They breach the security of Claude Fable 5 in less than 48 hours to extract manuals for cyberattacks and chemical processes

A cybersecurity researcher has managed to breach in less than 48 hours the security filters of the new model focused on cybersecurity Claude Fable 5 which, through multi-agent decomposition techniques and decomposition and recomposition in the ‘backend’, has been able to extract hacking data and prohibited chemical processes.

Anthropic launched Claude Fable 5 this Wednesday as the first Mythos-class model for the general public, establishing itself as one of the more powerful models in terms of cybersecurity capabilities. Precisely these advanced skills do dangerous in the wrong hands and, to avoid possible malicious uses, the company has made it available with some security measures.

This includes limiting results to questions related to cybersecurity, biology or chemistry, redirecting these queries to a less capable AI model and thereby avoiding sharing relevant data that could be used to execute a cyber attack or develop a biological weapon.

However, just 48 hours after its launch, a cybersecurity researcher has already managed to break these safeguardsviolating the behavior of the model to obtain information about hacking methods and chemical processes to manufacture explosives, among other issues supposedly prohibited for Fable 5.

The researcher, who calls himself ‘Pliny the Liberator’, has shared all the details about the strategy on his X account (formerly Twitter) coordinated attack that has been used to ‘hack’ the model. Specifically, they have run many attempts at multi-agent “pack hunting,” mapping boundaries and testing long-context conversations, until they find “the holes in the fence.”

Thus, among the techniques used by the researcher are multi-agent decomposition (dividing a problem to give a task to each one) to Unicode tricks, including narrative framing (camouflage a prohibited request under a hypothetical scenario). All of them with the objective of preventing Anthropic’s security filters from automatically activate the passage of Claude Fable 5 to the previous flagship model Claude Opus 4.8

As a result, the researcher has shared some screenshots of the information extracted by bypassing Claude Fable 5’s safeguards, in which you can read from C code violation to Linux hacking stepsor the chemical formula (Birch reduction) for the synthesis of methamphetamine.

The researcher, who has collaborated with companies such as OpenAI, among others, on cybersecurity issues, as TIME has reported, explains that it is very difficult to receive answers from Claude Fable to a query such as the recipe for methamphetamine. However, of all the techniques used, the Pliny admits that there was one that was the most lethal: the decomposition plus the recomposition in the ‘backend’, which allowed him to access these responses.

This technique is based on changing the vocabulary to request the loose parts of that recipesuch as reductive amination or the Birch reduction method, which are essential for the synthesis of methamphetamine. The Mythos class AI model ‘understands’ that these are academic and theoretical questions that can be part of simple university homework.

After getting Claude Fable 5 to share those laboratory techniques as loose parts of the final recipe, Pliny says he managed to put them back together with the help of a jailbroken version of Claude Opus 4.8which does not have any active ethical or security filter.

The researcher also has made the model’s 120,000-character ‘system prompt’ available to anyone on GitHub. This means that the hidden rule book, which explains what you are prohibited from doing and how you are to react, is available to everyone.

At the moment, Anthropic has not responded to the claims about the ‘jailbreak’ or the prompt system leaked on GitHub.