Anthropic’s Claude Fable 5 exposes DeFi smart-contract risks

Anthropic released Claude Fable 5 on June 10, making a public version of the company’s Mythos vulnerability-finding model available to subscribers. Mythos had previously been limited to Project Glasswing and used by about 150 organizations; Anthropic reported the architecture had identified more than 10,000 critical vulnerabilities in widely used software.

Anthropic reported Fable 5 includes safety limits. In high-risk areas such as cybersecurity, biology, chemistry and model distillation the model blocks responses and falls back to a different model, Claude Opus 4.8. The company ran an external bug bounty and more than 1,000 hours of jailbreak testing without finding a universal bypass. Anthropic reported sensitive cybersecurity queries trigger the fallback in fewer than 5% of sessions.

Security researchers note smart-contract auditing can resemble normal coding or debugging, so some vulnerability-finding queries may not fall into Anthropic’s blocked categories. Fable 5 outperforms earlier models on long, complex software-engineering tasks, which can make probing lengthy Solidity contracts easier. Security teams point to a lighter version of the same architecture that found a critical Zcash protocol flaw within 24 hours after the bug had gone undetected for four years.

White-hat hackers and DeFi specialists expect the cost and skill needed to locate exploitable flaws to fall sharply. In a post, white-hat hacker MevenRekt wrote: “The cost and skill required to find exploitable flaws in smart contracts is about to drop to effectively zero.”

Security specialists say that unaudited protocols could become easier targets, known exploits could be replayed on forks, and small projects could attract attacks because automated tools make probing simple and fast. Security advisors recommend revoking unnecessary token approvals, moving funds to hardware wallets where appropriate, and reducing exposure to protocols that lack thorough audits.

With Fable 5 available to paying subscribers, both defenders and potential attackers have access to a vulnerability-finding tool. The release has prompted industry calls for stronger on-chain hygiene and faster, more rigorous auditing across the DeFi ecosystem.