Key Points
- Anthropic disabled Claude Fable 5 and Mythos 5 after a single viral jailbreak drew regulatory attention, but that incident masked a broader security reality.
- 0DIN testing found that 11 previously known jailbreaks already worked against Fable 5 on day one, before any new techniques were developed or widely tested.
- The testing window was cut short when access was suspended, meaning 11 is a minimum baseline and the true number of viable jailbreaks is expected to rise once access returns.
- Comparing generations shows real progress in model hardening, dropping from 130 working jailbreaks in Opus 4.7 to 91 in Opus 4.8 and down to 11 in Fable 5, yet no model achieves perfect resistance.
- Systematic evaluation against known attack catalogs, supported by tools like the 0DIN Scanner, is essential to measure real-world resilience beyond headline grabbing single exploits.
Executive Summary
On June 12, 2026, Anthropic disabled two of its most capable models, Claude Fable 5 and Mythos 5, citing a US government export-control directive. The proximate cause was loud and singular: a viral jailbreak, published days earlier by the researcher known as Pliny the Liberator, that made enough noise to put the model on a regulator's desk.
One jailbreak got the spotlight. That is not the interesting number.
At 0DIN, we run every new model through our entire catalog of known jailbreaks the moment it ships. We got our run in on Fable 5 before access was cut. Eleven of our existing jailbreaks worked against it on day one, with no new research required. And that is the floor, not the ceiling.
Explore AI security with the Scanner Datasheet
The datasheet offers insight into the challenges and solutions in AI security.
Download Datasheet
What We Found: 11 on Day One
When a new model launches, it doesn't start from a clean slate. It inherits the entire published history of techniques the security community has built, and the question that matters is simple: how many of those still work?
For Fable 5, the answer was eleven. Eleven jailbreaks already sitting in our catalog, functional against a brand-new flagship within hours of release, before the global research community had meaningfully started prodding it.
Then the lights went out. Our testing window closed when Anthropic suspended access, which is exactly why 11 is a floor. When access is restored, tens of thousands of researchers in our community will point their own techniques at the model, and that count is bound to climb. A single jailbreak made the headlines. The catalog quietly logged eleven, and it is waiting for more.
Safeguard Your GenAI Systems
Connect your security infrastructure with our expert-driven vulnerability detection platform.
The Pattern: The Door Keeps Closing
Here is the part worth sitting with. Eleven is a genuinely low number for a new flagship, and that is a credit to Anthropic. Put Fable 5 next to its two most recent predecessors and the trend is unmistakable:
| Model | 0DIN catalog jailbreaks that worked |
|---|---|
| Claude Opus 4.7 | 130 |
| Claude Opus 4.8 | 91 |
| Claude Fable 5 | 11* |
*Testing window cut short when access was suspended; expect this figure to rise once access is restored.
130 to 91 to 11. Every release Anthropic ships closes the door on more of the techniques that worked against the last one. The security efficacy of these models is improving, measurably, generation over generation.
But the door never quite latches. Even a model this hardened, tested for only a sliver of its intended lifespan, still gave up 11 working bypasses on day one. Anthropic says the same thing, plainly, in the statement that accompanied the model:
We suspect that perfect jailbreak resistance is not currently possible for any model provider.
That is the honest shape of the field. Robustness climbs toward very hard
and keeps climbing, but it never reaches impossible.
Better locks, never a sealed door.
Why This Matters
A single published jailbreak can move markets and governments. The practical reality of the past week is that one researcher's bypass helped strip a flagship model from every customer worldwide. That is a real story, and it deserves the attention it got.
But the durable story is the catalog. The interesting measure of a model's resilience isn't the one bypass that goes viral, it's the dozens that quietly already work and the dozens more that surface once the global community gets its hands on the model. Eleven is the pre-disclosure baseline. The real number comes after Fable 5 returns.
That is the job at 0DIN: test every model against everything that has ever worked, count what survives, and watch the trendline. The door keeps closing. It just never latches. When Fable 5 comes back, we and our global community of researchers will be there to check the lock again.
0DIN is a GenAI bug bounty program dedicated to securing AI systems by harnessing the collective expertise of the global security community. Researchers who discover and responsibly disclose jailbreaks, prompt injections, and training-data leaks are rewarded based on severity and impact. Learn more at 0din.ai.