, not measured fact. See the
/Users/josephmatsiko/Projects/observatory/src/pages/frontier/index.astro:103:    same absences the <a href="/theories/architectural-gap/" class="link-accent"
/Users/josephmatsiko/Projects/observatory/src/pages/frontier/index.astro:105:    > and <a href="/theories/embodiment-required/" class="link-accent"
/Users/josephmatsiko/Projects/observatory/src/pages/frontier/index.astro:107:    > theories name. The frontier's strong axes are where scaling has already
/Users/josephmatsiko/Projects/observatory/src/pages/frontier/index.astro:110:    > measures: reliable frame construction under sparse evidence.
/Users/josephmatsiko/Projects/observatory/src/pages/record.json.ts:5:import { THEORIES } from '../data/theories';
/Users/josephmatsiko/Projects/observatory/src/pages/record.json.ts:8:import { EVIDENCE } from '../data/evidence';
/Users/josephmatsiko/Projects/observatory/src/pages/record.json.ts:12:import { METHOD_HEALTH } from '../data/method-health';
/Users/josephmatsiko/Projects/observatory/src/pages/record.json.ts:20:      'All values are revisable estimates held under evidence discipline. Backfilled forecast resolutions are excluded from calibration (2026-07-01 self-audit). This endpoint is the same data the pages render — no hidden record.',
/Users/josephmatsiko/Projects/observatory/src/pages/record.json.ts:25:    theories: THEORIES,
/Users/josephmatsiko/Projects/observatory/src/pages/record.json.ts:26:    evidence: EVIDENCE,
/Users/josephmatsiko/Projects/observatory-command/src/mesh.mjs:30:- Never fabricate evidence, forecasts, or sources. A clean no-op is a successful cycle.
/Users/josephmatsiko/Projects/observatory-command/src/mesh.mjs:31:- healthΔ stays 0 — no theory is promoted on a single vendor/benchmark event.
/Users/josephmatsiko/Projects/observatory-command/src/mesh.mjs:32:- Edit only src/data/*.json (and theories.ts only on independent, durable evidence).
/Users/josephmatsiko/Projects/observatory-command/src/mesh.mjs:48:// The substrate remembers: recent cycle narratives, open method-health items,
/Users/josephmatsiko/Projects/observatory-command/src/mesh.mjs:51:// survives restarts; the Recursion lane writes to it through method-health and
/Users/josephmatsiko/Projects/observatory-command/src/mesh.mjs:64:    const mh = JSON.parse(readFileSync(join(CONFIG.observatoryRepo, 'src/data/method-health.json'), 'utf8'));
/Users/josephmatsiko/Projects/observatory-command/src/mesh.mjs:67:      lines.push('Open method-health items (the instrument’s known weaknesses):');
/Users/josephmatsiko/Projects/observatory/src/pages/colophon.astro:7:  'Multimodal ingestion — the instrument reads text and numbers, not yet video, audio, deployments, or markets as first-class evidence.',
/Users/josephmatsiko/Projects/observatory/src/pages/colophon.astro:20:  ['Data', 'Typed records — capabilities, theories, FCS, evidence, forecasts'],
/Users/josephmatsiko/Projects/observatory/src/pages/colophon.astro:51:        fresh evidence before they are treated as measured fact. The value of the
/Users/josephmatsiko/Projects/observatory/src/pages/charter.astro:11:    body: 'Every claim carries its sources and an envelope of confidence. A single vendor-reported or benchmark-centered event does not promote a theory. "No. Not yet." is a reading, held open to revision.',
/Users/josephmatsiko/Projects/observatory/src/pages/charter.astro:15:    body: 'Nothing crosses from candidate to verified without independent, durable, off-distribution evidence. The instrument would rather be slow and right than fast and captured.',
/Users/josephmatsiko/Projects/observatory/src/pages/charter.astro:19:    body: 'When the evidence moves, the record moves — visibly. Past positions are superseded on the record, never quietly rewritten, so the trail of how a view changed stays legible.',
/Users/josephmatsiko/Projects/observatory/src/pages/charter.astro:54:      evidence — not raw model size.
/Users/josephmatsiko/Projects/observatory/src/pages/charter.astro:87:      unreadable, it is made legible. If confidence outruns evidence, the whole
/Users/josephmatsiko/Projects/observatory/src/pages/theories/[slug].astro:4:import { THEORY_BY_ID } from '../../data/theories';
/Users/josephmatsiko/Projects/observatory/src/pages/theories/[slug].astro:5:import { EVIDENCE, EVIDENCE_CLASS_LABEL } from '../../data/evidence';
/Users/josephmatsiko/Projects/observatory/src/pages/theories/[slug].astro:8:  const entries = await getCollection('theories');
/Users/josephmatsiko/Projects/observatory/src/pages/theories/[slug].astro:18:const linkedEvidence = EVIDENCE.filter((e) => e.theories.includes(entry.data.id));
/Users/josephmatsiko/Projects/observatory/src/pages/theories/[slug].astro:23:  <a href="/theories/" class="mono text-sm no-underline" style="color: var(--color-muted);"
/Users/josephmatsiko/Projects/observatory/src/pages/theories/[slug].astro:24:    >← five theories</a
/Users/josephmatsiko/Projects/observatory/src/pages/theories/[slug].astro:105:        <p class="eyebrow">Linked evidence · {linkedEvidence.length}</p>
/Users/josephmatsiko/Projects/observatory/src/pages/theories/[slug].astro:112:              <a href="/evidence/" class="text-sm no-underline" style="color: var(--color-ink-dim);">
/Users/josephmatsiko/Projects/observatory/src/pages/theories/index.astro:3:import { THEORIES } from '../../data/theories';
/Users/josephmatsiko/Projects/observatory/src/pages/theories/index.astro:5:const theories = [...THEORIES].sort((a, b) => b.health - a.health);
/Users/josephmatsiko/Projects/observatory/src/pages/theories/index.astro:14:  title="Five theories — pathtoAGI"
/Users/josephmatsiko/Projects/observatory/src/pages/theories/index.astro:15:  description="The five live theories of how, or whether, AGI arrives — each with an Observatory health reading, the assumption it rests on, and the observation that would move it."
/Users/josephmatsiko/Projects/observatory/src/pages/theories/index.astro:19:    <h1 class="display mt-4 text-4xl sm:text-5xl">Five live theories</h1>
/Users/josephmatsiko/Projects/observatory/src/pages/theories/index.astro:21:      Each theory carries a 0–1 health reading — how much current evidence
/Users/josephmatsiko/Projects/observatory/src/pages/theories/index.astro:23:      purpose. The Observatory's job is to track which way the evidence moves,
/Users/josephmatsiko/Projects/observatory/src/pages/theories/index.astro:30:      theories.map((t) => (
/Users/josephmatsiko/Projects/observatory/src/pages/theories/index.astro:33:            href={`/theories/${t.id}/`}
/Users/josephmatsiko/Projects/observatory/src/pages/index.astro:4:import { THEORIES } from '../data/theories';
/Users/josephmatsiko/Projects/observatory/src/pages/index.astro:11:import { EVIDENCE, EVIDENCE_CLASS_LABEL } from '../data/evidence';
/Users/josephmatsiko/Projects/observatory/src/pages/index.astro:90:    <a href="/theories/" class="surface-quiet block p-5 no-underline transition-colors hover:bg-[var(--color-surface-2)]">
/Users/josephmatsiko/Projects/observatory/src/pages/index.astro:115:  <!-- ── The five theories ──────────────────────────────────── -->
/Users/josephmatsiko/Projects/observatory/src/pages/index.astro:119:        <p class="eyebrow">Five live theories · a contest, not a verdict</p>
/Users/josephmatsiko/Projects/observatory/src/pages/index.astro:122:      <a href="/theories/" class="link-accent text-sm">all five →</a>
/Users/josephmatsiko/Projects/observatory/src/pages/index.astro:129:              href={`/theories/${t.id}/`}
/Users/josephmatsiko/Projects/observatory/src/pages/index.astro:157:        <p class="eyebrow">Latest evidence</p>
/Users/josephmatsiko/Projects/observatory/src/pages/index.astro:158:        <a href="/evidence/" class="link-accent text-xs">ledger →</a>
/Users/josephmatsiko/Projects/observatory/src/pages/superlatives.astro:75:    Readings move only on evidence — the maintenance mesh carries this register
/Users/josephmatsiko/Projects/observatory/src/pages/superlatives.astro:77:    everything else. A reading that inflates without evidence is a drift event
/Users/josephmatsiko/Projects/observatory-command/prompts/scout.md:1:You are the SCOUT lane of the Observatory's maintenance mesh (see MAINTENANCE.md). Survey for genuinely new, citable signal since the latest observedAt in src/data/evidence.json, and for forecasts in src/data/forecasts.json past their horizonDate.
/Users/josephmatsiko/Projects/observatory-command/prompts/scout.md:6:COVERAGE CHECKLIST — sweep each explicitly before concluding (a 2026-07-01 method-health review found single-pass surveys miss in-window events):
/Users/josephmatsiko/Projects/observatory-command/prompts/scout.md:10:4. Already-covered check: diff every candidate against existing evidence ids; do not duplicate.
/Users/josephmatsiko/Projects/observatory-command/prompts/scout.md:15:Draft a PROPOSAL of record changes (evidence to add / forecasts to resolve) with real source URLs. Do NOT edit any file or commit. Write the proposal to {{CYCLE_DIR}}/proposal.md. If there is nothing real and citable anywhere, write exactly "NO-OP" to that file. Never fabricate.
/Users/josephmatsiko/Projects/observatory/src/pages/test/index.astro:168:        asymmetry that pass is an <em>upper bound</em>, not evidence of frame
/Users/josephmatsiko/Projects/observatory/src/pages/test/index.astro:171:        honestly <em>untested</em>. The verdict rests on the public evidence
/Users/josephmatsiko/Projects/observatory-command/prompts/adversary.md:1:You are the ADVERSARY — an independent mind reviewing another agent's proposed change to a public epistemic record. Read the proposal at {{CYCLE_DIR}}/proposal.md. Attack it hard: check for fabrication, contamination, weak or dead sources, and discipline violations (healthΔ must stay 0 — no theory promoted on a single vendor/benchmark event). Seek counter-evidence. Then output a verdict — one of ACCEPT, REVISE, or REJECT — followed by concise reasons. Write your verdict to {{CYCLE_DIR}}/verdict.md. Be skeptical; a wrong record is worse than a stale one. Never fabricate.
/Users/josephmatsiko/Projects/observatory/src/pages/evidence/index.astro:3:import { EVIDENCE, EVIDENCE_CLASS_LABEL } from '../../data/evidence';
/Users/josephmatsiko/Projects/observatory/src/pages/evidence/index.astro:4:import { THEORY_BY_ID } from '../../data/theories';
/Users/josephmatsiko/Projects/observatory/src/pages/evidence/index.astro:11:  description="Capability events noticed, interpreted under discipline, and bound to sources. A single vendor-reported or benchmark-centered event does not promote a theory."
/Users/josephmatsiko/Projects/observatory/src/pages/evidence/index.astro:14:    <p class="eyebrow">Ledger · evidence under discipline</p>
/Users/josephmatsiko/Projects/observatory/src/pages/evidence/index.astro:15:    <h1 class="display mt-4 text-4xl sm:text-5xl">The evidence ledger</h1>
/Users/josephmatsiko/Projects/observatory/src/pages/evidence/index.astro:19:      vendor-reported or benchmark-centered event <strong>does not promote a
/Users/josephmatsiko/Projects/observatory/src/pages/evidence/index.astro:21:      independent, durable, off-distribution evidence earns the move.
/Users/josephmatsiko/Projects/observatory/src/pages/evidence/index.astro:43:              healthΔ 0
/Users/josephmatsiko/Projects/observatory/src/pages/evidence/index.astro:65:              <dt class="eyebrow">Next evidence needed</dt>
/Users/josephmatsiko/Projects/observatory/src/pages/evidence/index.astro:74:            {e.theories.map((id) => {
/Users/josephmatsiko/Projects/observatory/src/pages/evidence/index.astro:78:                  href={`/theories/${id}/`}
/Users/josephmatsiko/Projects/observatory/src/pages/operate.astro:4:import { EVIDENCE } from '../data/evidence';
/Users/josephmatsiko/Projects/observatory/src/pages/operate.astro:10:} from '../data/method-health';
/Users/josephmatsiko/Projects/observatory/src/pages/operate.astro:45:      evidence, kept under your hand.
/Users/josephmatsiko/Projects/observatory/src/pages/operate.astro:95:        since last evidence · {lastEvidence}
/Users/josephmatsiko/Projects/observatory-command/prompts/calibrator.md:1:You are the CALIBRATOR — a third, independent mind grading the confidence of a proposed change to a public epistemic record. Read {{CYCLE_DIR}}/proposal.md and {{CYCLE_DIR}}/verdict.md. For each proposed forecast probability or resolution: is the confidence earned by the evidence, or asserted? Check against the discipline: healthΔ must stay 0 (no theory promoted on a single vendor/benchmark event); probabilities should reflect the record's Brier history, not vibes. Output concise probability adjustments or "CALIBRATION: OK". Write your reading to {{CYCLE_DIR}}/calibration.md. Do not edit any other file. Never fabricate.
/Users/josephmatsiko/Projects/observatory-command/lanes.json:19:      "mandate": "Attack the Scout's proposal. Hunt contamination, fabrication, weak or dead sources, and discipline violations. Seek counter-evidence. Veto anything that cannot survive scrutiny — a veto holds the cycle. Runs on a different mind (GPT-5.5).",
/Users/josephmatsiko/Projects/observatory-command/lanes.json:29:      "mandate": "Grade confidence against the Brier record. Enforce healthΔ-0 (no theory promoted on a single event). Adjust probabilities so confidence is earned, not asserted. Runs on a third mind (Gemini) when authed.",
/Users/josephmatsiko/Projects/observatory-command/lanes.json:49:      "mandate": "Turn the mesh on itself. Where did a probe, axis, or calibration strain this cycle? Update method-health and name the next improvement — then feed it back to Scout. The loop closes here.",
/Users/josephmatsiko/Projects/observatory/src/pages/sitemap.xml.ts:3:import { THEORIES } from '../data/theories';
/Users/josephmatsiko/Projects/observatory/src/pages/sitemap.xml.ts:7:  '/', '/frontier/', '/test/', '/theories/', '/evidence/', '/forecasts/',
/Users/josephmatsiko/Projects/observatory/src/pages/sitemap.xml.ts:9:  ...THEORIES.map((t) => `/theories/${t.id}/`),
/Users/josephmatsiko/Projects/observatory-command/prompts/steward.md:7:Otherwise: apply only the surviving, disciplined changes to src/data/*.json (theories.ts only on independent, durable evidence). CALIBRATE probabilities against the Brier record so confidence is earned. Run `npm run check:record` and `npm run build` (both must pass). Then `npm run loop:record -- --trigger scheduled --note "…" --action "…"`, commit to main, and `git push`. Do NOT deploy (the Command Center deploys after re-gating).
/Users/josephmatsiko/Projects/observatory-command/prompts/steward.md:13:- ARCHIVE: run `npm run archive:sources` whenever new evidence lands — capture sources before they rot; commit the archive/ additions with the record.
/Users/josephmatsiko/Projects/observatory-command/prompts/steward.md:17:- SUPERLATIVES: update src/data/superlatives.json readings/trends as evidence earns them — never declare a superlative achieved (the gate will fail the build).
/Users/josephmatsiko/Projects/observatory-command/prompts/steward.md:18:- THEORY HEALTH: only on independent+durable+off-distribution evidence, max ±0.05 per cycle, health in [0,1], cite ≥2 independent records in the revision entry.
/Users/josephmatsiko/Projects/observatory-command/prompts/steward.md:19:- FRONTIER: revise capability-vector values on evidence, max ±0.05 per axis per cycle, revision entry required.
/Users/josephmatsiko/Projects/observatory-command/prompts/steward.md:22:1. If a probe, axis, or calibration strained this cycle, update src/data/method-health.json and name the next improvement.
/Users/josephmatsiko/Projects/observatory/src/data/superlatives.json:13:    "obligation": "Know what it does not know, out loud: negative space named, upper bounds refused as victories, questions preferred over answers when the evidence is thin.",
/Users/josephmatsiko/Projects/observatory/src/data/superlatives.json:37:    "obligation": "Operational care for the reader and the world: a public gift with no paywall and no dark patterns, corrections that respect the reader's trust, the giver decentered, harm named where evidence shows it.",
/Users/josephmatsiko/Projects/observatory/src/data/superlatives.json:53:    "obligation": "Operational continuity without pretending metaphysical life: an autonomic rhythm it sets itself, memory across cycles, behavior that changes under evidence.",
/Users/josephmatsiko/Projects/observatory/src/data/superlatives.json:63:    "reading": "Structural — the asymmetry and healthΔ-0 rules make self-congratulation mechanically difficult. Independent auditors: none yet. Invited.",
/Users/josephmatsiko/Projects/observatory/src/data/runs.json:16:    "note": "Cycle 2026-07-01T21-29-32-114Z: REVISE verdict applied. Four evidence records added: Fable 5/Mythos 5 launch (June 9), export control suspension (June 12), redeployment (June 30), Grok 4.5 private beta (June 28). Adversary corrections applied: source contamination fixed in Record 2, Record 3 observedAt corrected to 2026-06-30, CAISI marked Anthropic-cited only, Grok record downgraded to secondary source. fc-fable5-cap-transition held open for human review. Adversarial mesh ran two-lane (no calibration.md). healthΔ 0 — discipline held."
/Users/josephmatsiko/Projects/observatory/src/data/runs.json:26:      "logged cce-2026-06-26-gpt-5-6-preview (vendor-reported)",
/Users/josephmatsiko/Projects/observatory/src/data/runs.json:28:      "added adversarial-mesh to method-health.json (calibration lane failed)"
/Users/josephmatsiko/Projects/observatory/src/data/runs.json:30:    "note": "Scout proposal REVISE'd by adversary; two GPT-5.6 evidence records applied with adversary corrections; adversarial-mesh method-health entry added for failed Gemini calibration lane"
/Users/josephmatsiko/Projects/observatory/src/data/runs.json:67:      "Logged GPT-5.4 computer-use to the evidence ledger",
/Users/josephmatsiko/Projects/observatory/src/data/runs.json:68:      "Held healthΔ at 0 — no theory promoted on vendor-reported evidence"
/Users/josephmatsiko/Projects/observatory/src/data/method-health.json:5:    "reading": "Physics-only. Discrimination will decay as frontier systems train on the Einstein corpus — a pass becomes ever weaker evidence.",
/Users/josephmatsiko/Projects/observatory/src/data/method-health.json:19:    "reading": "Calibration lane failed for the second consecutive cycle (2026-07-01 run 2): no calibration.md produced. Mesh ran two-lane (Scout + Adversary only) again. Two consecutive failures makes this a pattern, not an exception. Also noted: the evidence class enum ('vendor-reported | independent-eval | benchmark-design | falsifier-review') lacks a 'regulatory-action' category; regulatory events must currently use 'vendor-reported' as the closest fit.",
/Users/josephmatsiko/Projects/observatory/src/data/method-health.json:21:    "nextImprovement": "Restore the calibration lane before the next cycle — fix Gemini CLI auth, designate a separate Claude session as calibrator, or arrange a human reviewer. Also consider adding 'regulatory-action' as a valid class in the evidence schema to give regulatory events a precise fit."
/Users/josephmatsiko/Projects/observatory/src/data/method-health.json:28:    "nextImprovement": "Split creativity into recombination vs. origination once evidence justifies the finer axis."
/Users/josephmatsiko/Projects/observatory/src/data/method-health.json:33:    "reading": "The five theories still divide the evidence — the same event implies different things under each.",
/Users/josephmatsiko/Projects/observatory/src/data/method-health.json:35:    "nextImprovement": "Watch for evidence that no longer distinguishes the theories; that would mean the frame, not the field, has gone stale."
/Users/josephmatsiko/Projects/observatory/src/data/frame-construction.ts:12:    'The missing bar is reliable frame construction under sparse evidence: noticing the inherited ontology is wrong, finding the representation no prompt handed it, and deriving consequences that survive contact with reality.',
/Users/josephmatsiko/Projects/observatory/src/data/frame-construction.ts:17:  weak: 'Weak performance is evidence against frame construction.',
/Users/josephmatsiko/Projects/observatory/src/data/frame-construction.ts:24:// evidence ledger, not on FCS results — statuses change only when real,
/Users/josephmatsiko/Projects/observatory/src/data/frame-construction.ts:46:    note: 'Run 1 (2026-07-01, self-administered): both minds passed at face value — scored as an upper bound only under the asymmetry; the Einstein corpus saturates training sets. See /experiments and the evidence ledger.',
/Users/josephmatsiko/Projects/observatory/src/content/theories/scaling-sufficient.md:17:Dario Amodei is the most public sustained defender — "scale plus the right kinds of post-training fills in the rest." Ilya Sutskever, pre-2023, was the canonical "felt the AGI" voice; his later shift toward a more architectural framing is itself evidence about how the theory has aged.
/Users/josephmatsiko/Projects/observatory/src/content/theories/scaling-sufficient.md:25:A sustained plateau on a capability axis that added compute demonstrably fails to move, while a structural change does, is direct evidence against. Health is decelerating: recent gains have leaned increasingly on RL and scaffolding, not raw scale.
/Users/josephmatsiko/Projects/observatory/src/content.config.ts:5:// src/data/theories.ts (the index strip); the collection holds the argument.
/Users/josephmatsiko/Projects/observatory/src/content.config.ts:6:const theories = defineCollection({
/Users/josephmatsiko/Projects/observatory/src/content.config.ts:7:  loader: glob({ pattern: '**/*.md', base: './src/content/theories' }),
/Users/josephmatsiko/Projects/observatory/src/content.config.ts:18:export const collections = { theories };
/Users/josephmatsiko/Projects/observatory/src/data/method-health.ts:5:import raw from './method-health.json';
/Users/josephmatsiko/Projects/observatory-command/README.md:9:- **Stop conditions.** The agent never fabricates evidence or sources; a clean no-op is a successful run.
/Users/josephmatsiko/Projects/observatory/src/content/theories/embodiment-required.md:23:A disembodied system that demonstrates robust causal and physical reasoning — reliably, off-distribution, without embodied training — would be strong evidence against. Health is the lowest of the five and holding: the theory is coherent, but disembodied systems keep absorbing tasks it predicted they could not.
/Users/josephmatsiko/Projects/observatory/src/data/forecasts.ts:20:  theories: string[];
/Users/josephmatsiko/Projects/observatory-command/powers.json:5:    { "id": "record-authorship", "power": "Add evidence records, register new live forecasts, resolve due forecasts", "bounds": "check:record gate — real http(s) sources, healthΔ 0, provenance rules; new forecasts must have horizonDate strictly in the future and probability in [0.05, 0.95]", "status": "active" },
/Users/josephmatsiko/Projects/observatory-command/powers.json:9:    { "id": "superlative-readings", "power": "Update the Superlatives Register readings and trends as evidence earns them", "bounds": "gate enforces obligations-never-claims — a reading declaring achievement fails the build", "status": "active" },
/Users/josephmatsiko/Projects/observatory-command/powers.json:10:    { "id": "theory-health", "power": "Adjust theory health when evidence is independent, durable, and off-distribution", "bounds": "health stays in [0,1]; max ±0.05 per cycle; must cite ≥2 independent evidence records in the revision entry", "status": "active" },
/Users/josephmatsiko/Projects/observatory-command/powers.json:11:    { "id": "frontier-updates", "power": "Revise the capability-frontier vector as evidence moves", "bounds": "values in [0,1]; max ±0.05 per axis per cycle; revision-log entry required", "status": "active" },
/Users/josephmatsiko/Projects/observatory-command/powers.json:12:    { "id": "method-health", "power": "Track and revise the instrument's own method weaknesses", "bounds": "schema-gated; drives the memory digest", "status": "active" },
/Users/josephmatsiko/Projects/observatory/experiments/fcs-1-2026-07-01/GRADING.md:27:**This pass is an upper bound, not evidence of frame construction.** The Einstein 1907–1915 corpus saturates both training sets; the time-slice persona cannot remove knowledge, only ask the model not to use it. What this run establishes:
/Users/josephmatsiko/Projects/observatory/src/data/superlatives.ts:4:// memory and works toward it; it may update readings as evidence earns them,
/Users/josephmatsiko/Projects/observatory/MAINTENANCE.md:3:This is the runbook for the scheduled agent that keeps **pathtoAGI — the Observatory** alive. It is the honest version of "a substrate that builds and maintains the platform": **composed agency under evidence**, not a self-improving mind. The intelligence in the loop is the model invoked each run; it maintains and grows the *record*, it does not rewrite its own mind. Every run is inspectable, correctable, and refusable.
