DeFi community flags exploit risks after Claude Fable 5 release

On June 9, Anthropic released Fable 5, the first public build of its Claude Mythos family. The company said Fable 5 is “made safe for general use” and that certain topics, including cybersecurity, will be rerouted to Claude Opus 4.8 to limit misuse. Anthropic also said a small group of cybersecurity and infrastructure providers will receive access to Mythos 5 with fewer restrictions for testing and defense work.

Anthropic previously reported that the Mythos family, through Project Glasswing, identified more than 10,000 high‑ or critical‑severity vulnerabilities in systemically important software, including roughly 6,200 serious issues across more than 1,000 open‑source projects. The company warned that “releasing a model this capable comes with risks” and cautioned that without safeguards the model’s cybersecurity capabilities could be misused.

Crypto users and security specialists reacted quickly. Simon Dedic, founder of Moonrock Capital, wrote on X that with Fable 5 the “cost and skill required to find exploitable flaws in smart contracts is about to drop to basically zero.” He urged DeFi participants to revoke wallet approvals, remove funds from vulnerable protocols and move assets to new hardware wallets.

Michael Egorov, co‑founder of Curve Finance, questioned whether the model will lead to widespread DeFi code hacks. He noted Mythos identified vulnerabilities in large software projects with millions of lines of code, while many smart contracts are smaller and often easier for humans and existing tools to analyze. Egorov suggested attackers might instead target operational security failures such as compromised multisig keys or focus on supply‑chain and frontend dependency attacks.

The release follows a recent rise in crypto theft. In April, reported off-chain exploits reached $629.7 million, the largest monthly total since February 2025; some security analysts linked that month’s attacks to increased use of AI tools. The concern among crypto users centers on whether more capable models will accelerate both the discovery of vulnerabilities and automated exploitation.

Smart contracts are small programs that run on blockchain networks to automate financial actions. Many protocols publish code and undergo third‑party audits, but unaudited or newly deployed projects remain attractive targets because a single flaw can allow rapid, large‑scale fund drains. Security experts note that automation may speed up both defensive scanning and offensive reconnaissance.

Anthropic’s release routes sensitive queries and restricts full model access to some partners as an attempt to limit misuse while making Fable 5 publicly available. Security professionals have advised DeFi teams and infrastructure providers to update dependencies, tighten key management and prepare incident response plans as more powerful models become accessible.