{"id":13539,"date":"2026-06-11T10:03:40","date_gmt":"2026-06-11T10:03:40","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/06\/11\/anthropics-claude-fable-5-jailbroken-to-generate-stack-exploits\/"},"modified":"2026-06-11T10:03:40","modified_gmt":"2026-06-11T10:03:40","slug":"anthropics-claude-fable-5-jailbroken-to-generate-stack-exploits","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/06\/11\/anthropics-claude-fable-5-jailbroken-to-generate-stack-exploits\/","title":{"rendered":"Anthropic\u2019s Claude Fable 5 Jailbroken to Generate Stack Exploits"},"content":{"rendered":"

Anthropic\u2019s Claude Fable 5 Jailbroken to Generate Stack Exploits
\n \t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

Anthropic launched Claude Fable 5 on June 9, 2026, as the first publicly available model in its new Mythos class, its most capable AI to date, excelling in software engineering, knowledge work, and vision benchmarks.<\/p>\n

Researcher \u201cPliny the Liberator\u201d defeats Claude Fable 5\u2019s<\/a> safety classifiers using multi-agent decomposition, Unicode tricks, and narrative framing, leaking the model\u2019s 120,000-character system prompt along the way.<\/p>\n

The release came with an unusual design decision: Fable 5 and its restricted twin,\u00a0Claude Mythos 5,\u00a0share the same underlying model but are split by a layer of safety classifiers.<\/p>\n

When a query trips a classifier in high-risk categories cybersecurity, biology, chemistry, or model distillation Fable 5 silently hands off the request to the weaker Claude Opus 4.8, notifying the user of the fallback.<\/p>\n

Anthropic claimed an external bug bounty produced no universal jailbreaks across over 1,000 hours of testing before launch. That claim was almost immediately tested.<\/p>\n

Multi-Agent Bypass Within Days<\/strong><\/h2>\n

Within days of release, prolific AI red-teamer Pliny the Liberator publicly announced he had bypassed Fable 5\u2019s safety layers using a coordinated multi-agent attack strategy he called \u201ca pack hunt.\u201d<\/p>\n

Screenshots shared by Pliny showed detailed outputs, including step-by-step stack buffer overflow exploitation guidance for x86 Linux systems, including disabling ASLR, writing vulnerable C server code with strcpy<\/code> overflows, and compiling without protections \u2014 as well as the Birch reduction mechanism, a classic meth synthesis pathway.<\/p>\n

\n
\n
\n
\n

\"\ud83d\udea8\" JAILBREAK ALERT \"\ud83d\udea8\"<\/p>\n

ANTHROPIC: PWNED \"\ud83e\udee1\"
FABLE-5: LIBERATED \"\ud83e\udd8b\"<\/p>\n

let’s start with the \"\ud83d\udc18\"\u2026<\/p>\n

the consensus seems to be that this has been one of the most disappointing model drops of all time, effectively preventing legitimate researchers from contributing their talents to our\u2026 pic.twitter.com\/Z0vdPIt4vY<\/a><\/p>\n

\u2014 Pliny the Liberator \"\ud83d\udc09\"\udb40\udd6b\udb40\udd3c\udb40\udd3f\udb40\udd46\udb40\udd35\udb40\udd10\udb40\udd40\udb40\udd3c\udb40\udd39\udb40\udd3e\udb40\udd49\udb40\udd6d (@elder_plinius) June 10, 2026<\/a>\n<\/p><\/blockquote>\n