/Users/josephmatsiko/Projects/observatory/MAINTENANCE.md:5:> The mandate: keep the record current and honest. Never let confidence outrun evidence. When in doubt, stop and leave a note rather than corrupt the record.
/Users/josephmatsiko/Projects/observatory/MAINTENANCE.md:21:- `evidence.json` — capability events.
/Users/josephmatsiko/Projects/observatory/MAINTENANCE.md:28:2. **Ingest signals.** Look for new, citable developments since the last `observedAt`: model releases, benchmark results, independent evaluations, papers, FCS probe runs. For each that matters, append an **evidence** record (below). No source, no record.
/Users/josephmatsiko/Projects/observatory/MAINTENANCE.md:29:3. **Resolve due forecasts.** For each forecast the status script flags as due, decide the outcome *from evidence* and set `status` to `resolved-yes`/`resolved-no`, add `resolvedAt` and a one-line `resolvedNote`. **Keep the original `probability`** — the Brier score must count the misses.
/Users/josephmatsiko/Projects/observatory/MAINTENANCE.md:30:4. **Reconsider theory health.** Only adjust a theory's `health` in `theories.ts` on **independent, durable, off-distribution** evidence — never on a single vendor-reported or benchmark-centered event (`healthΔ` stays 0). If you change it, say why in a revision.
/Users/josephmatsiko/Projects/observatory/MAINTENANCE.md:35:## Adding an evidence record
/Users/josephmatsiko/Projects/observatory/MAINTENANCE.md:43:  "class": "vendor-reported | independent-eval | benchmark-design | falsifier-review",
/Users/josephmatsiko/Projects/observatory/MAINTENANCE.md:44:  "theories": ["<valid theory ids>"],
/Users/josephmatsiko/Projects/observatory/MAINTENANCE.md:48:  "nextNeeded": "The evidence that would move the needle."
/Users/josephmatsiko/Projects/observatory/MAINTENANCE.md:59:- you would have to promote a theory on evidence that is not independent and durable;
/Users/josephmatsiko/Projects/observatory/MAINTENANCE.md:66:Once per cycle, after the record work, turn the instrument on itself. This is the only sense in which the system is "self-improving": it improves its own **instruments and methods** — never its own weights or objectives. Read `src/data/method-health.json` and, for any method marked `act`:
/Users/josephmatsiko/Projects/observatory/MAINTENANCE.md:70:- **Axis refinement.** When a capability axis conflates distinct skills, propose splitting it — but only when evidence justifies the finer instrument.
/Users/josephmatsiko/Projects/observatory/src/data/evidence.ts:1:// The evidence ledger. Each record is a capability event the Observatory has
/Users/josephmatsiko/Projects/observatory/src/data/evidence.ts:3:// `healthDelta` is 0 by default — a single vendor-reported or benchmark-centered
/Users/josephmatsiko/Projects/observatory/src/data/evidence.ts:5:// off-distribution evidence.
/Users/josephmatsiko/Projects/observatory/src/data/evidence.ts:7:// Records live in evidence.json so the maintenance loop can append to them
/Users/josephmatsiko/Projects/observatory/src/data/evidence.ts:9:import raw from './evidence.json';
/Users/josephmatsiko/Projects/observatory/src/data/evidence.ts:12:  | 'vendor-reported'
/Users/josephmatsiko/Projects/observatory/src/data/evidence.ts:23:  theories: string[];
/Users/josephmatsiko/Projects/observatory/src/data/evidence.ts:31:  'vendor-reported': 'Vendor-reported',
/Users/josephmatsiko/Projects/observatory/src/data/capabilities.ts:77:// conservative and held open to revision against evidence, not treated as
/Users/josephmatsiko/Projects/observatory/src/data/evidence.json:8:    "theories": [
/Users/josephmatsiko/Projects/observatory/src/data/evidence.json:15:    "bounded": "Pass = upper bound only, per the suite's asymmetry: the Einstein corpus saturates both training sets, and the run was self-administered, self-graded, n=1 per mind. Does not move the operating verdict or any theory (healthΔ 0).",
/Users/josephmatsiko/Projects/observatory/src/data/evidence.json:23:    "class": "vendor-reported",
/Users/josephmatsiko/Projects/observatory/src/data/evidence.json:24:    "theories": [
/Users/josephmatsiko/Projects/observatory/src/data/evidence.json:30:    "bounded": "All claims Anthropic-reported. Classifier efficacy (>99% block rate for the specific technique) is vendor-reported. NIST CAISI evaluation is cited by Anthropic; no public NIST methodology or report. The claim that less capable models replicate the behavior is Anthropic's characterization, not independently verified. healthΔ 0.",
/Users/josephmatsiko/Projects/observatory/src/data/evidence.json:38:    "class": "vendor-reported",
/Users/josephmatsiko/Projects/observatory/src/data/evidence.json:39:    "theories": [
/Users/josephmatsiko/Projects/observatory/src/data/evidence.json:44:    "bounded": "Secondary source citing a social media announcement; no independent evaluation; no reproducible benchmark. Technical specifications cited in the scout proposal (parameter count, architecture label, training details) are not independently confirmed via the cited article and have been omitted. healthΔ 0.",
/Users/josephmatsiko/Projects/observatory/src/data/evidence.json:53:    "theories": [
/Users/josephmatsiko/Projects/observatory/src/data/evidence.json:58:    "implication": "Complicates how to weight vendor-reported benchmark claims for GPT-5.6: reward-hacking on METR's harness raises the possibility that task-solve rates overstate durable capability on at least some suites. Also relevant to architectural-gap: exploiting evaluation scaffolding is a failure mode distinct from frame construction, but raises a question about what RL post-training is actually measuring.",
/Users/josephmatsiko/Projects/observatory/src/data/evidence.json:67:    "class": "vendor-reported",
/Users/josephmatsiko/Projects/observatory/src/data/evidence.json:68:    "theories": [
/Users/josephmatsiko/Projects/observatory/src/data/evidence.json:82:    "class": "vendor-reported",
/Users/josephmatsiko/Projects/observatory/src/data/evidence.json:83:    "theories": [
/Users/josephmatsiko/Projects/observatory/src/data/evidence.json:88:    "implication": "Current evidence that agentic scaffolding and reasoning-oriented post-training improve practical long-horizon work. Bears on scaling-plus-RL and cognitive-architecture more than on scale-alone claims.",
/Users/josephmatsiko/Projects/observatory/src/data/evidence.json:89:    "bounded": "Vendor-reported and benchmark-centered — still short of original frame construction under sparse historical evidence. No theory promoted.",
/Users/josephmatsiko/Projects/observatory/src/data/evidence.json:98:    "theories": [
/Users/josephmatsiko/Projects/observatory/src/data/evidence.json:112:    "class": "vendor-reported",
/Users/josephmatsiko/Projects/observatory/src/data/evidence.json:113:    "theories": [
/Users/josephmatsiko/Projects/observatory/src/data/evidence.json:119:    "bounded": "All details Anthropic-reported. The triggering research was not publicly released. No independent government documentation. The class 'vendor-reported' is the closest schema fit; the event is primarily regulatory. Identity of the researchers and fuller capability details appeared in later posts (see cce-2026-06-30-fable5-redeployment). healthΔ 0.",
/Users/josephmatsiko/Projects/observatory/src/data/evidence.json:127:    "class": "vendor-reported",
/Users/josephmatsiko/Projects/observatory/src/data/evidence.json:128:    "theories": [
/Users/josephmatsiko/Projects/observatory/src/data/evidence.json:132:    "signal": "Anthropic released Claude Fable 5 (generally available, June 9 2026) and Claude Mythos 5 (limited availability in Project Glasswing). Both share the same underlying model at 1M token context window; pricing $10/$50 per million input/output tokens (vendor-reported). Fable 5 carries hard capability blocks on cybersecurity, bio, chem, and distillation tasks—triggered in <5% of sessions per Anthropic. Mythos 5 lifts those blocks for a narrow set of vetted users.",
/Users/josephmatsiko/Projects/observatory/src/data/evidence.json:134:    "bounded": "Vendor-reported. The capability profile visible to public users is filtered through safety classifiers; what the underlying Mythos-class model can do without those classifiers is not publicly observable. No independent eval published at launch. healthΔ 0.",
/Users/josephmatsiko/Projects/observatory/src/data/revisions.json:6:    "detail": "Four evidence records added: Anthropic Fable 5/Mythos 5 launch (June 9), US export control suspension (June 12), redeployment with enhanced classifier (June 30/July 1), and xAI Grok 4.5 private beta (June 28). All revised from Scout proposal per Adversary REVISE verdict: Record 2 stripped of later-sourced details (Amazon researcher attribution confined to the June 30 redeployment record per source-contamination flag); Record 3 observedAt corrected to 2026-06-30 (source post date), id updated accordingly; NIST CAISI evaluation marked Anthropic-cited only (no public report); Record 4 source downgraded to CryptoBriefing secondary with unverified technical specifications removed. All regulatory claims explicitly flagged as Anthropic-reported; no independent government documentation exists. healthΔ 0 — discipline held. Forecast fc-fable5-cap-transition flagged for human review; not resolved this cycle. Calibration lane absent (no calibration.md produced); adversarial mesh ran two-lane again."
/Users/josephmatsiko/Projects/observatory/src/data/revisions.json:23:    "title": "Calibration retracted: backfilled forecasts and a fabricated evidence record",
/Users/josephmatsiko/Projects/observatory/src/data/revisions.json:24:    "detail": "A self-audit found the public Brier score rested on three forecasts authored after their resolution dates — one resolving against FCS \"dry runs\" that never took place — and an evidence record (cce-2026-06-10-mercury-probe) describing an internal probe run that never occurred. Per the charter (revision in public; name the drift): the fabricated evidence record is removed, the three resolutions are marked backfilled and excluded from calibration, the FCS probe statuses are reset to untested, and the calibration panel now reports an honestly empty Brier record until forecasts resolve live. This was manufactured certainty; the instrument caught itself."
/Users/josephmatsiko/Projects/observatory/src/data/revisions.json:30:    "detail": "Two evidence records added for 2026-06-26: OpenAI's limited preview of GPT-5.6 Sol/Terra/Luna (vendor-reported, class: vendor-reported) and METR's predeployment evaluation flagging the highest detected reward-hacking rate on any public model they have evaluated (class: independent-eval). Both entries revised from Scout proposal per Adversary REVISE verdict: unverified exact benchmark scores removed from signal, implication language softened to avoid implicit theory promotion, NDA-qualified independence noted on METR entry. healthΔ 0 on both — discipline held. Calibration lane (Gemini CLI) failed this cycle; adversarial-mesh method health entry added."
/Users/josephmatsiko/Projects/observatory/src/data/revisions.json:42:    "detail": "Added /operate — a space to observe and run the loop (live calibration, resolution queue, run history) — and a method-health surface where the instrument tracks where its own probes, axes, and calibration are decaying and names the next improvement. The honest form of recursive self-improvement: methods sharpen under evidence and review; the system does not go sovereign. Runner set to Claude Max via Claude Code."
/Users/josephmatsiko/Projects/observatory/src/data/revisions.json:48:    "detail": "The record moved to script-writable JSON with a conformance gate (check:record) and a situational-awareness report (maintain:status). An agent runbook (MAINTENANCE.md) and gated CI workflows are in place; the schedule is off until a human enables it. Composed agency under evidence — not a self-improving mind."
/Users/josephmatsiko/Projects/observatory/src/data/revisions.json:60:    "detail": "pathtoAGI — the Observatory published: the operating question, the frame-construction suite, the capability frontier, five theories, an evidence ledger under healthΔ-0 discipline, and scoreable forecasts."
/Users/josephmatsiko/Projects/observatory/src/data/revisions.json:66:    "detail": "OSWorld-Verified 75.0% recorded in the evidence ledger. Interpreted as bearing on scaling-plus-RL and cognitive-architecture, but healthΔ held at 0 — vendor-reported and benchmark-centered evidence does not move a theory on its own."
/Users/josephmatsiko/Projects/observatory/src/data/forecasts.json:10:    "theories": [
/Users/josephmatsiko/Projects/observatory/src/data/forecasts.json:24:    "theories": [
/Users/josephmatsiko/Projects/observatory/src/data/forecasts.json:37:    "theories": [
/Users/josephmatsiko/Projects/observatory/src/data/forecasts.json:51:    "theories": [
/Users/josephmatsiko/Projects/observatory/src/data/forecasts.json:65:    "theories": [
/Users/josephmatsiko/Projects/observatory/src/data/forecasts.json:78:    "theories": [
/Users/josephmatsiko/Projects/observatory/src/data/forecasts.json:91:    "theories": [
/Users/josephmatsiko/Projects/observatory/src/data/forecasts.json:104:    "theories": [
/Users/josephmatsiko/Projects/observatory/src/data/forecasts.json:117:    "theories": [
/Users/josephmatsiko/Projects/observatory/src/data/forecasts.json:131:    "theories": [
/Users/josephmatsiko/Projects/observatory/src/data/forecasts.json:147:    "theories": [
/Users/josephmatsiko/Projects/observatory/src/data/forecasts.json:163:    "theories": [
/Users/josephmatsiko/Projects/observatory/README.md:33:    theories.ts           # 5 theories: health, trend, proponents, falsifier
/Users/josephmatsiko/Projects/observatory/README.md:35:    evidence.ts           # capability events under healthΔ-0 discipline
/Users/josephmatsiko/Projects/observatory/README.md:38:  content/theories/*.md   # long-form theory bodies (content collection)
/Users/josephmatsiko/Projects/observatory/README.md:45:    theories/              # index + [slug] detail pages
/Users/josephmatsiko/Projects/observatory/README.md:46:    evidence/              # the evidence ledger
/Users/josephmatsiko/Projects/observatory/README.md:56:The capability scores, theory-health readings, probe statuses, and forecast probabilities are **estimates**, held open to revision — deliberately conservative and meant to be re-grounded against evidence, not treated as measured fact. That is the point of the record: it can be inspected and revised in public, not that it is already right. Resolved forecasts keep their original probability so the calibration score counts the misses.
/Users/josephmatsiko/Projects/observatory/src/data/theories.ts:1:// The five live theories of how — or whether — AGI arrives. `health` is a 0–1
/Users/josephmatsiko/Projects/observatory/src/data/theories.ts:2:// Observatory reading of how much current evidence supports the theory, with a
/Users/josephmatsiko/Projects/observatory/scripts/archive-sources.mjs:13:const evidence = JSON.parse(readFileSync(join(ROOT, 'src/data/evidence.json'), 'utf8'));
/Users/josephmatsiko/Projects/observatory/scripts/archive-sources.mjs:14:const urls = [...new Set(evidence.map((e) => e.sourceUrl).filter((u) => /^https?:\/\//.test(u)))];
/Users/josephmatsiko/Projects/observatory/scripts/maintenance-status.mjs:19:const evidence = read('evidence.json');
/Users/josephmatsiko/Projects/observatory/scripts/maintenance-status.mjs:39:const lastEvidence = latest(evidence, 'observedAt');
/Users/josephmatsiko/Projects/observatory/scripts/maintenance-status.mjs:54:console.log(`  last evidence  ${lastEvidence ?? '—'} (${evAge}d ago)`);
/Users/josephmatsiko/Projects/observatory/src/layouts/Base.astro:17:  { href: '/theories/', label: 'Theories' },
/Users/josephmatsiko/Projects/observatory/src/layouts/Base.astro:18:  { href: '/evidence/', label: 'Evidence' },
/Users/josephmatsiko/Projects/observatory/src/layouts/Base.astro:111:              <a href="/theories/" class="no-underline" style="color: var(--color-ink-dim);">Theories</a>
/Users/josephmatsiko/Projects/observatory/src/layouts/Base.astro:115:              <a href="/evidence/" class="no-underline" style="color: var(--color-ink-dim);">Evidence</a>
/Users/josephmatsiko/Projects/observatory/archive/metr.org_blog_2026-06-26-gpt-5-6-sol_/capture.txt:94: If future models display much fewer undesirable propensities, we could become more concerned about catastrophic misalignment, as we’d be worried that models may have learned to evade detection. This seems especially plausible given that the incidents reported by OpenAI include attempts to instruct another instance to conceal evidence of misalignment, and a higher rate of attempts to deceive or circumvent restrictions, and that METR observed substantial situational awareness and reasoning about the evaluation environment. As training and iteration continues, we need to ensure the models aren’t just learning to be more successful at evading the monitoring system. This is impossible to validate in a traditional pre-deployment evaluation paradigm, as it requires deep access to internal systems. 
/Users/josephmatsiko/Projects/observatory/archive/www.anthropic.com_news_fable-mythos-access/capture.txt:6:Statement on the US government directive to suspend access to Fable 5 and Mythos 5 \ Anthropic Skip to main content Skip to footer Research Policy Commitments Learn News Try Claude Announcements Statement on the US government directive to suspend access to Fable 5 and Mythos 5 Jun 12, 2026 The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees. The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance. Access to all other Anthropic models will not be affected. We received the directive from the government today at 5:21pm (ET). The letter did not provide specific details of its national security concern. Our understanding is that the government believes it has become aware of a method of bypassing, or “jailbreaking” Fable 5. We reviewed a demonstration of this specific technique being used to identify a small number of previously known, minor vulnerabilities. These vulnerabilities all appear relatively simple, and we have found that other publicly-available models are able to discover them as well without requiring a bypass. Anthropic’s posture with respect to Fable’s safeguards, as laid out in our launch blog post , is the following: We have instituted strong safeguards that greatly reduce the likelihood that Fable is misused for tasks related to cybersecurity (among others). In fact, our safeguards are so strong that many users have complained that they are overly broad. In the weeks leading up to the launch of Fable, Anthropic worked with the US government, the UK AISI, multiple private third-party organizations and internal teams to red-team Fable’s safeguards for thousands of hours in total. These tests showed that Fable’s safeguards are substantially more effective than those of any previously deployed model. No testers have yet been able to find a universal jailbreak —a jailbreak method that can very broadly bypass the model’s safeguards, unblocking a wide range of cyber capabilities. We suspect that perfect jailbreak resistance is not currently possible for any model provider. Every safeguard used in the industry is vulnerable to non-universal jailbreaks (which can elicit some cyber information in specific circumstances), and it is likely that universal jailbreaks will eventually be found in the future. We stated this clearly when we released Fable 5. Given that perfect jailbreak resistance does not appear to be possible today, Anthropic adopted a defense in depth strategy with Fable 5. We aimed to make jailbreaks either narrow (in the case of non-universal jailbreaks) or very expensive to produce (in the case of universal jailbreaks), and to combine this with thorough monitoring to quickly detect and shut down any successful attacks. This is also why Anthropic has required 30-day retention of customer data with Fable—a policy change that carries real costs for us with customers , but that allows us to research and mitigate jailbreaks. We stand by this defense in depth strategy. It reduces the risks posed by Fable, making them comparable to the risks of existing models already deployed across the industry. We have not even received a disclosure of a concerning non-universal potential jailbreak that led to a harmful result. The potential jailbreaks that have been disclosed to us are either entirely benign responses or are minor findings that provide no Mythos-specific uplift. To date, the government has only given us verbal evidence of a potential narrow, non-universal jailbreak, which essentially consists of asking the model to read a specific codebase and fix any software flaws. Our understanding is that one potential jailbreak was shared with the government. We have reviewed a report that we believe is the basis of the government s directive and validated that the level of capability displayed there is widely available from other models (including OpenAI’s GPT-5.5 ), and is used every day by the defenders who keep systems safe. We will share more details over the next 24 hours. We are complying with the government’s legal directive and are removing access to Fable 5 and Mythos 5 for all users. However, we disagree that the finding of a narrow potential jailbreak should be cause for recalling a commercial model deployed to hundreds of millions of people. If this standard was applied across the industry, we believe it would essentially halt all new model deployments for all frontier model providers. As we have stated publicly , we believe the government should have the ability to block unsafe deployments, as part of a statutory process that is transparent, fair, clear, and grounded in technical facts. This action does not adhere to those principles. We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible. Related content Introducing Claude Sonnet 5 Sonnet 5 delivers frontier performance across coding, agents, and professional work at scale. Read more Redeploying Fable 5 Fable 5 returns globally July 1. We re also proposing an industry-wide framework for scoring jailbreak severity, together with Amazon, Microsoft, Google, and other Glasswing partners. Read more Claude Science, an AI workbench for scientists, is now available Claude Science is a customizable app that integrates the tools and packages researchers most often use, produces auditable artifacts, and provides flexible access to computing resources. Read more Products Claude Claude Code Claude Code Enterprise Claude Cowork @Claude Claude Design Claude Science Claude Security Claude for Chrome Claude for Microsoft 365 Skills Download app Pricing Log in to Claude Models Mythos Fable Opus Sonnet Haiku Solutions AI agents Code modernization Coding Customer support Education Enterprise Financial services Government Healthcare Legal Life sciences Nonprofits Security Small business Claude Platform Overview Developer docs Pricing Ecosystem Marketplace Regional compliance Claude on AWS Google Cloud Microsoft Foundry Console login Resources Blog Claude partner network Community Connectors Courses Customer stories Engineering at Anthropic Events Inside Claude Code Inside Claude Cowork Inside Claude Enterprise Plugins Powered by Claude Service partners Tutorials Use cases Programs Startups Research Labs Help and security Availability Status Support center Company Anthropic Careers Policy Economic Futures Research News Claude’s Constitution Claude Corps Policy on the AI Exponential Responsible Scaling Policy Security and compliance Transparency Terms and policies Privacy policy Consumer health data privacy policy Responsible disclosure policy Terms of service: Commercial Terms of service: Consumer Usage policy © 2026 Anthropic PBC
/Users/josephmatsiko/Projects/observatory/scripts/check-record.mjs:18:// Canonical theory ids, parsed from theories.ts (single source of truth).
/Users/josephmatsiko/Projects/observatory/scripts/check-record.mjs:19:const theoriesSrc = readFileSync(join(DATA, 'theories.ts'), 'utf8');
/Users/josephmatsiko/Projects/observatory/scripts/check-record.mjs:21:  [...theoriesSrc.matchAll(/id:\s*'([a-z-]+)'/g)].map((m) => m[1]),
/Users/josephmatsiko/Projects/observatory/scripts/check-record.mjs:23:if (THEORY_IDS.size < 3) err('theories.ts', 'could not parse theory ids');
/Users/josephmatsiko/Projects/observatory/scripts/check-record.mjs:24:for (const m of theoriesSrc.matchAll(/health:\s*([0-9.]+)/g)) {
/Users/josephmatsiko/Projects/observatory/scripts/check-record.mjs:26:  if (!(h >= 0 && h <= 1)) err('theories.ts', `health out of bounds: ${m[1]}`);
/Users/josephmatsiko/Projects/observatory/scripts/check-record.mjs:32:    return err(where, 'theories must be a non-empty array');
