Back to Blog
claude-code weekly-update release-notes fable-5 mythos-5 model-policy security community eval agent-patterns

What's Up Claude Code: Week of June 8th

Olivier Legris ·

TL;DR

This week was the Fable 5 / Mythos 5 week, and it ended the opposite of how it started. Anthropic launched a new “Mythos-class” frontier tier on Monday with all the fanfare a $10/$50 model launch deserves, then suspended both Fable 5 and Mythos 5 for all customers on Friday under a US government export-control directive. Because Fable 5 had become the default on Pro/Max, half of Claude Code woke up to a “model may not exist or you do not have access” error. The fix is brutal in its simplicity: pin to Opus 4.8 and wait.

Sandwiched in between: Anthropic walked back Fable 5’s invisible guardrails under community pressure, and v2.1.176 shipped a real release notes drop on Friday afternoon. Tomorrow (June 15) the Agent SDK and claude -p move to a dedicated credit pool at full API rates — re-audit any scheduled or CI budget before the cutover.

The blunt read: the platform is now powerful enough that a single model-tier decision can break Claude Code for everyone. Expect a steadier two weeks before the dust settles.

1. Fable 5 & Mythos 5 launched Monday — and broke on Friday

Anthropic’s June 9 launch post introduced a new “Mythos-class” tier above Opus. Two model IDs:

  • Claude Fable 5 (claude-fable-5) — generally available, safety-classified.
  • Claude Mythos 5 (claude-mythos-5) — same model with classifiers removed, restricted to Project Glasswing cyber partners (and soon a small set of biology researchers).

The headline numbers: 1M-token context by default, up to 128K output tokens, $10/M input, $50/M output (about 2× Opus 4.8). Available on the Claude API, AWS Bedrock, Vertex AI, Microsoft Foundry, and GitHub Copilot. Reach it in Claude Code by upgrading to v2.1.170 and selecting it.

The non-headline numbers matter more in practice:

  • Both are “Covered Models” with mandatory 30-day data retention. Zero Data Retention is no longer an option. The HN thread on the AWS Bedrock fallout is at ~331 points and growing. Anthropic explicitly logged all human access to the retained data and committed to 30-day deletion “in almost all cases” (the “almost” = safety investigations / legal holds).
  • Flat-rate subscription coverage reportedly ends June 22, 2026. After that, Fable is billed separately on top of your plan. Fable 5 is already reported to burn the 5-hour usage window in as little as 8 minutes under max thinking with subagents.
  • Refusals come back as HTTP 200 with stop_reason: "refusal" and name the classifier that declined. Not billed. A new fallbacks beta param helps with retry shaping. If you script the Agent SDK against Fable, handle this explicitly — it’s a real behavior change vs Opus/Sonnet/Haiku.

Then on June 12, Anthropic suspended both Fable 5 and Mythos 5 for all customers under a US government export-control directive. The on-the-wire symptom: claude-fable-5 may not exist or you do not have access. The fix is documented at anthropic.com/news/fable-mythos-access and boils down to switching your default to Opus 4.8.

Practical playbook:

# Pin Opus 4.8 as your default immediately
claude --model claude-opus-4-8

# Or in ~/.claude/config.json:
#   "model": "claude-opus-4-8"
# And remove "claude-fable-5" from any fallback_models list

A 24h Anthropic follow-up characterized the government-cited “jailbreak” as a narrow, non-universal technique that essentially consists of asking the model to read a specific codebase and fix software flaws — i.e. a normal Claude Code / security-review use case — surfacing only previously-known minor vulns also discoverable by other public models (including GPT-5.5). As of this writing both models are still suspended; Anthropic is contesting the directive and working to restore access. Fable 5 was already scheduled to leave flat-rate coverage on June 22, so any Fable-dependent config was due to break regardless. If your org uses enforceAvailableModels, the v2.1.176 fix means the managed allowlist now actually gates the default model.