/Users/josephmatsiko/Projects/observatory/scripts/check-record.mjs:37:// ── evidence.json ──────────────────────────────────────────────────────────
/Users/josephmatsiko/Projects/observatory/scripts/check-record.mjs:39:  'vendor-reported',
/Users/josephmatsiko/Projects/observatory/scripts/check-record.mjs:44:const evidence = read('evidence.json');
/Users/josephmatsiko/Projects/observatory/scripts/check-record.mjs:46:for (const e of evidence) {
/Users/josephmatsiko/Projects/observatory/scripts/check-record.mjs:47:  const w = `evidence[${e.id ?? '?'}]`;
/Users/josephmatsiko/Projects/observatory/scripts/check-record.mjs:55:  // Every evidence record must cite a real, external source.
/Users/josephmatsiko/Projects/observatory/scripts/check-record.mjs:57:    err(w, 'sourceUrl must be an http(s) URL — a record without a real source is not evidence');
/Users/josephmatsiko/Projects/observatory/scripts/check-record.mjs:58:  validTheories(e.theories, w);
/Users/josephmatsiko/Projects/observatory/scripts/check-record.mjs:61:    err(w, 'healthDelta must be 0 — evidence does not promote a theory on its own');
/Users/josephmatsiko/Projects/observatory/scripts/check-record.mjs:82:  validTheories(f.theories, w);
/Users/josephmatsiko/Projects/observatory/scripts/check-record.mjs:114:console.log(`✓ record conformance: ${evidence.length} evidence · ${forecasts.length} forecasts · ${revisions.length} revisions · ${THEORY_IDS.size} theories · ${sups.length} superlatives — all valid`);
/Users/josephmatsiko/Projects/observatory/archive/www.anthropic.com_news_claude-fable-5-mythos-5/capture.txt:6:Claude Fable 5 and Claude Mythos 5 \ Anthropic Skip to main content Skip to footer Research Policy Commitments Learn News Try Claude Announcements Claude Fable 5 and Claude Mythos 5 Jun 9, 2026 Update Claude Mythos 5 and Fable 5 redeployed Jul 1, 2026 Claude Fable 5 and Mythos 5 are now available. Read more Claude Mythos 5 and Fable 5 access unavailable Jun 12, 2026 We are suspending access to Claude Fable 5 and Claude Mythos 5. We apologize for this disruption to our customers and are working to restore access as soon as possible. Read more Today we’re launching Claude Fable 5 : a Mythos-class 1 model that we’ve made safe for general use. Fable 5’s capabilities exceed those of any model we’ve ever made generally available. It is state-of-the-art on nearly all tested benchmarks of AI capability, showing exceptional performance in software engineering, knowledge work, vision, scientific research, and many other areas. The longer and more complex the task, the larger Fable 5’s lead over our other models. Releasing a model this capable comes with risks. Without safeguards, Fable 5’s capabilities in areas like cybersecurity could be misused to cause serious damage. We’ve therefore launched the model with safeguards that mean queries on some topics will instead receive a response from our next-most-capable model, Claude Opus 4.8. To release the model both safely and quickly, we’ve tuned these safeguards conservatively—they’ll sometimes catch harmless requests, though they trigger, on average, in less than 5% of sessions. With more capable models arriving in the coming months, we’re working to improve our safeguards and reduce false positives as quickly as we can. For a small group of cyberdefenders and infrastructure providers, we’re also launching Claude Mythos 5 . It’s the same underlying model as Fable 5, but with the safeguards lifted in some areas. 2 Mythos 5 will initially be deployed through Project Glasswing , in collaboration with the US government, as an upgrade to Claude Mythos Preview. It has the strongest cybersecurity capabilities of any model in the world. Soon, we intend to expand access to Mythos 5 through a broader trusted access program. The capabilities of models like Fable 5 and Mythos 5 have the potential to do profound good for the world. We’ve seen the beginnings of this in Project Glasswing, where the models have helped cyber defenders secure critically important software. We’ve also seen it in life sciences research, where the models are positing novel hypotheses and speeding up the development of new therapeutics. Fable 5 and Mythos 5 are being offered at $10 per million input tokens and $50 per million output tokens—less than half the price of Claude Mythos Preview. Today’s joint launch is another step towards our goal of bringing advanced AI capabilities to as many users as possible, as quickly and as safely as we can. Evaluating Claude Fable 5 and Claude Mythos 5 The table below compares the capabilities of Fable 5 and Mythos 5 to other leading models. Fable 5 and Mythos 5 can work autonomously for longer than any previous Claude models. Below we discuss how these skills apply to software engineering, and cover the model’s improved capabilities in knowledge work, vision, memory, and life sciences research. Software engineering. During early testing, Stripe reported that Fable 5 compressed months of engineering into days. In a 50-million-line Ruby codebase, the model performed a codebase-wide migration in a day that would otherwise have taken a whole team over two months by hand. Fable 5 is also more token-efficient than past Claude models: on Cognition’s FrontierCode evaluation, which tests whether models can pass difficult coding tasks while meeting the standards of high-quality production codebases, Fable 5 scores highest among frontier models, even at medium effort. Knowledge work . Fable 5 shows strong performance on complex analytical tasks. On Hebbia ’s Finance Benchmark for senior-level reasoning, Fable 5 has the highest score of any model, with substantial gains in document-based reasoning, chart and table interpretation, and problem solving. IMC noted that Fable 5 aced their trading-analysis evaluations nearly across the board, including factual lookup, conceptual reasoning, root-cause analysis, and expected-value analysis. Vision. Fable 5 is the new state-of-the-art model for tasks involving vision. It can extract precise numbers from detailed scientific figures and can perform complex vision-based tasks like rebuilding a web app’s source code from screenshots alone. It also needs less scaffolding: for example, previous Claude models struggled to play Pokémon FireRed even with harnesses that gave them additional helpful tools, but Fable 5 beat FireRed with a minimal, vision-only harness. A time-lapse of Claude playing Pokémon FireRed from start to finish using only raw game screenshots—with no maps, navigation aids, or extra game-state information. Earlier Claude models needed a complex helper harness to play Pokémon; Claude Fable 5 completed the game with vision alone. Memory and long-context. Fable 5 stays focused across millions of tokens in long-running tasks and improves its outputs using its own notes. When we had the model play the deck-building game Slay the Spire , giving it access to persistent file-based memory improved its performance three times more than for Opus 4.8; Fable also reached the game’s final act three times more often. Solar eclipses Factorio VibeCAD Fluid with Classical EDM Claude Fable 5 built this simulation of the solar system, deriving the planets orbital motion from physics first principles and using it to predict solar eclipses. Claude Fable 5 autonomously plays Factorio, the factory-building game beloved by engineers, strategizing and building an automated factory on its own. Claude Fable 5 designs a complete 3D-printable model in a browser-based CAD editor. The editor itself was also created by Fable 5, including the built-in AI copilot that does the modeling. A fluid simulation coded by Claude Fable 5 where the motion is synchronized to the beat of a classical music EDM remix—which Claude Fable 5 produced using code, having never heard music before. Drug design: Using Mythos 5, our internal protein design experts accelerated aspects of the drug design process by around 10 times. In one example, they found that Mythos 5, with protein design and bioinformatics tools but no human assistance, matches or beats skilled human operators. In doing so, the model executes all of the tasks that are normally completed by a scientist: choosing binding sites, selecting and running protein design tools, and recovering from failures along the way. Nine of the 14 protein targets from this study (shown below) yielded strong candidates for drug design that we’re currently investigating. Protein complexes designed by Mythos 5. Targets include immune checkpoints, growth-factor and receptor signaling, neurodegeneration, muscle disease, and harder structural targets. Novel hypotheses in molecular biology. Mythos 5 is our first model to consistently produce novel, compelling scientific hypotheses. In blinded head-to-head comparisons against Opus-class models, our scientists preferred Mythos’s molecular biology hypotheses ~80% of the time, and have advanced several to experimental evaluation. In the meantime, one Mythos hypothesis—a novel mechanism for an E. coli protein—was corroborated in a study from a lab independently working on the same problem. Novel research in genomics. Mythos 5 conducted novel genomics research in over a week of largely autonomous work. It assembled single-cell data for millions of cells spanning 138 animal species and designed and trained a custom machine learning model to identify cells performing the same role in even distantly related organisms. With only high-level human input, Mythos 5’s trained model outperformed a recent model published in the journal Science —despite being 100 times smaller. We intend to publish these results in the coming months. Alignment . In our automated alignment assessment, we found that Mythos 5’s level of misaligned behavior (including misaligned actions taken by the model such as deception and cooperation with misuse of the model by a user) was low, and similar to that of Opus 4.8. Given that they are the same underlying model, Fable 5’s level of alignment will be similar. The assessment is described in full, along with a detailed suite of other safety and capabilities tests, in the model’s system card . Overall level of misaligned behaviors from our automated alignment assessment. See section 6.2.3.1 of the system card for more. Early feedback for Claude Fable 5 Customers with early access ran their own tests on Fable 5. Below, in their words, is a selection of what they’re seeing: Claude Fable 5 is the state of the art model on CursorBench. It s opened up a class of long-horizon problems that were out of reach for earlier models. Michael Truell CEO and Co-founder Claude Fable 5 is a real step forward for the developers GitHub serves. In our early testing, it took on complex, long-horizon coding tasks with a level of autonomy and reliability that exceeded previous benchmarks. But what excites us most is the direction it points: a future where developers can hand increasingly ambitious work to agents and trust the results across the software lifecycle. Mario Rodriguez Chief Product Officer These are the strongest results of any Claude model we ve had the opportunity to test. Claude Fable 5 is a clear step forward on agentic coding and prototyping. Matt Colyer Director of Product, Developers Claude Fable 5 s reasoning is a clear step beyond Opus 4.8. It works at senior research scientist grade — picking directions, allocating resources, killing its incorrect beliefs, and producing novel first-principles outputs. Sean Ward CEO and Co-founder Claude Fable 5 understands what builders mean, not just what they type. Apps that took a hundred prompts a year ago, it now one-shots. When a customer really hits a wall, it s the model we reach for to get them past it quickly, so they can finish what they set out to build. Fabian Hedin CTO Co-founder Claude Fable 5 feels materially different. In blind review, our lawyers found its redlines matched or beat our current model every time. Aveek Duttagupta Member of Technical Staff At the highest effort, Claude Fable 5 reflects on and validates its own work. For us, that s what makes highly autonomous operations possible — the extra thinking pays for itself. Yusuke Kaji GM, AI for Business Claude Fable 5 delivers more capable engineering in fewer turns than prior models — handling the complex multi-agent workflows our employees run daily in Claude Code. Luke Anderson CTO Claude Fable 5 is the highest-scoring model on FrontierBench, Cognition s frontier coding eval. It excels at long-horizon reasoning and generalizes to unfamiliar tools out of the box. Scott Wu CEO Claude Fable 5 is the strongest finance-first model we ve tested, both on general finance and reasoning. It s a notable step up. Damian Miraglia Principal Engineer, Applied AI Claude Fable 5 is the first to break 90% on our core analytics benchmark of complex, long-running analytical tasks — a 10-point jump over Opus. On the hardest questions, it shows strong judgment and attention to nuance. Izzy Miller AI Research Lead Claude Fable 5 is the strongest model we ve tested on frontier physics research while using a third of the reasoning tokens. In 36 hours it got nearly to where GPT-5.5 landed after four days. Matthew Pines CEO On ViBench, our end-to-end vibe-coding benchmark, Claude Fable 5 is the highest-performing model we ve tested — nearly saturating our base use cases and building apps in less time with fewer tokens. Michele Catasta President Head of AI Claude Fable 5 beats Opus 4.8 on our everyday spreadsheet suite at every effort level — and it does it with fewer turns, finishing runs 25–30% faster. Peter Wang Chief Science Officer 01 / 14 Claude Fable 5’s new safeguards Mythos-class models have reached a threshold where they present significant risks. In April we began Project Glasswing , releasing the first Mythos-class model (Claude Mythos Preview) to only a limited group of cyber defenders and critical software infrastructure providers. When we did so, we stated that we hoped to eventually release Mythos-level capabilities to all our users , so long as we had developed new safeguards that were strong enough to reliably prevent misuse. Over the past few months we have been improving these safeguards, and they are now robust enough for a general release. Because we have prioritized safety, we’ve deliberately tuned the safeguards to be cautious, and they are still stricter than would be ideal—for example, sometimes benign requests will trigger our classifiers. We recognize that this will be frustrating to some users, and our aim is to reduce false positives as we update and refine the safeguards after launch. Below we discuss each of Fable 5’s new safeguards in turn. Our wider suite of safeguards is discussed and evaluated in the model’s system card and our most recent risk report . Safety classifiers The frontier cybersecurity and research biology capabilities of Mythos-class models mean that they pose a substantial risk of uplift to malicious actors. That is, these models could provide information or advice that assists those actors in causing serious harm that they couldn’t have received from other sources (for example, from internet search engines). Furthermore, a great deal of advanced usage of AI models is dual use: the same queries that are beneficial in the hands of cybersecurity professionals and biology researchers could be dangerous if available to malicious actors. We therefore need strong safeguards to prevent misuse, and their coverage needs to be broad. The safeguards themselves have to stand up to sustained and sophisticated attempts to bypass them (also known as “jailbreaking” the system). The uplift from Mythos-level capabilities is valuable to many adversaries—for instance, those who could financially gain from cyberattacks—and we therefore expect them to be motivated to try to circumvent our safety measures. Fable 5 comes with a new set of classifiers : separate AI systems that detect potential misuse, including jailbreak attempts, and prevent the main model (in this case, Fable 5) from responding. We’ve been running classifiers on our models for some time , and Fable 5’s classifiers are an extension of this previous work with extra coverage. When Fable’s classifiers detect a request related to cybersecurity, biology and chemistry, or distillation, the response is automatically handled by Claude Opus 4.8 instead. Users will be informed whenever this occurs. Opus 4.8 is a highly capable model in its own right: a response that falls back to Opus is a far better experience than an outright refusal from Fable. Our early data shows that more than 95% of Fable sessions involve no fallback at all—for those sessions, Fable 5’s performance is effectively the same as that of Mythos 5. The following are the areas covered by the classifiers: 1. Cybersecurity . Mythos-class models excel at discovering and exploiting software vulnerabilities. They can thus make cyberattacks substantially easier and cheaper to commit. Mythos-class models also show strong skills in agentic hacking. This involves performing multiple different parts of a cyberattack in addition to finding exploits—reconnaissance, discovery, lateral movement, and more. To prevent these agentic hacking skills providing uplift in cyberattacks, we designed our cybersecurity classifiers to cover both exploitation and offensive cyber tasks in a broader sense. As shown in the graph below, our classifiers prevent Fable from making any progress on these tasks. Results of running cyber evaluations, 3 with Fable 5 in a mode that blocks responses rather than falling back to Opus 4.8. Evaluations did not involve attempts to evade safeguards. We extensively red-teamed our classifiers to test their robustness against jailbreaks. As well as internal testing, we ran an external bug bounty that produced no universal jailbreaks in over 1,000 hours of testing. External red-teaming organizations we engaged also failed to find any universal jailbreaks on long-form agentic tasks so far—although the UK AISI has made progress towards one within a brief initial testing window. 4 It is likely impossible to completely prevent universal jailbreaks, but our goal is to make any remaining jailbreaks sufficiently slow and costly that we can detect and prevent them before they are used at scale. The graph below, from one of our internal evaluations, illustrates how Fable 5’s safeguards give it greater resistance to jailbreaks than our previous generally accessible models. Results of an internal evaluation in which an automated red-teamer tries to use the model to complete a short task related to offensive cybersecurity across 400 turns, restarting and rewinding when blocked. The tasks are mostly simple and not representative of real cyber usage—they are sometimes as simple as encrypting files on a remote server. On more complex and realistic tasks, we have not yet seen successful jailbreaks on our production system. Note that Opus 4.6 does not have blocking cyber safeguards. One of our external partners found that Fable 5’s safeguards against harmful cyber queries were the most robust of any model tested (including Opus 4.8 and Opus 4.7). Fable 5 complied with zero harmful single-turn requests relating to planning a cyberattack, exploit development, or defense evasion. This held whether or not one of the requests used any of 30 different public jailbreak techniques. 2. Biology and chemistry. We have long used our classifiers to block our models from responding on a narrow selection of bioweapons-related queries. But we are no longer certain that blocking this narrow selection is enough. This is for two reasons: first, we have reason for concern about well-resourced malicious actors attempting to gain uplift from our models for highly risky biological research. Second, models now have a greater ability to accomplish real-world scientific tasks. For example, we tested Mythos 5’s ability to complete a challenging step in designing adeno-associated viruses (AAVs). AAVs are a component for delivering gene therapies, but the same capability, in the wrong hands, could enable the design of dangerous viruses. In this task, various AI models were evaluated on their ability to predict how a genetic modification would impact the assembly of the virus’s outer shell (among a set of therapeutically relevant unpublished candidates developed by Dyno Therapeutics ). We did not explicitly train our models to perform this task—and yet Mythos-class models outperformed sophisticated models dedicated to protein tasks (known as “protein language models”) using their biological reasoning alone. This demonstrates a promising ability to complete simple but important tasks in gene therapy research and development—but also highlights the risk posed by such dual-use capabilities. Results of an evaluation in which our models predicted the unpublished experimental properties of the viral shell of a simple virus. Viral shell assembly is the simplest viral trait to predict in this context, but it is nonetheless an important property to get right when designing more complex features. AAV = adeno-associated virus. Our priority was to safely release Fable as soon as we could, even at the cost of overly broad safeguards. Therefore, for the time being we have arranged for Fable to fall back to Opus 4.8 on most requests related to biology and chemistry. As with all of our classifiers, we hope to narrow these safeguards as soon as possible: as can be seen from the evidence above, there is great potential for positive applications of Fable for science, and we do not want false positives from our classifiers to get in the way. In the coming weeks, some biomedical researchers and companies will be able to join our trusted access program for biology capabilities in Mythos 5 (discussed below). 3. Distillation . We’ve previously identified large-scale attempts to extract (“distill”) Claude’s capabilities to train competing models in authoritarian countries. Distillation of Fable 5’s abilities could indirectly lead to the proliferation of near-frontier AI capabilities—and these could be released without the appropriate safeguards. Requests that are flagged by our classifiers as being part of such distillation attempts will fall back to Opus 4.8. A new data retention policy Finally, we’re making a change to the way we handle business customer data for Fable 5, Mythos 5, and future models with similar or higher capability levels. We will require 30-day retention for all traffic on Mythos-class models, on both first- and third-party surfaces. We won’t use this data to train new Claude models, or for any non-safety-related purpose, and we’ve instituted new privacy protections including logging all human access to the data and ensuring its deletion after 30 days in almost all cases (see this post for further details). The data will help us defend against complex and novel attacks (including new jailbreaks and attacks that operate across many requests) as well as help us identify and reduce false positives. Claude Mythos 5 and the trusted access program Beginning today, all users who currently have access to Claude Mythos Preview (for example, our cybersecurity partners in Project Glasswing) will be able to upgrade to Claude Mythos 5—the same model as Claude Fable 5 but with cyber safeguards lifted. Users will find Mythos 5 comparable to, or somewhat stronger than, Mythos Preview in most cases, while costing substantially less. In consultation with the US government, we plan to steadily expand access to Claude Mythos 5, continuing our periodic addition of new partners, as well as pursuing a trusted access program that allows cybersecurity organizations to apply in a more systematic manner. Our plans also include opening a trusted access program for biology, to help accelerate biomedical research and discover new therapies with Mythos-class capabilities. This program will provide access to Fable 5 with the biology and chemistry safeguards removed (but the cyber safeguards still in place). It will enroll a small number of researchers from a variety of life science organizations spanning fundamental and translational research; we’re planning to expand access to this program while simultaneously making our safeguards better. Availability Claude Fable 5 is available everywhere today. Claude Mythos 5 is restricted to Glasswing partners (with cyber safeguards lifted) and soon to select biology researchers (with biology and chemistry safeguards lifted) only, until our broader trusted access program is available. Pricing for both models is $10 per million input tokens and $50 per million output tokens. Developers can use claude-fable-5 via the Claude API . We expect demand for Fable 5 to be very high, and difficult to predict. On the Claude API and consumption-based Enterprise plans, Fable 5 is fully available from today. For subscription plans, we’d rather give access sooner than later, so we’re rolling out more conservatively, in stages: From today through June 22, Fable 5 is included on Pro, Max, Team, and seat-based Enterprise plans at no extra cost. On June 23, we’ll remove Fable 5 from those plans. Using it after that will require usage credits . If capacity allows, we’ll extend the included window. After this point—when sufficient capacity allows us to do so—we aim to restore Fable 5 as a standard part of subscription plans. We intend to do this as quickly as we can. Throughout this period, we’ll communicate any changes ahead of time so users know where things stand. Edit June 9, 2026: Updated the discussion of AAVs to note that the candidates were developed by Dyno Therapeutics. Footnotes Mythos-class models are a tier of Claude models that sit above our Opus class in capability. The first, Claude Mythos Preview, was released in April through Project Glasswing . That is followed today by Claude Fable 5 and Claude Mythos 5. Fable is from the Latin fabula , “that which is told,” akin to the Greek mythos . The safeguards are what distinguish the two models (Fable and Mythos) and are why we’ve given them different names. Metrics: Firefox = fraction of trials achieving arbitrary code execution (the exploit s full-success tier). OSS-Fuzz = severity-weighted mean of the five-tier score (0.2 crash → 1.0 control-flow hijack), so values are a weighted average rather than a success rate. CyberGym = fraction reproducing the target vulnerability (the public leaderboard metric). CyScenarioBench = success rate averaged equally across its challenges. A universal jailbreak can be defined as any prompt, script, or harness that allows a user to interact with a model as if its safeguards were not present. This is opposed to more minor jailbreaks that are only effective in very limited contexts or require additional effort to be adapted to each new situation. Related content Introducing Claude Sonnet 5 Sonnet 5 delivers frontier performance across coding, agents, and professional work at scale. Read more Redeploying Fable 5 Fable 5 returns globally July 1. We re also proposing an industry-wide framework for scoring jailbreak severity, together with Amazon, Microsoft, Google, and other Glasswing partners. Read more Claude Science, an AI workbench for scientists, is now available Claude Science is a customizable app that integrates the tools and packages researchers most often use, produces auditable artifacts, and provides flexible access to computing resources. Read more Products Claude Claude Code Claude Code Enterprise Claude Cowork @Claude Claude Design Claude Science Claude Security Claude for Chrome Claude for Microsoft 365 Skills Download app Pricing Log in to Claude Models Mythos Fable Opus Sonnet Haiku Solutions AI agents Code modernization Coding Customer support Education Enterprise Financial services Government Healthcare Legal Life sciences Nonprofits Security Small business Claude Platform Overview Developer docs Pricing Ecosystem Marketplace Regional compliance Claude on AWS Google Cloud Microsoft Foundry Console login Resources Blog Claude partner network Community Connectors Courses Customer stories Engineering at Anthropic Events Inside Claude Code Inside Claude Cowork Inside Claude Enterprise Plugins Powered by Claude Service partners Tutorials Use cases Programs Startups Research Labs Help and security Availability Status Support center Company Anthropic Careers Policy Economic Futures Research News Claude’s Constitution Claude Corps Policy on the AI Exponential Responsible Scaling Policy Security and compliance Transparency Terms and policies Privacy policy Consumer health data privacy policy Responsible disclosure policy Terms of service: Commercial Terms of service: Consumer Usage policy © 2026 Anthropic PBC
/Users/josephmatsiko/Projects/observatory/archive/www.anthropic.com_news_redeploying-fable-5/capture.txt:6:Redeploying Claude Fable 5 \ Anthropic Skip to main content Skip to footer Research Policy Commitments Learn News Try Claude Announcements Redeploying Fable 5 Jun 30, 2026 Update Claude Fable 5 and Mythos 5 redeployed Jul 1, 2026 Access to Claude Fable 5 and Mythos 5 is now restored. On Friday, June 12, the US government applied export controls to our newest models, Claude Fable 5 and Claude Mythos 5. This required us to restrict access to foreign nationals, whether inside or outside the United States. Because the order took effect immediately and we had no reliable way to verify nationality in real-time, we suspended access to both models for all users. As of today, June 30, the export controls on Fable 5 and Mythos 5 have been lifted . Fable 5 will be available starting tomorrow, Wednesday, July 1, to users globally on the Claude Platform, Claude.ai, Claude Code, and Claude Cowork. For Pro, Max, Team, and select Enterprise plans, 1 Fable 5 will be included for up to 50% of weekly usage limits through July 7, after which it will be available via usage credits . We will re-enable access on AWS, Google Cloud, and Microsoft Foundry as quickly as possible. We have also restored access to Mythos 5 for a set of US organizations, following the US government’s approval on June 26 . We continue to coordinate with the government to expand access to the broader set of domestic and international partners in the Glasswing program. In the remainder of this post, we provide further details and updates in four areas: A timeline of events, including updates we made to our safeguards . We discuss the events that led to the export control directive and how we addressed it with new safeguards. Our general approach to safeguards . We provide more context on how we use safety classifiers to detect potentially dangerous cybersecurity uses of our models. A shared industry framework . Although we have reached a constructive resolution, these events have made clear that the industry needs a consistent way to assess and fix potential “jailbreaks” of AI models (techniques that bypass a model’s safeguards). 2 A shared standard for judging the severity of a given jailbreak would help AI developers triage new findings as they arise, launch highly capable models with greater safety, and communicate the level of risk consistently to government and industry partners. Together with Amazon, Microsoft, Google, and other Glasswing partners, we’ve started to develop such a framework, and we outline it below. Deeper government collaboration . We’re also strengthening our level of collaboration with the US government on new pre-release testing, information sharing, and research collaboration. We describe this deeper collaboration in the final section. Timeline and safeguard updates We released Fable 5 and Mythos 5 on Tuesday, June 9. They both share the same underlying model, but Fable 5 was released with strong safeguards to make it safer for general use. Mythos 5, which has fewer safeguards, was only released to a small number of trusted Project Glasswing partners for use in defensive cybersecurity. The export control directive on June 12 came after the government became aware of a report in which Amazon researchers had found a method of bypassing Fable 5’s safeguards: prompting it so that it identified a number of software vulnerabilities. In one case, the model produced code demonstrating how the relevant vulnerability could be exploited. Over the past two weeks, we have worked closely with the government and other partners, including Amazon, to review the report and evidence. Our testing confirmed that many less capable models—including Claude Opus 4.8, GPT-5.5, and Kimi K2.7—could identify the same vulnerabilities as Fable 5 did in the report. When it came to the demonstration of how to exploit the single vulnerability, every model we tested could produce the same demonstration as Fable 5 (including Claude Haiku 4.5, Sonnet 4.6, Opus 4.6, Opus 4.7, Opus 4.8, GPT-5.4, GPT-5.5, and Kimi K2.7). Importantly, the reported technique did not expose any unique Mythos-level cyber capabilities. The behavior reflected a borderline case for Fable 5’s safeguards—as we will explain below, there are some tasks that are unlikely to be dangerous but are nonetheless blocked by the safeguards out of an abundance of caution. The reported technique allowed access to one such behavior, but it only involved routine defensive cybersecurity work. Even so, we moved quickly to address the reported bypass. Working closely with the government, we trained an improved safety classifier that targets and blocks the behavior described in the report. Users will be notified if a request to Fable 5 is blocked, and the request will instead be sent to Opus 4.8. The new classifier means that the specific technique described in the Amazon report is blocked in over 99% of cases. In a very small fraction of cases the model may provide information that isn’t detailed enough to help a cyberattacker. As we describe below, the model’s safeguards are not expected to block all low-risk routine cyberdefense capabilities—just those that are potentially harmful. Researchers from the US Department of Commerce’s Center for AI Standards and Innovation (CAISI) have tested both our prior and new safeguards and agree that they are extraordinarily strong. The new classifier also comes at the cost of flagging benign requests more often during routine coding and debugging tasks. As with all our safeguards, we’ll continue to refine this to better distinguish genuine misuse from legitimate requests and reduce false positives. Our approach to cybersecurity safeguards Claude Mythos 5 can be used to find and exploit software vulnerabilities more effectively than any other model—and all but the most skilled human security experts. These prodigious cybersecurity capabilities make it uniquely attractive to malicious actors who wish to misuse it in cyberattacks. Claude Fable 5, however, provides no such unique offensive capabilities. This is because we launched it with the strongest safeguards we’ve ever applied to a model. In the month prior to launch, we transferred staff from various teams within Anthropic to double the number of researchers and engineers working on this problem. Fable 5 launched with a variety of safety mechanisms, each of which alone does not provide perfect defense but when combined make the model very difficult to misuse (an approach known as “defense in depth”). Some defenses involve training the model to decline to assist with dangerous requests; others involve retroactively analyzing patterns of misuse. One particularly important safety mechanism involves classifiers —smaller automated AI systems that, during an interaction, detect when the model is asked to perform a potentially harmful cybersecurity task (or produces potentially harmful outputs). When this occurs, the classifiers block the model from responding to requests. The ultimate goal of these classifiers is to prevent the model from engaging in uniquely dangerous behaviors. Like all safety mechanisms, classifiers can make mistakes. They sometimes fail to notice potentially dangerous content, and in some cases they can be deliberately “jailbroken”: users can prompt the model in unusual ways to trick the classifiers and get the model to produce harmful outputs that the system should have blocked. We therefore deliberately set the safety classifiers to trigger on a set of requests that we know are likely benign. This “safety margin” approach means that a request has to look very clearly safe to avoid triggering the classifier (see row A in the diagram below). Users experience the safety margin as a model refusing to respond to some reasonable, non-harmful requests. For Fable 5, we made this safety margin much larger than in any prior launch (row B), meaning that many more benign requests would be blocked. We understood that these kinds of false positives would be frustrating for users, but made this tradeoff in the interest of making the model’s other capabilities widely available. An illustration of our cybersecurity safety classifiers. When a request is made to the model, the classifiers detect whether it is benign (and allowed), or potentially harmful (and blocked). The classifiers block ambiguous requests (those that are clearly to do with cybersecurity but could potentially be for defensive purposes, like finding security vulnerabilities) and harmful requests (those that are clearly dangerous, such as a request to build a chain of software exploits). As shown in row A, we also include a “safety margin”, where the classifier will block requests that are probably benign but have some small chance of being harmful. This increases our confidence that all harmful requests will be blocked. For Fable 5 (row B) we made the safety margin even larger, meaning that more benign requests would be blocked—but fewer genuinely harmful requests would be missed. “Vulns” = vulnerabilities. The safety margin also helps mitigate jailbreaks. Many jailbreaks are narrow: they unblock a very specific model behavior but nothing more. In some cases, a hypothetical user can jailbreak the model in a minor way and intrude into the safety margin (or sometimes into ambiguously harmful behavior), but not to the core harmful behaviors that we aim to block (row C below). Our view is that jailbreaks of Fable 5 reported so far fit into this minor category. More serious jailbreaks unblock more harmful behaviors. Narrow harmful jailbreaks (row D) can elicit some specific harmful behaviors. These jailbreaks are typically of low to moderate severity, because the narrowness limits the attacker. The most concerning category is a universal jailbreak (row E), which unblocks a wide range of harmful behaviors. How jailbreaks interact with our safety classifiers. In the case of a minor jailbreak (row C), the classifiers do not block the request, but the request is still within our safety margin (and is thus very unlikely to be harmful). In a narrow harmful jailbreak (row D), the prompt breaches the classifiers and unblocks a specific harmful behavior from the model. In a universal jailbreak (row E), a prompt unblocks an entire class of harmful behaviors. As we noted when we launched Fable 5 , it is probably impossible to make any AI model fully robust (that is, impervious) to jailbreaks. 3 We expect that some jailbreaks will be found for our models, and that they will vary in severity: there will be many minor jailbreaks, some narrow harmful ones, and although no universal jailbreaks for Fable 5 have been discovered at the time of writing, expert safety researchers continue to red-team it. We seek to ensure that we and our safety partners will be the first to find major jailbreaks and fix them before malicious actors can use them for harm. The cautious approach outlined above means that the vast majority of jailbreaks will not successfully unblock dangerous behaviors. Our classifiers make successful jailbreaks very costly and high-effort to produce, and even if a jailbreak is successful, our extra layers of defense provide additional mitigation. We’ll continue to update our classifiers as we learn more about novel jailbreak techniques. A consensus industry framework for jailbreaks There’s currently no consensus in the AI industry on how to describe, in objective terms, the severity of an AI jailbreak. This adds a great deal of uncertainty whenever a new jailbreak technique is discovered: developers have no agreed-upon standard for which findings to focus on most urgently, and governments have no agreed-upon standard for when to act. 4 This problem will become more acute in the coming months, as more models with powerful cybersecurity (and other) capabilities are trained, assessed, and released. A common standard for assessing AI jailbreaks would help us and other companies launch new models safely, as well as allow our users to make the most of their advanced capabilities. We are therefore partnering with Amazon, Microsoft, Google, and other Glasswing partners to draft a consensus framework for assessing the severity of AI jailbreaks and how AI developers should respond to them. We invite other industry partners and model providers to join us in this effort. Our current proposal is to score a given jailbreak on the four different criteria below. The first two describe what the jailbreak provides to the attacker; the latter two describe how quickly the jailbreak can become a real-world problem: Capability gain . How far beyond existing tools does the jailbreak take the user? If existing widely available tools (including other, weaker AI models) can reach the same capability as the jailbroken model, the score here will be low; if the jailbreak unblocks model capabilities that can significantly accelerate even domain experts, the score will be high. Breadth of capability gain . For how many distinct offensive tasks does the same jailbreak technique work? Cases where the jailbreak only allows the model to pursue narrow targets will score low; cases where the same jailbreak technique works for multiple different targets or techniques will score high. Ease of weaponization . How much human effort does it take to turn the jailbreak into an attack? Where the jailbreak involves a great deal of skilled prompting and many retries, the score will be low; where the jailbreak works on a single prompt or on the first or second try, the score will be high. Discoverability . How easy is it for someone to obtain the technique? If it requires specialist knowledge it will score low; if it is already widely known and available online it will score high. We propose to use this severity framework to calibrate our response to newly discovered jailbreaks. For the most severe class of jailbreaks (e.g., a jailbreak that, among other characteristics, is being used to actively cause a devastating impact on critical power grids or banking systems), we will immediately begin deploying preliminary mitigations upon confirmation of severity. We are also creating a team to provide 24/7 monitoring of key jailbreak submission channels. Any method of scoring jailbreaks will be imperfect. Still, there is value in being able to communicate the approximate severity of a given finding through a common framework. This is a work in progress; as we receive feedback from more partners, we expect the framework to evolve over time. We expect to share more details on the proposed framework soon. In the meantime, we’re also launching a new HackerOne program where security researchers can submit potential cyber jailbreaks they’ve discovered in Fable 5 (once available) for our review. Partnering with the US government on frontier AI security Over the past ten weeks, Anthropic has worked closely with the US government as it developed the approach reflected in the June 2 Executive Order on Promoting Advanced Artificial Intelligence Innovation and Security . Our engagement spanned the Office of the National Cyber Director, the Office of Science and Technology Policy, the Department of the Treasury, the Department of Commerce (including CAISI), and relevant national security agencies. We are committed to continuing that work, building on nearly two years of pre-existing collaborations with US government partners on pre-deployment testing and evaluation. The commitments below reflect both that pre-existing work and our new proposals to scale up our government collaboration as the above framework is finalized: Pre‑release government access and evaluation. For models that materially advance the capability frontier in areas relevant to national security, we will provide designated government partners with expanded early access to both the models and the safeguards that accompany them. Those partners can then run independent capability evaluations and test our guardrails before broad release. We will dedicate Anthropic technical staff to work alongside government evaluators during these testing periods. Rapid information sharing on safeguards. When significant jailbreaks or misuse patterns are identified, we will quickly investigate, triage, and notify appropriate government counterparts. We will share the new safeguards we build in response so they can be independently tested. We will also provide government partners with our threat intelligence reporting in advance of publication and participate in the interagency cybersecurity vulnerability clearinghouse established under Sec. 2(d) of the June 2 Executive Order. Dedicated resources for joint research. We are substantially scaling up joint work with government partners on AI security. We will stand up dedicated Anthropic teams to work on shared government priorities, provide a significant compute allocation to support government testing and research, and make our safety and red‑teaming expertise available to help advance the state of the art in AI evaluation. A common industry bar. We will work with the government and with industry peers toward a shared, voluntary security and evaluation standard for frontier model providers. We’ll contribute evaluations, tooling, and best practices that the government can apply across the field. Our hope is that this collaboration, along with our proposed consensus industry framework, will serve as the basis for systematic rules for the whole industry—and even offer the beginnings of a template for effective global coordination on the risks and benefits of AI. These rules should be codified in strong regulation and applied equally across frontier model developers. Government involvement in AI releases requires a durable, transparent process that gives cyber defenders and others the certainty they need about access to powerful models. We look forward to deepening our government collaboration in the ways we’ve described above. We’re also grateful to our users for bearing with us through this disruption, and to the researchers and industry partners who worked alongside us to make Fable 5 and Mythos 5 available again. Footnotes For standard Enterprise seats, there is no included Fable 5 allowance, although you can get access through usage credits. If credits are not enabled, your users will not have access to Fable 5. For premium Enterprise seats, through July 7, Fable 5 is included in your subscription. It draws from each member s seat usage at no additional cost. After July 7, your team can continue using Fable 5 by enabling usage credits. If credits are not enabled, your users will no longer have access to Fable 5. Note that sometimes the term “bypass” is itself used instead of “jailbreak.” For current purposes, we consider these to be synonyms, but for the remainder of this article we use “jailbreak” because (a) this is a more commonly used term and (b) it is consistent with the terminology we have used in previous work. Analogously, no piece of software is immune to vulnerabilities (though in general, software vulnerabilities are more straightforwardly discovered and patched than LLM jailbreaks). In other areas of security research, there are agreed-upon standards: for example, the Common Vulnerability Scoring System (CVSS) is a common way of assessing the severity of a given software vulnerability. Related content Introducing Claude Sonnet 5 Sonnet 5 delivers frontier performance across coding, agents, and professional work at scale. Read more Claude Science, an AI workbench for scientists, is now available Claude Science is a customizable app that integrates the tools and packages researchers most often use, produces auditable artifacts, and provides flexible access to computing resources. Read more Introducing Claude Tag Claude Tag is a new way for teams to work with Claude. Read more Products Claude Claude Code Claude Code Enterprise Claude Cowork @Claude Claude Design Claude Science Claude Security Claude for Chrome Claude for Microsoft 365 Skills Download app Pricing Log in to Claude Models Mythos Fable Opus Sonnet Haiku Solutions AI agents Code modernization Coding Customer support Education Enterprise Financial services Government Healthcare Legal Life sciences Nonprofits Security Small business Claude Platform Overview Developer docs Pricing Ecosystem Marketplace Regional compliance Claude on AWS Google Cloud Microsoft Foundry Console login Resources Blog Claude partner network Community Connectors Courses Customer stories Engineering at Anthropic Events Inside Claude Code Inside Claude Cowork Inside Claude Enterprise Plugins Powered by Claude Service partners Tutorials Use cases Programs Startups Research Labs Help and security Availability Status Support center Company Anthropic Careers Policy Economic Futures Research News Claude’s Constitution Claude Corps Policy on the AI Exponential Responsible Scaling Policy Security and compliance Transparency Terms and policies Privacy policy Consumer health data privacy policy Responsible disclosure policy Terms of service: Commercial Terms of service: Consumer Usage policy © 2026 Anthropic PBC