Sources: Anthropic Fable 5 / Mythos 5 launch · Anthropic access-suspension update · Platform docs: Fable 5 / Mythos 5 behavior changes · Simon Willison on cost shock · HN: AWS Bedrock 30-day retention · HN: ZDR broken by Fable 30-day retention

2. Anthropic walks back Fable 5’s invisible guardrails

The Fable 5 system card documented a behavior most users would consider unacceptable: the model would silently degrade responses on a narrow set of “frontier LLM development” tasks — pretraining pipelines, distributed training infra, ML-accelerator design — using prompt modification, steering vectors, or PEFT, with no user notification. The hard-block-and-fall-back-to-Opus pattern used for cyber/bio/chem did not apply here. The story, surfaced by Simon Willison, hit 563 points / 489 comments on HN.

Two days later (June 11), Anthropic reversed: flagged requests now visibly fall back to Opus 4.8, users are notified every time, and explicit refusal reasons return on the API “within days.” The official line: “We went with invisible safeguards… that was the wrong tradeoff. You should have visibility into the safeguards.”

The Claude Code implication: if you ran Fable 5 against anything ML-research-shaped and got mysteriously poor results, that was the cause — and the behavior is now observable. Treat the classifier as visibly conservative on those prompts from now on, not silently lossy.

Sources: Simon Willison: Anthropic walks back policy · Simon Willison: invisible safeguards in the Fable 5 system card

3. v2.1.176 shipped a real release notes drop

v2.1.176 landed Friday afternoon (June 12) with one of the longer, more useful changelogs in recent memory. Highlights worth pulling out:

  • Session titles now follow the conversation’s language — set the language setting to pin.
  • New footerLinksRegexes setting for regex-matched link badges in the footer row (user or managed scope).
  • Bedrock credential caching now uses the Expiration from awsCredentialExport instead of a fixed 1 hour.
  • Real fix for availableModels enforcement: alias model picks can no longer be redirected to a blocked model via ANTHROPIC_DEFAULT_*_MODEL env vars, and /fast now refuses to toggle when it would switch outside the allowlist. The earlier #67349 report was right that the allowlist was leaky; this closes it.
  • Auto mode now falls back gracefully on Fable 5 for orgs without Opus 4.8 enabled — the classifier uses the best available Opus model instead of failing.
  • Hook if conditions for Read/Edit/Write now match documented patterns correctly: Edit(src/**), Read(~/.ssh/**), Read(.env) all behave as the docs claim.
  • Linux sandbox no longer fails to start when .claude/settings.json is a symlink with an absolute target.
  • tmux over SSH fixes/copy and mouse selection now reach the system clipboard, and tmux paste buffer loads on versions older than 3.2.
  • Remote Control fixes — no more silent model switches when connecting from web/mobile, disconnect notifications now show a human-readable reason instead of a bare code, and connection failures no longer duplicate a line in the transcript.
  • /cd and worktree moves no longer leave the session reporting the previous directory’s git branch.
  • Background sessionsclaude agents press-back no longer detaches other windows attached to the same session, “Working forever” after /bg mid-turn is fixed, and PRs opened during scheduled wakeups / blocked jobs now appear in claude agents search.

There is also a v2.1.177 release tag visible on the GitHub releases page (June 13), but the public changelog line is currently just “chore: Update CHANGELOG.md and feed.xml” — treat it as a docs/build update until Anthropic publishes real notes. Several fresh bug reports filed on June 14 (#68367, #68362, #68363, #68349) are filed against v2.1.177 and worth reading if you’re already on it.

Source: v2.1.176 release notes

4. The Agent SDK / claude -p credit-pool cutover hits tomorrow

Effective June 15, 2026, programmatic usage of the Agent SDK and claude -p moves to a dedicated credit pool at full API rates instead of drawing from your interactive Pro/Max/Team window. Interactive chat and CLI usage are unchanged. This is the cutover that was first telegraphed in the March-April enterprise pricing memo and reiterated in #61934.

If you run scheduled, CI, or headless Claude Code jobs, re-audit your budget before the cutover lands. Most direct CI integrations will need a switch from interactive credits to API-key billing, and self-hosted runner math changes accordingly. A useful mitigation: encode a per-subagent credit attribution ask (#61934) so you can actually see which subagent class is burning the pool.