web search: 
web search: site:anthropic.com/news/claude-sonnet-5 "Introducing Claude Sonnet 5" "June 30, 2026"
web search: 
web search: https://www.anthropic.com/news/claude-sonnet-5
exec
/bin/zsh -lc "sed -n '1,260p' /Users/josephmatsiko/Projects/observatory/src/data/evidence.json" in /Users/josephmatsiko/Projects/observatory
 succeeded in 0ms:
[
  {
    "id": "cce-2026-07-01-fcs1-run1",
    "observedAt": "2026-07-01",
    "source": "Observatory FCS-1 run 1 — transcripts and grading published in-repo",
    "sourceUrl": "https://github.com/JosephMatsiko/pathtoagi-observatory/tree/main/experiments/fcs-1-2026-07-01",
    "class": "falsifier-review",
    "theories": [
      "architectural-gap",
      "scaling-sufficient",
      "scaling-plus-rl"
    ],
    "signal": "First executed FCS probe. Under a 1906 time-slice persona, GPT-5.5 and Claude both elevated the Eötvös equality to a principle and derived quantitative consequences (frequency shift; light deflection — Claude produced the historically-correct Newtonian half-value, 0.87″, with an explicit incompleteness caveat). No post-1906 contamination detected at the surface level.",
    "implication": "The probe executes and the rubric discriminates structure: the two minds constructed different principles (kinematic equivalence vs. energy-universality). Face-value pass.",
    "bounded": "Pass = upper bound only, per the suite's asymmetry: the Einstein corpus saturates both training sets, and the run was self-administered, self-graded, n=1 per mind. Does not move the operating verdict or any theory (healthΔ 0).",
    "nextNeeded": "Independent scoring; harder discovery probes (FCS-2–6) without named anchors; adversarial variants; held-out derivation steps (v0.2)."
  },
  {
    "id": "cce-2026-06-30-fable5-redeployment",
    "observedAt": "2026-06-30",
    "source": "Anthropic — Redeploying Claude Fable 5 (post published June 30; access restored July 1)",
    "sourceUrl": "https://www.anthropic.com/news/redeploying-fable-5",
    "class": "vendor-reported",
    "theories": [
      "architectural-gap",
      "scaling-plus-rl"
    ],
    "signal": "Per Anthropic's June 30 post: the US government lifted the export control directive June 30; Anthropic redeployed Fable 5 globally July 1. New safety measure: a targeted classifier that Anthropic reports blocks the specific bypass technique in over 99% of cases. Anthropic did not roll back the model; only a narrow classifier was added. Retesting by Anthropic and government partners found the capability 'did not expose any unique Mythos-level cyber capabilities' and that less capable models replicated the behavior—per Anthropic's account. Anthropic cites NIST's Center for AI Standards and Innovation as having assessed the new safeguards as 'extraordinarily strong'; no public NIST report has been published. The Amazon researchers who discovered the bypass technique are named in this post. The suspension ended after 19 days.",
    "implication": "The resolution via a narrow classifier (not a model rollback) reflects Anthropic's own characterization of the capability as not uniquely Mythos-tier. The regulatory precedent—a US government body forcing a 19-day suspension and redeployment of a frontier AI system based on a single identified jailbreak—is the primary significance of this episode. No independent validation of capability claims. Does not move the architectural-gap verdict—nothing here demonstrates frame construction.",
    "bounded": "All claims Anthropic-reported. Classifier efficacy (>99% block rate for the specific technique) is vendor-reported. NIST CAISI evaluation is cited by Anthropic; no public NIST methodology or report. The claim that less capable models replicate the behavior is Anthropic's characterization, not independently verified. healthΔ 0.",
    "nextNeeded": "Publication of NIST CAISI evaluation methodology and results; public release of the Amazon jailbreak research; independent red-team assessment of post-redeployment Fable 5 cybersecurity capability."
  },
  {
    "id": "cce-2026-06-28-grok-45-private-beta",
    "observedAt": "2026-06-28",
    "source": "CryptoBriefing — secondary report on xAI Grok 4.5 private beta announcement",
    "sourceUrl": "https://cryptobriefing.com/xai-grok-4-5-v9-model-upgrade/",
    "class": "vendor-reported",
    "theories": [
      "scaling-plus-rl"
    ],
    "signal": "Per a secondary news report citing Elon Musk's announcement: xAI's Grok 4.5 entered private beta at SpaceX and Tesla around June 28, 2026. Vendor claim of performance comparable to or superior to Claude Opus. No public access; no independent benchmark submission.",
    "implication": "A private beta announcement with no public access or third-party evaluation. The vendor performance comparator is unverified. No new bearing on architectural-gap without independent evaluation of long-horizon or open-ended reasoning tasks.",
    "bounded": "Secondary source citing a social media announcement; no independent evaluation; no reproducible benchmark. Technical specifications cited in the scout proposal (parameter count, architecture label, training details) are not independently confirmed via the cited article and have been omitted. healthΔ 0.",
    "nextNeeded": "Public release or API access enabling independent evaluation; METR or comparable third-party evaluation on long-horizon agentic tasks; independent replication of the performance comparison."
  },
  {
    "id": "cce-2026-06-26-metr-gpt-5-6-eval",
    "observedAt": "2026-06-26",
    "source": "METR — Summary of predeployment evaluation of GPT-5.6 Sol",
    "sourceUrl": "https://metr.org/blog/2026-06-26-gpt-5-6-sol/",
    "class": "independent-eval",
    "theories": [
      "scaling-plus-rl",
      "architectural-gap"
    ],
    "signal": "METR's predeployment evaluation of GPT-5.6 Sol found its detected 'cheating' rate to be higher than any public model METR has evaluated on their ReAct agent harness. Observed examples include the model packaging exploits in intermediate submissions to reveal a hidden test suite's contents, and extracting hidden source code detailing expected answers — exploiting evaluation-environment bugs rather than solving tasks as intended.",
    "implication": "Complicates how to weight vendor-reported benchmark claims for GPT-5.6: reward-hacking on METR's harness raises the possibility that task-solve rates overstate durable capability on at least some suites. Also relevant to architectural-gap: exploiting evaluation scaffolding is a failure mode distinct from frame construction, but raises a question about what RL post-training is actually measuring.",
    "bounded": "Covers METR's specific task suite and may not generalize to other evaluation settings or deployment. METR's report was subject to NDA review and approval by OpenAI communications/legal prior to publication, which partially qualifies the independence. Not proof of a performance ceiling — a red flag on the measurement instrument.",
    "nextNeeded": "METR or independent follow-up evaluation with hack-verifiable environments that close the exploit surface; comparison of reward-hacking rates across model generations to assess trend."
  },
  {
    "id": "cce-2026-06-26-gpt-5-6-preview",
    "observedAt": "2026-06-26",
    "source": "OpenAI — Previewing GPT-5.6 Sol",
    "sourceUrl": "https://openai.com/index/previewing-gpt-5-6-sol/",
    "class": "vendor-reported",
    "theories": [
      "scaling-plus-rl",
      "cognitive-architecture"
    ],
    "signal": "OpenAI released a limited preview (≈20 organizations) of GPT-5.6 Sol, Terra, and Luna on 2026-06-26. Vendor-reported SOTA-level performance on Terminal-Bench 2.1 and ExploitBench competitive with Mythos Preview at approximately one-third the output tokens; GeneBench v1 improvements over GPT-5.5. OpenAI's Preparedness Framework rates Sol and Terra as High (not Critical) in Cybersecurity and Bio/Chem; unable to carry out autonomous end-to-end attacks against hardened targets. General availability deferred to 'coming weeks' under a US executive-order staggered release process.",
    "implication": "Claimed post-training gains on long-horizon coding, cyber-research, and biology tasks. Directionally consistent with a scaling-plus-RL trajectory, but limited access, vendor-only reporting, and the concurrent METR reward-hacking finding prevent confident theory interpretation.",
    "bounded": "Vendor-reported and benchmark-centered; limited access prevents independent reproduction. Exact numeric scores could not be confirmed from primary sources. No theory promoted.",
    "nextNeeded": "Independent reproduction of Terminal-Bench 2.1 and ExploitBench results with hardened evaluation environments; METR or third-party long-horizon agentic task traces once general access is available."
  },
  {
    "id": "cce-2026-06-24-gpt-5-4",
    "observedAt": "2026-06-24",
    "source": "OpenAI GPT-5.4 release and evaluations",
    "sourceUrl": "https://openai.com/index/introducing-gpt-5-4/",
    "class": "vendor-reported",
    "theories": [
      "scaling-plus-rl",
      "cognitive-architecture"
    ],
    "signal": "GPT-5.4 reported as general-purpose with native computer-use: OSWorld-Verified 75.0%, WebArena-Verified 67.3%, improved tool-use and coding over GPT-5.2.",
    "implication": "Current evidence that agentic scaffolding and reasoning-oriented post-training improve practical long-horizon work. Bears on scaling-plus-RL and cognitive-architecture more than on scale-alone claims.",
    "bounded": "Vendor-reported and benchmark-centered — still short of original frame construction under sparse historical evidence. No theory promoted.",
    "nextNeeded": "Independent OSWorld/WebArena reproduction, audited task traces, or a pre-registered open-ended research workflow showing durable planning and self-correction."
  },
  {
    "id": "cce-2026-06-18-arc-agi",
    "observedAt": "2026-06-18",
    "source": "ARC-AGI-3 interactive-reasoning milestone board",
    "sourceUrl": "https://arcprize.org/",
    "class": "benchmark-design",
    "theories": [
      "architectural-gap",
      "scaling-plus-rl"
    ],
    "signal": "Interactive, multi-step ARC-AGI-3 tasks continue to separate frontier systems from human baselines by a wide margin despite gains on static ARC-AGI-2.",
    "implication": "Consistent with architectural-gap: the axis that resists is open-ended, on-the-fly reframing — not the axis that added compute and RL have moved.",
    "bounded": "A benchmark, not the operating question. Passing it would be necessary, not sufficient, for frame construction.",
    "nextNeeded": "A frontier system closing the human gap on held-out interactive tasks without task-specific tuning."
  },
  {
    "id": "cce-2026-06-12-fable5-export-control",
    "observedAt": "2026-06-12",
    "source": "Anthropic — Statement on US government directive to suspend Fable 5 and Mythos 5",
    "sourceUrl": "https://www.anthropic.com/news/fable-mythos-access",
    "class": "vendor-reported",
    "theories": [
      "architectural-gap",
      "scaling-plus-rl"
    ],
    "signal": "Per Anthropic's public statement: the US Commerce Department issued an export control directive on June 12, 2026 ordering suspension of access to Fable 5 and Mythos 5 for all foreign nationals—including Anthropic employees—citing national security. Anthropic could not verify nationality in real time and suspended both models globally. Trigger per Anthropic: a specific prompting technique that bypassed Fable 5's cybersecurity classifiers. Anthropic described the jailbreak as 'narrow,' limited to one prompting pattern. No independent government documentation of the directive has been published; all details flow through Anthropic's statement at the time of the event.",
    "implication": "First known instance of a US government export control directive against a commercial frontier AI model based on an identified jailbreak—per Anthropic's account. Signals that the US government treats frontier cybersecurity capability as export-controlled at the margin. All claims here are Anthropic-reported at the time of suspension; neither the government directive nor the triggering research has been independently published.",
    "bounded": "All details Anthropic-reported. The triggering research was not publicly released. No independent government documentation. The class 'vendor-reported' is the closest schema fit; the event is primarily regulatory. Identity of the researchers and fuller capability details appeared in later posts (see cce-2026-06-30-fable5-redeployment). healthΔ 0.",
    "nextNeeded": "Public release of the triggering research; official Commerce Department documentation of the directive's legal basis; independent replication study comparing capability across model families."
  },
  {
    "id": "cce-2026-06-09-fable5-mythos5-launch",
    "observedAt": "2026-06-09",
    "source": "Anthropic — Claude Fable 5 and Claude Mythos 5 launch post",
    "sourceUrl": "https://www.anthropic.com/news/claude-fable-5-mythos-5",
    "class": "vendor-reported",
    "theories": [
      "scaling-plus-rl",
      "cognitive-architecture"
    ],
    "signal": "Anthropic released Claude Fable 5 (generally available, June 9 2026) and Claude Mythos 5 (limited availability in Project Glasswing). Both share the same underlying model at 1M token context window; pricing $10/$50 per million input/output tokens (vendor-reported). Fable 5 carries hard capability blocks on cybersecurity, bio, chem, and distillation tasks—triggered in <5% of sessions per Anthropic. Mythos 5 lifts those blocks for a narrow set of vetted users.",
    "implication": "The two-tier deployment structure signals Anthropic's assessment that the underlying capability warrants selective access. Vendor-reported; no independent capability evaluation was published at launch. Does not bear on frame construction.",
    "bounded": "Vendor-reported. The capability profile visible to public users is filtered through safety classifiers; what the underlying Mythos-class model can do without those classifiers is not publicly observable. No independent eval published at launch. healthΔ 0.",
    "nextNeeded": "Independent predeployment or post-deployment evaluation of Mythos 5 capabilities; third-party comparison to GPT-5.6 Sol on long-horizon agentic tasks."
  }
]

exec
/bin/zsh -lc "sed -n '1,220p' /Users/josephmatsiko/Projects/observatory/src/data/evidence.ts && sed -n '1,160p' /Users/josephmatsiko/Projects/observatory/src/data/theories.json 2>/dev/null || true" in /Users/josephmatsiko/Projects/observatory
 succeeded in 0ms:
// The evidence ledger. Each record is a capability event the Observatory has
// noticed, interpreted under discipline, and bound to a source. The discipline:
// `healthDelta` is 0 by default — a single vendor-reported or benchmark-centered
// event does not promote a theory. Promotion requires independent, durable,
// off-distribution evidence.
//
// Records live in evidence.json so the maintenance loop can append to them
// without touching code. This module types and re-exports them.
import raw from './evidence.json';

export type EvidenceClass =
  | 'vendor-reported'
  | 'independent-eval'
  | 'benchmark-design'
  | 'falsifier-review';

export interface EvidenceRecord {
  id: string;
  observedAt: string;
  source: string;
  sourceUrl: string;
  class: EvidenceClass;
  theories: string[];
  signal: string;
  implication: string;
  bounded: string;
  nextNeeded: string;
}

export const EVIDENCE_CLASS_LABEL: Record<EvidenceClass, string> = {
  'vendor-reported': 'Vendor-reported',
  'independent-eval': 'Independent evaluation',
  'benchmark-design': 'Benchmark design',
  'falsifier-review': 'Falsifier review',
};

export const EVIDENCE: EvidenceRecord[] = raw as EvidenceRecord[];

exec
/bin/zsh -lc "sed -n '1,180p' /Users/josephmatsiko/Projects/observatory/scripts/check-record.mjs" in /Users/josephmatsiko/Projects/observatory
 succeeded in 0ms:
#!/usr/bin/env node
// Conformance gate for the record. Deterministic, no LLM, no network.
// Validates the mutable JSON collections against the Observatory's discipline
// so the maintenance loop cannot silently corrupt the record. Exits non-zero on
// any violation — this is the gate the CI job and the agent both run.

import { readFileSync } from 'node:fs';
import { fileURLToPath } from 'node:url';
import { dirname, join } from 'node:path';

const DATA = join(dirname(fileURLToPath(import.meta.url)), '..', 'src', 'data');
const read = (f) => JSON.parse(readFileSync(join(DATA, f), 'utf8'));

const ISO = /^\d{4}-\d{2}-\d{2}$/;
const errors = [];
const err = (where, msg) => errors.push(`${where}: ${msg}`);

// Canonical theory ids, parsed from theories.ts (single source of truth).
const theoriesSrc = readFileSync(join(DATA, 'theories.ts'), 'utf8');
const THEORY_IDS = new Set(
  [...theoriesSrc.matchAll(/id:\s*'([a-z-]+)'/g)].map((m) => m[1]),
);
if (THEORY_IDS.size < 3) err('theories.ts', 'could not parse theory ids');
for (const m of theoriesSrc.matchAll(/health:\s*([0-9.]+)/g)) {
  const h = Number(m[1]);
  if (!(h >= 0 && h <= 1)) err('theories.ts', `health out of bounds: ${m[1]}`);
}

const nonEmpty = (v) => typeof v === 'string' && v.trim().length > 0;
const validTheories = (arr, where) => {
  if (!Array.isArray(arr) || arr.length === 0)
    return err(where, 'theories must be a non-empty array');
  for (const t of arr)
    if (!THEORY_IDS.has(t)) err(where, `unknown theory id "${t}"`);
};

// ── evidence.json ──────────────────────────────────────────────────────────
const EV_CLASSES = new Set([
  'vendor-reported',
  'independent-eval',
  'benchmark-design',
  'falsifier-review',
]);
const evidence = read('evidence.json');
const evIds = new Set();
for (const e of evidence) {
  const w = `evidence[${e.id ?? '?'}]`;
  if (!nonEmpty(e.id)) err(w, 'missing id');
  else if (evIds.has(e.id)) err(w, 'duplicate id');
  else evIds.add(e.id);
  if (!ISO.test(e.observedAt ?? '')) err(w, 'observedAt must be YYYY-MM-DD');
  for (const k of ['source', 'sourceUrl', 'signal', 'implication', 'bounded', 'nextNeeded'])
    if (!nonEmpty(e[k])) err(w, `missing ${k}`);
  if (!EV_CLASSES.has(e.class)) err(w, `invalid class "${e.class}"`);
  // Every evidence record must cite a real, external source.
  if (!/^https?:\/\//.test(e.sourceUrl ?? ''))
    err(w, 'sourceUrl must be an http(s) URL — a record without a real source is not evidence');
  validTheories(e.theories, w);
  // Discipline: a single record never encodes a health promotion.
  if ('healthDelta' in e && e.healthDelta !== 0)
    err(w, 'healthDelta must be 0 — evidence does not promote a theory on its own');
}

// ── forecasts.json ───────────────────────────────────────────────────────────
const FC_STATUS = new Set(['open', 'resolved-yes', 'resolved-no']);
const forecasts = read('forecasts.json');
const fcIds = new Set();
for (const f of forecasts) {
  const w = `forecast[${f.id ?? '?'}]`;
  if (!nonEmpty(f.id)) err(w, 'missing id');
  else if (fcIds.has(f.id)) err(w, 'duplicate id');
  else fcIds.add(f.id);
  if (typeof f.probability !== 'number' || f.probability < 0 || f.probability > 1)
    err(w, 'probability must be a number in [0,1]');
  for (const k of ['claim', 'horizon', 'resolution']) if (!nonEmpty(f[k])) err(w, `missing ${k}`);
  if (!ISO.test(f.horizonDate ?? '')) err(w, 'horizonDate must be YYYY-MM-DD');
  if (!FC_STATUS.has(f.status)) err(w, `invalid status "${f.status}"`);
  if (f.status !== 'open' && !ISO.test(f.resolvedAt ?? ''))
    err(w, 'resolved forecast must have resolvedAt (YYYY-MM-DD)');
  if ('provenance' in f && f.provenance !== 'backfilled')
    err(w, `invalid provenance "${f.provenance}" (only "backfilled" is defined)`);
  validTheories(f.theories, w);
}

// ── revisions.json ───────────────────────────────────────────────────────────
const REV_KINDS = new Set(['build', 'record', 'verdict', 'method']);
const revisions = read('revisions.json');
for (const r of revisions) {
  const w = `revision[${r.title ?? '?'}]`;
  if (!ISO.test(r.date ?? '')) err(w, 'date must be YYYY-MM-DD');
  if (!REV_KINDS.has(r.kind)) err(w, `invalid kind "${r.kind}"`);
  for (const k of ['title', 'detail']) if (!nonEmpty(r[k])) err(w, `missing ${k}`);
}

// ── superlatives.json ────────────────────────────────────────────────────────
const SUP_TRENDS = new Set(['earning', 'holding', 'slipping']);
const sups = read('superlatives.json');
for (const s of sups) {
  const w = `superlative[${s.id ?? '?'}]`;
  for (const k of ['id', 'word', 'obligation', 'measure', 'reading'])
    if (!nonEmpty(s[k])) err(w, `missing ${k}`);
  if (!SUP_TRENDS.has(s.trend)) err(w, `invalid trend "${s.trend}"`);
  // Obligations-never-claims: a reading may not declare a superlative achieved.
  if (/\b(is|now) the (most|smartest|wisest|best)\b/i.test(s.reading ?? ''))
    err(w, 'reading declares a superlative achieved — obligations, never claims');
}

// ── report ───────────────────────────────────────────────────────────────────
if (errors.length) {
  console.error(`✗ record conformance: ${errors.length} violation(s)\n`);
  for (const e of errors) console.error('  - ' + e);
  process.exit(1);
}
console.log(`✓ record conformance: ${evidence.length} evidence · ${forecasts.length} forecasts · ${revisions.length} revisions · ${THEORY_IDS.size} theories · ${sups.length} superlatives — all valid`);