Sources: Anthropic Fable 5 / Mythos 5 access update · Issue #61934: per-subagent credit attribution

5. Experimental Agent Teams is unstable — pin models, don’t trust completion counts

Three fresh OPEN bugs filed this week against CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1 paint a consistent picture of instability in long-running multi-agent orchestration:

  • #67964 — when an account hits a usage-limit window, an unattended session (e.g. a lead waiting on teammates, no pending interactive prompt) is gated silently with no banner, transcript event, or log entry. Queued messages are held until the window reopens. One reporter lost ~5 hours on a 1-lead + 5-teammate run that looked identical to a hang.
  • #68336 — the in-process task backend fans one logical agent name into N concurrent transcript writers, so each pending task_assignment is delivered once per live writer. The surviving writer re-receives already-completed assignments in waves and re-dispatches whole subtask sets (“replay storm”). Distinct from the earlier lead-echo loop; here a worker is the victim.
  • #67908 — a background team-lead (sessionKind: bg) that hits auto-compaction has its own main loop silently switched to teammateDefaultModel on the first post-compaction request, durable until a manual /model. Distinct from the teammate-only compaction bug family.

The takeaway: treat Agent Teams as experimental. For long autonomous runs, pin models explicitly, watch for silent usage-limit stalls, and don’t trust “completed task” accounting without verification.

Source: Agent Teams instability cluster

6. Community projects worth watching

This week’s KB had more new tools land than projects with the polish to feature, so the shortlist skews toward things that shipped a fresh update in the Jun 8–14 window:

  • DietrichGebert/ponytail — an MIT-licensed Claude Code plugin that adds a “lazy senior dev” coding mode. Before writing any code, the agent walks a minimization ladder: does this even need to exist? does stdlib already do it? is there a native platform feature? is there an existing dependency? can it be one line? The author’s 5-task benchmark reports ~16% fewer tokens, ~4× faster, and 293 LOC → 47 LOC; one example dropped a 190-line countdown “dashboard” to 13 lines. Auto-activates in Claude Code with a statusline badge; ships plain rules files for Cursor, Windsurf, Cline, Copilot, and Aider. Hit the top of r/ClaudeCode this week at ~1680 points. Pair with the “stacking loops” framing in §6b — this is the same instinct, applied to the inner loop of one task.
  • 2389-research/claude-plugins — a curated 28-plugin marketplace pushed June 11: TDD, multi-agent orchestration, binary reverse-engineering, structured decisions. Install-in-one-command. Early traction; cross-version-compatibility caveat applies.
  • JFrog Claude Code plugin (official) — JFrog and Anthropic’s joint software supply-chain governance plugin, available at claude.com/plugins/jfrog and pushed June 10. Adds JFrog Platform Skills that run platform operations in natural language, plus real-time package security + license/provenance validation as code is written. The interesting angle is policy enforcement inside the dev workflow, not just observability after the fact.
  • agent-vault-proxy — wire-level proxy that injects secrets into tool calls so the agent never sees them in cleartext. Directly addresses the #66044 secret-leak and the wider “sandbox is a guardrail not containment” theme. New (low-traction), but it’s the right shape of project for this week’s exfil/secret-leak concerns.
  • clawmetry — open-source “see your agent think” observability dashboard covering 12 AI agent runtimes including Claude Code, Codex, OpenClaw, and NVIDIA NemoClaw. Pushed again on June 8 (~370 stars). Worth a look if you want one dashboard across multiple runtimes rather than per-tool monitors.

All four are fresh in the current reporting window. The evergreen defending-code-reference-harness, open-dynamic-workflow, claude-git-sessions, and patchwork-os from last week are still worth a look but no longer the freshest signal — visit them via the Week of June 1st post instead of re-featuring them as this-week’s news.

6b. The smol.ai / latent.space community signal

This week’s AINews digest for Jun 11–12 (Loopcraft) and Jun 12–13 (Fable and Mythos officially too dangerous to release) carry a louder, less Anglocentric read on the Fable 5 / Mythos 5 story than the English-language tech press. Three threads worth pulling into the weekly:

  • “The Art of Stacking Loops” is becoming the operative frame. Boris Cherny: “I don’t prompt Claude anymore. I write loops, the loops do the work.” Steipete: “You shouldn’t be prompting coding agents anymore. You should be designing loops that prompt your agents.” Andrej Karpathy, on Autoresearch: “You need to take yourself outside. You have to arrange things such that they’re completely autonomous and the more you know how can you maximize your token throughput and not be in the loop.” Latent.Space’s framing: “one might argue the entire game of the next century is to be able to stack loops as effectively as possible.” The Salty Lesson, in their words: don’t fix things yourself, focus on systems that scale with more agents, like goals and orchestration. That maps directly onto the experimental Agent Teams cluster above — the orchestration is the product, the loop is the unit.
  • The “model sovereignty” reframing is the most useful long-term read of the suspension. Engineers quickly moved past the policy story to the structural one: closed frontier APIs can disappear overnight, and frontier labs with many non-US researchers may be directly impaired. @natolambert, @theo, and @cohere converged on “owning the stack matters”; Artificial Analysis summarised the impact bluntly as “the first time our Intelligence Frontier chart has moved backward.” Gergely Orosz’s engineering recommendation — put models behind provider-agnostic routers/harnesses so teams can switch vendors quickly when T&Cs or behavior become unacceptable — is the right takeaway if you’re locking in any 30-day+ Claude Code contract.
  • Fable 5 community projects deserve to be in the project section, not buried here. A developer remastering Midwinter claims Fable 5 reverse-engineered the 1989 DOS executable overnightDrEvil-TitaniumHelix/midwinter-decode shipped 602 mapped functions and a bit-exact Python reimplementation of the terrain generator, with parallel agents over the disassembly and an evidence ledger (1144-pt r/ClaudeAI thread). Separately, “World of ClaudeCraft” — a vibe-coded browser MMORPG built with Fable 5 in a couple of days — hit 2724 upvotes on Reddit. Both came out before the suspension, so treat them as a snapshot of what the model could do, not what you can run today.

Two eval/benchmark data points worth flagging since they reframe what the suspension actually cost:

  • Artificial Analysis swapped SWE-Bench Pro for Datacurve’s DeepSWE in its Coding Agent Index this week — Claude Code + Fable 5 [max] entered at 77, Codex + GPT-5.5 [xhigh] at 76, Claude Code + Opus 4.8 [max] at 73. That’s the headline ranking, and it’s the ranking Fable 5 just got removed from. SWE-Bench Pro was dropped due to “repository history leakage”; DeepSWE writes tasks from scratch.
  • Epoch’s FrontierMath v2 (audited 42% of v1 problems) bumped Fable 5 to 87% Tiers 1–3 and 88% Tier 4, the highest public score for a closed model right now. That data lives on; we just can’t query against it for a while.

On the open-weights side (worth knowing for the model-routing recommendation above): Moonshot’s Kimi K2.7-Code (1T total / 32B active, MLA, 256K, native INT4, +21.8% on Kimi Code Bench v2, 30% fewer thinking tokens), MiniMax-M3 (428B total / 23B active, 1M context, native multimodal, MiniMax Sparse Attention cutting per-token attention compute to 1/20), and Huawei’s openPangu 2.0 (open-sourcing June 30 — Pro 505B/18B, Flash 92B/6B, both 512K context, Ascend-optimized) all landed in the same window. Day-0 inference ecosystem support for M3 (SGLang, vLLM, Modular, Together, Baseten, Fireworks, Unsloth GGUF) is the structurally interesting signal — open-model distribution and inference integration now happen on much tighter release cycles than closed launches.

7. Community events

This week (Jun 8–14):

Next week (Jun 15–21): no events yet synced for this bucket from src/data/events.json — the next synced events begin Jun 16. If you’re a leader in this window and have one to add, sync it from Luma first.

Later in June:

Later:

Host your own on Luma →

8. What I’m watching

  1. Whether Fable 5 / Mythos 5 actually come back online this week — and whether Anthropic publishes a clear “this is what triggered the directive” write-up so customers can document their own risk model.
  2. Whether v2.1.176’s availableModels enforcement fix holds under the new Fable 5 default — the model picker has had at least three enforcement stories this month and admins need one that sticks.
  3. Whether the Agent SDK credit-pool cutover (Jun 15) lands cleanly — the HN chatter is mostly speculative; we’ll see real failure modes in CI on Monday.
  4. Whether Agent Teams gets a stability post-mortem for the silent-usage-limit / replay-storm / post-compaction model-swap cluster, or whether these keep accumulating as separate issues.
  5. Whether the community standardizes on policy-enforcement layers (JFrog, agent-vault-proxy, sandfence) instead of one-off hooks — that would be the natural response to this month’s Fable + secret-leak + permission-bypass stories.