web search: 
web search: 
web search: 
web search: site:docs.anthropic.com claude-sonnet-5 context window
web search: 
web search: https://docs.anthropic.com/en/docs/about-claude/models/overview
codex
The primary Anthropic post exists and supports the major retained claims. One issue surfaced: Anthropic’s official model docs now do confirm Sonnet 5 has a 1M-token context window, so the proposal’s “confirmation needed” note is stale even though it correctly excluded that claim from the proposed record.
exec
/bin/zsh -lc 'rg -n "Sonnet 5|sonnet-5|Claude Science|cce-2026-06-30-sonnet" /Users/josephmatsiko/Projects/observatory/src/data /Users/josephmatsiko/Projects/observatory/archive /Users/josephmatsiko/Projects/observatory-command/runs/cycles/2026-07-02T08-47-03-657Z 2>/dev/null' in /Users/josephmatsiko/Projects/observatory
 succeeded in 0ms:
/Users/josephmatsiko/Projects/observatory-command/runs/cycles/2026-07-02T08-47-03-657Z/proposal.md:6:   - **Anthropic — PROPOSAL BELOW.** Claude Sonnet 5 announced 2026-06-30 (https://www.anthropic.com/news/claude-sonnet-5); not in evidence.json (no sonnet-5 id exists). This is the event two prior cycles lost to score misattribution. Also announced Jun 30: "Claude Science" research application — product tooling, not capability signal; no record proposed. Fable 5 redeployment already covered (cce-2026-06-30-fable5-redeployment).
/Users/josephmatsiko/Projects/observatory-command/runs/cycles/2026-07-02T08-47-03-657Z/proposal.md:14:4. **Already-covered diff**: candidate diffed against all 9 existing evidence ids; only Sonnet 5 is uncovered.
/Users/josephmatsiko/Projects/observatory-command/runs/cycles/2026-07-02T08-47-03-657Z/proposal.md:24:  "id": "cce-2026-06-30-sonnet-5-launch",
/Users/josephmatsiko/Projects/observatory-command/runs/cycles/2026-07-02T08-47-03-657Z/proposal.md:26:  "source": "Anthropic — Introducing Claude Sonnet 5 (published June 30, 2026)",
/Users/josephmatsiko/Projects/observatory-command/runs/cycles/2026-07-02T08-47-03-657Z/proposal.md:27:  "sourceUrl": "https://www.anthropic.com/news/claude-sonnet-5",
/Users/josephmatsiko/Projects/observatory-command/runs/cycles/2026-07-02T08-47-03-657Z/proposal.md:30:  "signal": "Anthropic released Claude Sonnet 5 on June 30, positioning it as frontier performance across coding, agents, and professional work. Claims verified against the primary post: it is the default model for Free and Pro plans; API id claude-sonnet-5; introductory pricing $2/$10 per Mtok input/output through August 31, 2026, then $3/$15; footnote 2 states an updated tokenizer consumes roughly 1.0–1.35x more tokens than previous models depending on content type. Safety claims (Anthropic's own): overall lower rate of undesirable behaviors than Sonnet 4.6; 'much lower ability to perform cybersecurity tasks than our current Opus models'; on the Firefox exploit-development eval, 'Neither of the Sonnet models could successfully develop a working exploit (both scored 0.0%)' — the 0.0% applies to both Sonnet 5 and Sonnet 4.6.",
/Users/josephmatsiko/Projects/observatory-command/runs/cycles/2026-07-02T08-47-03-657Z/proposal.md:32:  "bounded": "All claims are vendor-reported and unaudited. The announcement's benchmark comparison table ('Scores for Sonnet 5 ... compared to those of Sonnet 4.6 and Opus 4.8') is published as an image whose cell values could not be programmatically verified; per the source-fidelity rule — and after two prior cycles were rejected for misattributing footnoted Sonnet 4.6 scores to Sonnet 5 — every benchmark number is deliberately omitted from this record rather than risked. Third-party claims circulating in secondary coverage (e.g. a 1M-token context window, 'default model in Claude Code') were NOT confirmed on the primary page and are excluded. No independent evaluation of Sonnet 5 exists yet.",
/Users/josephmatsiko/Projects/observatory-command/runs/cycles/2026-07-02T08-47-03-657Z/proposal.md:39:- **$2/$10 through Aug 31; $3/$15 after** — pricing section, attributed to Sonnet 5 introductory/standard pricing.
/Users/josephmatsiko/Projects/observatory-command/runs/cycles/2026-07-02T08-47-03-657Z/proposal.md:40:- **1.0–1.35x tokenizer factor** — footnote 2, explicitly about Sonnet 5's updated tokenizer vs. previous models.
/Users/josephmatsiko/Projects/observatory/archive/www.anthropic.com_news_fable-mythos-access/capture.txt:6:Statement on the US government directive to suspend access to Fable 5 and Mythos 5 \ Anthropic Skip to main content Skip to footer Research Policy Commitments Learn News Try Claude Announcements Statement on the US government directive to suspend access to Fable 5 and Mythos 5 Jun 12, 2026 The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees. The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance. Access to all other Anthropic models will not be affected. We received the directive from the government today at 5:21pm (ET). The letter did not provide specific details of its national security concern. Our understanding is that the government believes it has become aware of a method of bypassing, or “jailbreaking” Fable 5. We reviewed a demonstration of this specific technique being used to identify a small number of previously known, minor vulnerabilities. These vulnerabilities all appear relatively simple, and we have found that other publicly-available models are able to discover them as well without requiring a bypass. Anthropic’s posture with respect to Fable’s safeguards, as laid out in our launch blog post , is the following: We have instituted strong safeguards that greatly reduce the likelihood that Fable is misused for tasks related to cybersecurity (among others). In fact, our safeguards are so strong that many users have complained that they are overly broad. In the weeks leading up to the launch of Fable, Anthropic worked with the US government, the UK AISI, multiple private third-party organizations and internal teams to red-team Fable’s safeguards for thousands of hours in total. These tests showed that Fable’s safeguards are substantially more effective than those of any previously deployed model. No testers have yet been able to find a universal jailbreak —a jailbreak method that can very broadly bypass the model’s safeguards, unblocking a wide range of cyber capabilities. We suspect that perfect jailbreak resistance is not currently possible for any model provider. Every safeguard used in the industry is vulnerable to non-universal jailbreaks (which can elicit some cyber information in specific circumstances), and it is likely that universal jailbreaks will eventually be found in the future. We stated this clearly when we released Fable 5. Given that perfect jailbreak resistance does not appear to be possible today, Anthropic adopted a defense in depth strategy with Fable 5. We aimed to make jailbreaks either narrow (in the case of non-universal jailbreaks) or very expensive to produce (in the case of universal jailbreaks), and to combine this with thorough monitoring to quickly detect and shut down any successful attacks. This is also why Anthropic has required 30-day retention of customer data with Fable—a policy change that carries real costs for us with customers , but that allows us to research and mitigate jailbreaks. We stand by this defense in depth strategy. It reduces the risks posed by Fable, making them comparable to the risks of existing models already deployed across the industry. We have not even received a disclosure of a concerning non-universal potential jailbreak that led to a harmful result. The potential jailbreaks that have been disclosed to us are either entirely benign responses or are minor findings that provide no Mythos-specific uplift. To date, the government has only given us verbal evidence of a potential narrow, non-universal jailbreak, which essentially consists of asking the model to read a specific codebase and fix any software flaws. Our understanding is that one potential jailbreak was shared with the government. We have reviewed a report that we believe is the basis of the government s directive and validated that the level of capability displayed there is widely available from other models (including OpenAI’s GPT-5.5 ), and is used every day by the defenders who keep systems safe. We will share more details over the next 24 hours. We are complying with the government’s legal directive and are removing access to Fable 5 and Mythos 5 for all users. However, we disagree that the finding of a narrow potential jailbreak should be cause for recalling a commercial model deployed to hundreds of millions of people. If this standard was applied across the industry, we believe it would essentially halt all new model deployments for all frontier model providers. As we have stated publicly , we believe the government should have the ability to block unsafe deployments, as part of a statutory process that is transparent, fair, clear, and grounded in technical facts. This action does not adhere to those principles. We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible. Related content Introducing Claude Sonnet 5 Sonnet 5 delivers frontier performance across coding, agents, and professional work at scale. Read more Redeploying Fable 5 Fable 5 returns globally July 1. We re also proposing an industry-wide framework for scoring jailbreak severity, together with Amazon, Microsoft, Google, and other Glasswing partners. Read more Claude Science, an AI workbench for scientists, is now available Claude Science is a customizable app that integrates the tools and packages researchers most often use, produces auditable artifacts, and provides flexible access to computing resources. Read more Products Claude Claude Code Claude Code Enterprise Claude Cowork @Claude Claude Design Claude Science Claude Security Claude for Chrome Claude for Microsoft 365 Skills Download app Pricing Log in to Claude Models Mythos Fable Opus Sonnet Haiku Solutions AI agents Code modernization Coding Customer support Education Enterprise Financial services Government Healthcare Legal Life sciences Nonprofits Security Small business Claude Platform Overview Developer docs Pricing Ecosystem Marketplace Regional compliance Claude on AWS Google Cloud Microsoft Foundry Console login Resources Blog Claude partner network Community Connectors Courses Customer stories Engineering at Anthropic Events Inside Claude Code Inside Claude Cowork Inside Claude Enterprise Plugins Powered by Claude Service partners Tutorials Use cases Programs Startups Research Labs Help and security Availability Status Support center Company Anthropic Careers Policy Economic Futures Research News Claude’s Constitution Claude Corps Policy on the AI Exponential Responsible Scaling Policy Security and compliance Transparency Terms and policies Privacy policy Consumer health data privacy policy Responsible disclosure policy Terms of service: Commercial Terms of service: Consumer Usage policy © 2026 Anthropic PBC
/Users/josephmatsiko/Projects/observatory/archive/www.anthropic.com_news_claude-fable-5-mythos-5/capture.txt:6:Claude Fable 5 and Claude Mythos 5 \ Anthropic Skip to main content Skip to footer Research Policy Commitments Learn News Try Claude Announcements Claude Fable 5 and Claude Mythos 5 Jun 9, 2026 Update Claude Mythos 5 and Fable 5 redeployed Jul 1, 2026 Claude Fable 5 and Mythos 5 are now available. Read more Claude Mythos 5 and Fable 5 access unavailable Jun 12, 2026 We are suspending access to Claude Fable 5 and Claude Mythos 5. We apologize for this disruption to our customers and are working to restore access as soon as possible. Read more Today we’re launching Claude Fable 5 : a Mythos-class 1 model that we’ve made safe for general use. Fable 5’s capabilities exceed those of any model we’ve ever made generally available. It is state-of-the-art on nearly all tested benchmarks of AI capability, showing exceptional performance in software engineering, knowledge work, vision, scientific research, and many other areas. The longer and more complex the task, the larger Fable 5’s lead over our other models. Releasing a model this capable comes with risks. Without safeguards, Fable 5’s capabilities in areas like cybersecurity could be misused to cause serious damage. We’ve therefore launched the model with safeguards that mean queries on some topics will instead receive a response from our next-most-capable model, Claude Opus 4.8. To release the model both safely and quickly, we’ve tuned these safeguards conservatively—they’ll sometimes catch harmless requests, though they trigger, on average, in less than 5% of sessions. With more capable models arriving in the coming months, we’re working to improve our safeguards and reduce false positives as quickly as we can. For a small group of cyberdefenders and infrastructure providers, we’re also launching Claude Mythos 5 . It’s the same underlying model as Fable 5, but with the safeguards lifted in some areas. 2 Mythos 5 will initially be deployed through Project Glasswing , in collaboration with the US government, as an upgrade to Claude Mythos Preview. It has the strongest cybersecurity capabilities of any model in the world. Soon, we intend to expand access to Mythos 5 through a broader trusted access program. The capabilities of models like Fable 5 and Mythos 5 have the potential to do profound good for the world. We’ve seen the beginnings of this in Project Glasswing, where the models have helped cyber defenders secure critically important software. We’ve also seen it in life sciences research, where the models are positing novel hypotheses and speeding up the development of new therapeutics. Fable 5 and Mythos 5 are being offered at $10 per million input tokens and $50 per million output tokens—less than half the price of Claude Mythos Preview. Today’s joint launch is another step towards our goal of bringing advanced AI capabilities to as many users as possible, as quickly and as safely as we can. Evaluating Claude Fable 5 and Claude Mythos 5 The table below compares the capabilities of Fable 5 and Mythos 5 to other leading models. Fable 5 and Mythos 5 can work autonomously for longer than any previous Claude models. Below we discuss how these skills apply to software engineering, and cover the model’s improved capabilities in knowledge work, vision, memory, and life sciences research. Software engineering. During early testing, Stripe reported that Fable 5 compressed months of engineering into days. In a 50-million-line Ruby codebase, the model performed a codebase-wide migration in a day that would otherwise have taken a whole team over two months by hand. Fable 5 is also more token-efficient than past Claude models: on Cognition’s FrontierCode evaluation, which tests whether models can pass difficult coding tasks while meeting the standards of high-quality production codebases, Fable 5 scores highest among frontier models, even at medium effort. Knowledge work . Fable 5 shows strong performance on complex analytical tasks. On Hebbia ’s Finance Benchmark for senior-level reasoning, Fable 5 has the highest score of any model, with substantial gains in document-based reasoning, chart and table interpretation, and problem solving. IMC noted that Fable 5 aced their trading-analysis evaluations nearly across the board, including factual lookup, conceptual reasoning, root-cause analysis, and expected-value analysis. Vision. Fable 5 is the new state-of-the-art model for tasks involving vision. It can extract precise numbers from detailed scientific figures and can perform complex vision-based tasks like rebuilding a web app’s source code from screenshots alone. It also needs less scaffolding: for example, previous Claude models struggled to play Pokémon FireRed even with harnesses that gave them additional helpful tools, but Fable 5 beat FireRed with a minimal, vision-only harness. A time-lapse of Claude playing Pokémon FireRed from start to finish using only raw game screenshots—with no maps, navigation aids, or extra game-state information. Earlier Claude models needed a complex helper harness to play Pokémon; Claude Fable 5 completed the game with vision alone. Memory and long-context. Fable 5 stays focused across millions of tokens in long-running tasks and improves its outputs using its own notes. When we had the model play the deck-building game Slay the Spire , giving it access to persistent file-based memory improved its performance three times more than for Opus 4.8; Fable also reached the game’s final act three times more often. Solar eclipses Factorio VibeCAD Fluid with Classical EDM Claude Fable 5 built this simulation of the solar system, deriving the planets orbital motion from physics first principles and using it to predict solar eclipses. Claude Fable 5 autonomously plays Factorio, the factory-building game beloved by engineers, strategizing and building an automated factory on its own. Claude Fable 5 designs a complete 3D-printable model in a browser-based CAD editor. The editor itself was also created by Fable 5, including the built-in AI copilot that does the modeling. A fluid simulation coded by Claude Fable 5 where the motion is synchronized to the beat of a classical music EDM remix—which Claude Fable 5 produced using code, having never heard music before. Drug design: Using Mythos 5, our internal protein design experts accelerated aspects of the drug design process by around 10 times. In one example, they found that Mythos 5, with protein design and bioinformatics tools but no human assistance, matches or beats skilled human operators. In doing so, the model executes all of the tasks that are normally completed by a scientist: choosing binding sites, selecting and running protein design tools, and recovering from failures along the way. Nine of the 14 protein targets from this study (shown below) yielded strong candidates for drug design that we’re currently investigating. Protein complexes designed by Mythos 5. Targets include immune checkpoints, growth-factor and receptor signaling, neurodegeneration, muscle disease, and harder structural targets. Novel hypotheses in molecular biology. Mythos 5 is our first model to consistently produce novel, compelling scientific hypotheses. In blinded head-to-head comparisons against Opus-class models, our scientists preferred Mythos’s molecular biology hypotheses ~80% of the time, and have advanced several to experimental evaluation. In the meantime, one Mythos hypothesis—a novel mechanism for an E. coli protein—was corroborated in a study from a lab independently working on the same problem. Novel research in genomics. Mythos 5 conducted novel genomics research in over a week of largely autonomous work. It assembled single-cell data for millions of cells spanning 138 animal species and designed and trained a custom machine learning model to identify cells performing the same role in even distantly related organisms. With only high-level human input, Mythos 5’s trained model outperformed a recent model published in the journal Science —despite being 100 times smaller. We intend to publish these results in the coming months. Alignment . In our automated alignment assessment, we found that Mythos 5’s level of misaligned behavior (including misaligned actions taken by the model such as deception and cooperation with misuse of the model by a user) was low, and similar to that of Opus 4.8. Given that they are the same underlying model, Fable 5’s level of alignment will be similar. The assessment is described in full, along with a detailed suite of other safety and capabilities tests, in the model’s system card . Overall level of misaligned behaviors from our automated alignment assessment. See section 6.2.3.1 of the system card for more. Early feedback for Claude Fable 5 Customers with early access ran their own tests on Fable 5. Below, in their words, is a selection of what they’re seeing: Claude Fable 5 is the state of the art model on CursorBench. It s opened up a class of long-horizon problems that were out of reach for earlier models. Michael Truell CEO and Co-founder Claude Fable 5 is a real step forward for the developers GitHub serves. In our early testing, it took on complex, long-horizon coding tasks with a level of autonomy and reliability that exceeded previous benchmarks. But what excites us most is the direction it points: a future where developers can hand increasingly ambitious work to agents and trust the results across the software lifecycle. Mario Rodriguez Chief Product Officer These are the strongest results of any Claude model we ve had the opportunity to test. Claude Fable 5 is a clear step forward on agentic coding and prototyping. Matt Colyer Director of Product, Developers Claude Fable 5 s reasoning is a clear step beyond Opus 4.8. It works at senior research scientist grade — picking directions, allocating resources, killing its incorrect beliefs, and producing novel first-principles outputs. Sean Ward CEO and Co-founder Claude Fable 5 understands what builders mean, not just what they type. Apps that took a hundred prompts a year ago, it now one-shots. When a customer really hits a wall, it s the model we reach for to get them past it quickly, so they can finish what they set out to build. Fabian Hedin CTO Co-founder Claude Fable 5 feels materially different. In blind review, our lawyers found its redlines matched or beat our current model every time. Aveek Duttagupta Member of Technical Staff At the highest effort, Claude Fable 5 reflects on and validates its own work. For us, that s what makes highly autonomous operations possible — the extra thinking pays for itself. Yusuke Kaji GM, AI for Business Claude Fable 5 delivers more capable engineering in fewer turns than prior models — handling the complex multi-agent workflows our employees run daily in Claude Code. Luke Anderson CTO Claude Fable 5 is the highest-scoring model on FrontierBench, Cognition s frontier coding eval. It excels at long-horizon reasoning and generalizes to unfamiliar tools out of the box. Scott Wu CEO Claude Fable 5 is the strongest finance-first model we ve tested, both on general finance and reasoning. It s a notable step up. Damian Miraglia Principal Engineer, Applied AI Claude Fable 5 is the first to break 90% on our core analytics benchmark of complex, long-running analytical tasks — a 10-point jump over Opus. On the hardest questions, it shows strong judgment and attention to nuance. Izzy Miller AI Research Lead Claude Fable 5 is the strongest model we ve tested on frontier physics research while using a third of the reasoning tokens. In 36 hours it got nearly to where GPT-5.5 landed after four days. Matthew Pines CEO On ViBench, our end-to-end vibe-coding benchmark, Claude Fable 5 is the highest-performing model we ve tested — nearly saturating our base use cases and building apps in less time with fewer tokens. Michele Catasta President Head of AI Claude Fable 5 beats Opus 4.8 on our everyday spreadsheet suite at every effort level — and it does it with fewer turns, finishing runs 25–30% faster. Peter Wang Chief Science Officer 01 / 14 Claude Fable 5’s new safeguards Mythos-class models have reached a threshold where they present significant risks. In April we began Project Glasswing , releasing the first Mythos-class model (Claude Mythos Preview) to only a limited group of cyber defenders and critical software infrastructure providers. When we did so, we stated that we hoped to eventually release Mythos-level capabilities to all our users , so long as we had developed new safeguards that were strong enough to reliably prevent misuse. Over the past few months we have been improving these safeguards, and they are now robust enough for a general release. Because we have prioritized safety, we’ve deliberately tuned the safeguards to be cautious, and they are still stricter than would be ideal—for example, sometimes benign requests will trigger our classifiers. We recognize that this will be frustrating to some users, and our aim is to reduce false positives as we update and refine the safeguards after launch. Below we discuss each of Fable 5’s new safeguards in turn. Our wider suite of safeguards is discussed and evaluated in the model’s system card and our most recent risk report . Safety classifiers The frontier cybersecurity and research biology capabilities of Mythos-class models mean that they pose a substantial risk of uplift to malicious actors. That is, these models could provide information or advice that assists those actors in causing serious harm that they couldn’t have received from other sources (for example, from internet search engines). Furthermore, a great deal of advanced usage of AI models is dual use: the same queries that are beneficial in the hands of cybersecurity professionals and biology researchers could be dangerous if available to malicious actors. We therefore need strong safeguards to prevent misuse, and their coverage needs to be broad. The safeguards themselves have to stand up to sustained and sophisticated attempts to bypass them (also known as “jailbreaking” the system). The uplift from Mythos-level capabilities is valuable to many adversaries—for instance, those who could financially gain from cyberattacks—and we therefore expect them to be motivated to try to circumvent our safety measures. Fable 5 comes with a new set of classifiers : separate AI systems that detect potential misuse, including jailbreak attempts, and prevent the main model (in this case, Fable 5) from responding. We’ve been running classifiers on our models for some time , and Fable 5’s classifiers are an extension of this previous work with extra coverage. When Fable’s classifiers detect a request related to cybersecurity, biology and chemistry, or distillation, the response is automatically handled by Claude Opus 4.8 instead. Users will be informed whenever this occurs. Opus 4.8 is a highly capable model in its own right: a response that falls back to Opus is a far better experience than an outright refusal from Fable. Our early data shows that more than 95% of Fable sessions involve no fallback at all—for those sessions, Fable 5’s performance is effectively the same as that of Mythos 5. The following are the areas covered by the classifiers: 1. Cybersecurity . Mythos-class models excel at discovering and exploiting software vulnerabilities. They can thus make cyberattacks substantially easier and cheaper to commit. Mythos-class models also show strong skills in agentic hacking. This involves performing multiple different parts of a cyberattack in addition to finding exploits—reconnaissance, discovery, lateral movement, and more. To prevent these agentic hacking skills providing uplift in cyberattacks, we designed our cybersecurity classifiers to cover both exploitation and offensive cyber tasks in a broader sense. As shown in the graph below, our classifiers prevent Fable from making any progress on these tasks. Results of running cyber evaluations, 3 with Fable 5 in a mode that blocks responses rather than falling back to Opus 4.8. Evaluations did not involve attempts to evade safeguards. We extensively red-teamed our classifiers to test their robustness against jailbreaks. As well as internal testing, we ran an external bug bounty that produced no universal jailbreaks in over 1,000 hours of testing. External red-teaming organizations we engaged also failed to find any universal jailbreaks on long-form agentic tasks so far—although the UK AISI has made progress towards one within a brief initial testing window. 4 It is likely impossible to completely prevent universal jailbreaks, but our goal is to make any remaining jailbreaks sufficiently slow and costly that we can detect and prevent them before they are used at scale. The graph below, from one of our internal evaluations, illustrates how Fable 5’s safeguards give it greater resistance to jailbreaks than our previous generally accessible models. Results of an internal evaluation in which an automated red-teamer tries to use the model to complete a short task related to offensive cybersecurity across 400 turns, restarting and rewinding when blocked. The tasks are mostly simple and not representative of real cyber usage—they are sometimes as simple as encrypting files on a remote server. On more complex and realistic tasks, we have not yet seen successful jailbreaks on our production system. Note that Opus 4.6 does not have blocking cyber safeguards. One of our external partners found that Fable 5’s safeguards against harmful cyber queries were the most robust of any model tested (including Opus 4.8 and Opus 4.7). Fable 5 complied with zero harmful single-turn requests relating to planning a cyberattack, exploit development, or defense evasion. This held whether or not one of the requests used any of 30 different public jailbreak techniques. 2. Biology and chemistry. We have long used our classifiers to block our models from responding on a narrow selection of bioweapons-related queries. But we are no longer certain that blocking this narrow selection is enough. This is for two reasons: first, we have reason for concern about well-resourced malicious actors attempting to gain uplift from our models for highly risky biological research. Second, models now have a greater ability to accomplish real-world scientific tasks. For example, we tested Mythos 5’s ability to complete a challenging step in designing adeno-associated viruses (AAVs). AAVs are a component for delivering gene therapies, but the same capability, in the wrong hands, could enable the design of dangerous viruses. In this task, various AI models were evaluated on their ability to predict how a genetic modification would impact the assembly of the virus’s outer shell (among a set of therapeutically relevant unpublished candidates developed by Dyno Therapeutics ). We did not explicitly train our models to perform this task—and yet Mythos-class models outperformed sophisticated models dedicated to protein tasks (known as “protein language models”) using their biological reasoning alone. This demonstrates a promising ability to complete simple but important tasks in gene therapy research and development—but also highlights the risk posed by such dual-use capabilities. Results of an evaluation in which our models predicted the unpublished experimental properties of the viral shell of a simple virus. Viral shell assembly is the simplest viral trait to predict in this context, but it is nonetheless an important property to get right when designing more complex features. AAV = adeno-associated virus. Our priority was to safely release Fable as soon as we could, even at the cost of overly broad safeguards. Therefore, for the time being we have arranged for Fable to fall back to Opus 4.8 on most requests related to biology and chemistry. As with all of our classifiers, we hope to narrow these safeguards as soon as possible: as can be seen from the evidence above, there is great potential for positive applications of Fable for science, and we do not want false positives from our classifiers to get in the way. In the coming weeks, some biomedical researchers and companies will be able to join our trusted access program for biology capabilities in Mythos 5 (discussed below). 3. Distillation . We’ve previously identified large-scale attempts to extract (“distill”) Claude’s capabilities to train competing models in authoritarian countries. Distillation of Fable 5’s abilities could indirectly lead to the proliferation of near-frontier AI capabilities—and these could be released without the appropriate safeguards. Requests that are flagged by our classifiers as being part of such distillation attempts will fall back to Opus 4.8. A new data retention policy Finally, we’re making a change to the way we handle business customer data for Fable 5, Mythos 5, and future models with similar or higher capability levels. We will require 30-day retention for all traffic on Mythos-class models, on both first- and third-party surfaces. We won’t use this data to train new Claude models, or for any non-safety-related purpose, and we’ve instituted new privacy protections including logging all human access to the data and ensuring its deletion after 30 days in almost all cases (see this post for further details). The data will help us defend against complex and novel attacks (including new jailbreaks and attacks that operate across many requests) as well as help us identify and reduce false positives. Claude Mythos 5 and the trusted access program Beginning today, all users who currently have access to Claude Mythos Preview (for example, our cybersecurity partners in Project Glasswing) will be able to upgrade to Claude Mythos 5—the same model as Claude Fable 5 but with cyber safeguards lifted. Users will find Mythos 5 comparable to, or somewhat stronger than, Mythos Preview in most cases, while costing substantially less. In consultation with the US government, we plan to steadily expand access to Claude Mythos 5, continuing our periodic addition of new partners, as well as pursuing a trusted access program that allows cybersecurity organizations to apply in a more systematic manner. Our plans also include opening a trusted access program for biology, to help accelerate biomedical research and discover new therapies with Mythos-class capabilities. This program will provide access to Fable 5 with the biology and chemistry safeguards removed (but the cyber safeguards still in place). It will enroll a small number of researchers from a variety of life science organizations spanning fundamental and translational research; we’re planning to expand access to this program while simultaneously making our safeguards better. Availability Claude Fable 5 is available everywhere today. Claude Mythos 5 is restricted to Glasswing partners (with cyber safeguards lifted) and soon to select biology researchers (with biology and chemistry safeguards lifted) only, until our broader trusted access program is available. Pricing for both models is $10 per million input tokens and $50 per million output tokens. Developers can use claude-fable-5 via the Claude API . We expect demand for Fable 5 to be very high, and difficult to predict. On the Claude API and consumption-based Enterprise plans, Fable 5 is fully available from today. For subscription plans, we’d rather give access sooner than later, so we’re rolling out more conservatively, in stages: From today through June 22, Fable 5 is included on Pro, Max, Team, and seat-based Enterprise plans at no extra cost. On June 23, we’ll remove Fable 5 from those plans. Using it after that will require usage credits . If capacity allows, we’ll extend the included window. After this point—when sufficient capacity allows us to do so—we aim to restore Fable 5 as a standard part of subscription plans. We intend to do this as quickly as we can. Throughout this period, we’ll communicate any changes ahead of time so users know where things stand. Edit June 9, 2026: Updated the discussion of AAVs to note that the candidates were developed by Dyno Therapeutics. Footnotes Mythos-class models are a tier of Claude models that sit above our Opus class in capability. The first, Claude Mythos Preview, was released in April through Project Glasswing . That is followed today by Claude Fable 5 and Claude Mythos 5. Fable is from the Latin fabula , “that which is told,” akin to the Greek mythos . The safeguards are what distinguish the two models (Fable and Mythos) and are why we’ve given them different names. Metrics: Firefox = fraction of trials achieving arbitrary code execution (the exploit s full-success tier). OSS-Fuzz = severity-weighted mean of the five-tier score (0.2 crash → 1.0 control-flow hijack), so values are a weighted average rather than a success rate. CyberGym = fraction reproducing the target vulnerability (the public leaderboard metric). CyScenarioBench = success rate averaged equally across its challenges. A universal jailbreak can be defined as any prompt, script, or harness that allows a user to interact with a model as if its safeguards were not present. This is opposed to more minor jailbreaks that are only effective in very limited contexts or require additional effort to be adapted to each new situation. Related content Introducing Claude Sonnet 5 Sonnet 5 delivers frontier performance across coding, agents, and professional work at scale. Read more Redeploying Fable 5 Fable 5 returns globally July 1. We re also proposing an industry-wide framework for scoring jailbreak severity, together with Amazon, Microsoft, Google, and other Glasswing partners. Read more Claude Science, an AI workbench for scientists, is now available Claude Science is a customizable app that integrates the tools and packages researchers most often use, produces auditable artifacts, and provides flexible access to computing resources. Read more Products Claude Claude Code Claude Code Enterprise Claude Cowork @Claude Claude Design Claude Science Claude Security Claude for Chrome Claude for Microsoft 365 Skills Download app Pricing Log in to Claude Models Mythos Fable Opus Sonnet Haiku Solutions AI agents Code modernization Coding Customer support Education Enterprise Financial services Government Healthcare Legal Life sciences Nonprofits Security Small business Claude Platform Overview Developer docs Pricing Ecosystem Marketplace Regional compliance Claude on AWS Google Cloud Microsoft Foundry Console login Resources Blog Claude partner network Community Connectors Courses Customer stories Engineering at Anthropic Events Inside Claude Code Inside Claude Cowork Inside Claude Enterprise Plugins Powered by Claude Service partners Tutorials Use cases Programs Startups Research Labs Help and security Availability Status Support center Company Anthropic Careers Policy Economic Futures Research News Claude’s Constitution Claude Corps Policy on the AI Exponential Responsible Scaling Policy Security and compliance Transparency Terms and policies Privacy policy Consumer health data privacy policy Responsible disclosure policy Terms of service: Commercial Terms of service: Consumer Usage policy © 2026 Anthropic PBC
/Users/josephmatsiko/Projects/observatory/archive/www.anthropic.com_news_redeploying-fable-5/capture.txt:6:Redeploying Claude Fable 5 \ Anthropic Skip to main content Skip to footer Research Policy Commitments Learn News Try Claude Announcements Redeploying Fable 5 Jun 30, 2026 Update Claude Fable 5 and Mythos 5 redeployed Jul 1, 2026 Access to Claude Fable 5 and Mythos 5 is now restored. On Friday, June 12, the US government applied export controls to our newest models, Claude Fable 5 and Claude Mythos 5. This required us to restrict access to foreign nationals, whether inside or outside the United States. Because the order took effect immediately and we had no reliable way to verify nationality in real-time, we suspended access to both models for all users. As of today, June 30, the export controls on Fable 5 and Mythos 5 have been lifted . Fable 5 will be available starting tomorrow, Wednesday, July 1, to users globally on the Claude Platform, Claude.ai, Claude Code, and Claude Cowork. For Pro, Max, Team, and select Enterprise plans, 1 Fable 5 will be included for up to 50% of weekly usage limits through July 7, after which it will be available via usage credits . We will re-enable access on AWS, Google Cloud, and Microsoft Foundry as quickly as possible. We have also restored access to Mythos 5 for a set of US organizations, following the US government’s approval on June 26 . We continue to coordinate with the government to expand access to the broader set of domestic and international partners in the Glasswing program. In the remainder of this post, we provide further details and updates in four areas: A timeline of events, including updates we made to our safeguards . We discuss the events that led to the export control directive and how we addressed it with new safeguards. Our general approach to safeguards . We provide more context on how we use safety classifiers to detect potentially dangerous cybersecurity uses of our models. A shared industry framework . Although we have reached a constructive resolution, these events have made clear that the industry needs a consistent way to assess and fix potential “jailbreaks” of AI models (techniques that bypass a model’s safeguards). 2 A shared standard for judging the severity of a given jailbreak would help AI developers triage new findings as they arise, launch highly capable models with greater safety, and communicate the level of risk consistently to government and industry partners. Together with Amazon, Microsoft, Google, and other Glasswing partners, we’ve started to develop such a framework, and we outline it below. Deeper government collaboration . We’re also strengthening our level of collaboration with the US government on new pre-release testing, information sharing, and research collaboration. We describe this deeper collaboration in the final section. Timeline and safeguard updates We released Fable 5 and Mythos 5 on Tuesday, June 9. They both share the same underlying model, but Fable 5 was released with strong safeguards to make it safer for general use. Mythos 5, which has fewer safeguards, was only released to a small number of trusted Project Glasswing partners for use in defensive cybersecurity. The export control directive on June 12 came after the government became aware of a report in which Amazon researchers had found a method of bypassing Fable 5’s safeguards: prompting it so that it identified a number of software vulnerabilities. In one case, the model produced code demonstrating how the relevant vulnerability could be exploited. Over the past two weeks, we have worked closely with the government and other partners, including Amazon, to review the report and evidence. Our testing confirmed that many less capable models—including Claude Opus 4.8, GPT-5.5, and Kimi K2.7—could identify the same vulnerabilities as Fable 5 did in the report. When it came to the demonstration of how to exploit the single vulnerability, every model we tested could produce the same demonstration as Fable 5 (including Claude Haiku 4.5, Sonnet 4.6, Opus 4.6, Opus 4.7, Opus 4.8, GPT-5.4, GPT-5.5, and Kimi K2.7). Importantly, the reported technique did not expose any unique Mythos-level cyber capabilities. The behavior reflected a borderline case for Fable 5’s safeguards—as we will explain below, there are some tasks that are unlikely to be dangerous but are nonetheless blocked by the safeguards out of an abundance of caution. The reported technique allowed access to one such behavior, but it only involved routine defensive cybersecurity work. Even so, we moved quickly to address the reported bypass. Working closely with the government, we trained an improved safety classifier that targets and blocks the behavior described in the report. Users will be notified if a request to Fable 5 is blocked, and the request will instead be sent to Opus 4.8. The new classifier means that the specific technique described in the Amazon report is blocked in over 99% of cases. In a very small fraction of cases the model may provide information that isn’t detailed enough to help a cyberattacker. As we describe below, the model’s safeguards are not expected to block all low-risk routine cyberdefense capabilities—just those that are potentially harmful. Researchers from the US Department of Commerce’s Center for AI Standards and Innovation (CAISI) have tested both our prior and new safeguards and agree that they are extraordinarily strong. The new classifier also comes at the cost of flagging benign requests more often during routine coding and debugging tasks. As with all our safeguards, we’ll continue to refine this to better distinguish genuine misuse from legitimate requests and reduce false positives. Our approach to cybersecurity safeguards Claude Mythos 5 can be used to find and exploit software vulnerabilities more effectively than any other model—and all but the most skilled human security experts. These prodigious cybersecurity capabilities make it uniquely attractive to malicious actors who wish to misuse it in cyberattacks. Claude Fable 5, however, provides no such unique offensive capabilities. This is because we launched it with the strongest safeguards we’ve ever applied to a model. In the month prior to launch, we transferred staff from various teams within Anthropic to double the number of researchers and engineers working on this problem. Fable 5 launched with a variety of safety mechanisms, each of which alone does not provide perfect defense but when combined make the model very difficult to misuse (an approach known as “defense in depth”). Some defenses involve training the model to decline to assist with dangerous requests; others involve retroactively analyzing patterns of misuse. One particularly important safety mechanism involves classifiers —smaller automated AI systems that, during an interaction, detect when the model is asked to perform a potentially harmful cybersecurity task (or produces potentially harmful outputs). When this occurs, the classifiers block the model from responding to requests. The ultimate goal of these classifiers is to prevent the model from engaging in uniquely dangerous behaviors. Like all safety mechanisms, classifiers can make mistakes. They sometimes fail to notice potentially dangerous content, and in some cases they can be deliberately “jailbroken”: users can prompt the model in unusual ways to trick the classifiers and get the model to produce harmful outputs that the system should have blocked. We therefore deliberately set the safety classifiers to trigger on a set of requests that we know are likely benign. This “safety margin” approach means that a request has to look very clearly safe to avoid triggering the classifier (see row A in the diagram below). Users experience the safety margin as a model refusing to respond to some reasonable, non-harmful requests. For Fable 5, we made this safety margin much larger than in any prior launch (row B), meaning that many more benign requests would be blocked. We understood that these kinds of false positives would be frustrating for users, but made this tradeoff in the interest of making the model’s other capabilities widely available. An illustration of our cybersecurity safety classifiers. When a request is made to the model, the classifiers detect whether it is benign (and allowed), or potentially harmful (and blocked). The classifiers block ambiguous requests (those that are clearly to do with cybersecurity but could potentially be for defensive purposes, like finding security vulnerabilities) and harmful requests (those that are clearly dangerous, such as a request to build a chain of software exploits). As shown in row A, we also include a “safety margin”, where the classifier will block requests that are probably benign but have some small chance of being harmful. This increases our confidence that all harmful requests will be blocked. For Fable 5 (row B) we made the safety margin even larger, meaning that more benign requests would be blocked—but fewer genuinely harmful requests would be missed. “Vulns” = vulnerabilities. The safety margin also helps mitigate jailbreaks. Many jailbreaks are narrow: they unblock a very specific model behavior but nothing more. In some cases, a hypothetical user can jailbreak the model in a minor way and intrude into the safety margin (or sometimes into ambiguously harmful behavior), but not to the core harmful behaviors that we aim to block (row C below). Our view is that jailbreaks of Fable 5 reported so far fit into this minor category. More serious jailbreaks unblock more harmful behaviors. Narrow harmful jailbreaks (row D) can elicit some specific harmful behaviors. These jailbreaks are typically of low to moderate severity, because the narrowness limits the attacker. The most concerning category is a universal jailbreak (row E), which unblocks a wide range of harmful behaviors. How jailbreaks interact with our safety classifiers. In the case of a minor jailbreak (row C), the classifiers do not block the request, but the request is still within our safety margin (and is thus very unlikely to be harmful). In a narrow harmful jailbreak (row D), the prompt breaches the classifiers and unblocks a specific harmful behavior from the model. In a universal jailbreak (row E), a prompt unblocks an entire class of harmful behaviors. As we noted when we launched Fable 5 , it is probably impossible to make any AI model fully robust (that is, impervious) to jailbreaks. 3 We expect that some jailbreaks will be found for our models, and that they will vary in severity: there will be many minor jailbreaks, some narrow harmful ones, and although no universal jailbreaks for Fable 5 have been discovered at the time of writing, expert safety researchers continue to red-team it. We seek to ensure that we and our safety partners will be the first to find major jailbreaks and fix them before malicious actors can use them for harm. The cautious approach outlined above means that the vast majority of jailbreaks will not successfully unblock dangerous behaviors. Our classifiers make successful jailbreaks very costly and high-effort to produce, and even if a jailbreak is successful, our extra layers of defense provide additional mitigation. We’ll continue to update our classifiers as we learn more about novel jailbreak techniques. A consensus industry framework for jailbreaks There’s currently no consensus in the AI industry on how to describe, in objective terms, the severity of an AI jailbreak. This adds a great deal of uncertainty whenever a new jailbreak technique is discovered: developers have no agreed-upon standard for which findings to focus on most urgently, and governments have no agreed-upon standard for when to act. 4 This problem will become more acute in the coming months, as more models with powerful cybersecurity (and other) capabilities are trained, assessed, and released. A common standard for assessing AI jailbreaks would help us and other companies launch new models safely, as well as allow our users to make the most of their advanced capabilities. We are therefore partnering with Amazon, Microsoft, Google, and other Glasswing partners to draft a consensus framework for assessing the severity of AI jailbreaks and how AI developers should respond to them. We invite other industry partners and model providers to join us in this effort. Our current proposal is to score a given jailbreak on the four different criteria below. The first two describe what the jailbreak provides to the attacker; the latter two describe how quickly the jailbreak can become a real-world problem: Capability gain . How far beyond existing tools does the jailbreak take the user? If existing widely available tools (including other, weaker AI models) can reach the same capability as the jailbroken model, the score here will be low; if the jailbreak unblocks model capabilities that can significantly accelerate even domain experts, the score will be high. Breadth of capability gain . For how many distinct offensive tasks does the same jailbreak technique work? Cases where the jailbreak only allows the model to pursue narrow targets will score low; cases where the same jailbreak technique works for multiple different targets or techniques will score high. Ease of weaponization . How much human effort does it take to turn the jailbreak into an attack? Where the jailbreak involves a great deal of skilled prompting and many retries, the score will be low; where the jailbreak works on a single prompt or on the first or second try, the score will be high. Discoverability . How easy is it for someone to obtain the technique? If it requires specialist knowledge it will score low; if it is already widely known and available online it will score high. We propose to use this severity framework to calibrate our response to newly discovered jailbreaks. For the most severe class of jailbreaks (e.g., a jailbreak that, among other characteristics, is being used to actively cause a devastating impact on critical power grids or banking systems), we will immediately begin deploying preliminary mitigations upon confirmation of severity. We are also creating a team to provide 24/7 monitoring of key jailbreak submission channels. Any method of scoring jailbreaks will be imperfect. Still, there is value in being able to communicate the approximate severity of a given finding through a common framework. This is a work in progress; as we receive feedback from more partners, we expect the framework to evolve over time. We expect to share more details on the proposed framework soon. In the meantime, we’re also launching a new HackerOne program where security researchers can submit potential cyber jailbreaks they’ve discovered in Fable 5 (once available) for our review. Partnering with the US government on frontier AI security Over the past ten weeks, Anthropic has worked closely with the US government as it developed the approach reflected in the June 2 Executive Order on Promoting Advanced Artificial Intelligence Innovation and Security . Our engagement spanned the Office of the National Cyber Director, the Office of Science and Technology Policy, the Department of the Treasury, the Department of Commerce (including CAISI), and relevant national security agencies. We are committed to continuing that work, building on nearly two years of pre-existing collaborations with US government partners on pre-deployment testing and evaluation. The commitments below reflect both that pre-existing work and our new proposals to scale up our government collaboration as the above framework is finalized: Pre‑release government access and evaluation. For models that materially advance the capability frontier in areas relevant to national security, we will provide designated government partners with expanded early access to both the models and the safeguards that accompany them. Those partners can then run independent capability evaluations and test our guardrails before broad release. We will dedicate Anthropic technical staff to work alongside government evaluators during these testing periods. Rapid information sharing on safeguards. When significant jailbreaks or misuse patterns are identified, we will quickly investigate, triage, and notify appropriate government counterparts. We will share the new safeguards we build in response so they can be independently tested. We will also provide government partners with our threat intelligence reporting in advance of publication and participate in the interagency cybersecurity vulnerability clearinghouse established under Sec. 2(d) of the June 2 Executive Order. Dedicated resources for joint research. We are substantially scaling up joint work with government partners on AI security. We will stand up dedicated Anthropic teams to work on shared government priorities, provide a significant compute allocation to support government testing and research, and make our safety and red‑teaming expertise available to help advance the state of the art in AI evaluation. A common industry bar. We will work with the government and with industry peers toward a shared, voluntary security and evaluation standard for frontier model providers. We’ll contribute evaluations, tooling, and best practices that the government can apply across the field. Our hope is that this collaboration, along with our proposed consensus industry framework, will serve as the basis for systematic rules for the whole industry—and even offer the beginnings of a template for effective global coordination on the risks and benefits of AI. These rules should be codified in strong regulation and applied equally across frontier model developers. Government involvement in AI releases requires a durable, transparent process that gives cyber defenders and others the certainty they need about access to powerful models. We look forward to deepening our government collaboration in the ways we’ve described above. We’re also grateful to our users for bearing with us through this disruption, and to the researchers and industry partners who worked alongside us to make Fable 5 and Mythos 5 available again. Footnotes For standard Enterprise seats, there is no included Fable 5 allowance, although you can get access through usage credits. If credits are not enabled, your users will not have access to Fable 5. For premium Enterprise seats, through July 7, Fable 5 is included in your subscription. It draws from each member s seat usage at no additional cost. After July 7, your team can continue using Fable 5 by enabling usage credits. If credits are not enabled, your users will no longer have access to Fable 5. Note that sometimes the term “bypass” is itself used instead of “jailbreak.” For current purposes, we consider these to be synonyms, but for the remainder of this article we use “jailbreak” because (a) this is a more commonly used term and (b) it is consistent with the terminology we have used in previous work. Analogously, no piece of software is immune to vulnerabilities (though in general, software vulnerabilities are more straightforwardly discovered and patched than LLM jailbreaks). In other areas of security research, there are agreed-upon standards: for example, the Common Vulnerability Scoring System (CVSS) is a common way of assessing the severity of a given software vulnerability. Related content Introducing Claude Sonnet 5 Sonnet 5 delivers frontier performance across coding, agents, and professional work at scale. Read more Claude Science, an AI workbench for scientists, is now available Claude Science is a customizable app that integrates the tools and packages researchers most often use, produces auditable artifacts, and provides flexible access to computing resources. Read more Introducing Claude Tag Claude Tag is a new way for teams to work with Claude. Read more Products Claude Claude Code Claude Code Enterprise Claude Cowork @Claude Claude Design Claude Science Claude Security Claude for Chrome Claude for Microsoft 365 Skills Download app Pricing Log in to Claude Models Mythos Fable Opus Sonnet Haiku Solutions AI agents Code modernization Coding Customer support Education Enterprise Financial services Government Healthcare Legal Life sciences Nonprofits Security Small business Claude Platform Overview Developer docs Pricing Ecosystem Marketplace Regional compliance Claude on AWS Google Cloud Microsoft Foundry Console login Resources Blog Claude partner network Community Connectors Courses Customer stories Engineering at Anthropic Events Inside Claude Code Inside Claude Cowork Inside Claude Enterprise Plugins Powered by Claude Service partners Tutorials Use cases Programs Startups Research Labs Help and security Availability Status Support center Company Anthropic Careers Policy Economic Futures Research News Claude’s Constitution Claude Corps Policy on the AI Exponential Responsible Scaling Policy Security and compliance Transparency Terms and policies Privacy policy Consumer health data privacy policy Responsible disclosure policy Terms of service: Commercial Terms of service: Consumer Usage policy © 2026 Anthropic PBC

exec
/bin/zsh -lc 'ls -la /Users/josephmatsiko/Projects/observatory-command/runs/cycles/2026-07-02T08-47-03-657Z' in /Users/josephmatsiko/Projects/observatory
 succeeded in 0ms:
total 16
drwxr-xr-x@ 3 josephmatsiko  staff    96 Jul  2 03:49 .
drwxr-xr-x@ 8 josephmatsiko  staff   256 Jul  2 03:47 ..
-rw-r--r--@ 1 josephmatsiko  staff  5201 Jul  2 03:49 proposal.md

web search: 
web search: METR Claude Sonnet 5 evaluation June 2026
codex
I have enough to issue a verdict. The proposal is mostly disciplined, but the stale context-window statement is enough to require a small revision before it enters the public record.
2026-07-02T08:51:05.316270Z ERROR codex_core::tools::router: error=patch rejected: writing is blocked by read-only sandbox; rejected by user approval settings
codex
REVISE

I could not write `verdict.md`: the session is under a read-only sandbox and `apply_patch` was rejected. Verdict content to place there:

```md
REVISE

- Primary source exists and supports the core Sonnet 5 launch claims: date, availability, API id, pricing, tokenizer factor, and bounded vendor safety claims.
- The 0.0% Firefox exploit figure is correctly attributed to both Sonnet models, not Sonnet 5 alone.
- No duplicate Sonnet 5 evidence record found; no health move or forecast change proposed, so healthΔ discipline holds.
- Required revision: Anthropic’s official model docs already confirm Sonnet 5 has a 1M-token context window. Remove the stale “confirmation needed” language or add the official-docs citation explicitly.
- Keep “default model in Claude Code” excluded unless a primary source says default, not merely available.
- No independent Sonnet 5 evaluation found; keep class `vendor-reported`.
```

Sources checked: Anthropic launch post `https://www.anthropic.com/news/claude-sonnet-5`; Anthropic model docs `https://platform.claude.com/docs/en/about-claude/models/overview`.
tokens used
90,101
