[{"data":1,"prerenderedAt":326},["ShallowReactive",2],{"switcher-blog-pareja":3,"art-claude-fable-5-ai-finds-kernel-flaws-servers-en":6},{"en":4,"es":5},"\u002Fen\u002Fblog\u002Fclaude-fable-5-ai-finds-kernel-flaws-servers\u002F","\u002Fes\u002Fblog\u002Fclaude-fable-5-ia-encuentra-fallos-kernel-servidores\u002F",{"id":7,"title":8,"author":9,"body":10,"date":310,"description":311,"extension":312,"image":313,"meta":314,"navigation":315,"pareja":316,"path":317,"seo":318,"stem":319,"tags":320,"__hash__":325},"blogEn\u002Fen\u002Fblog\u002Fclaude-fable-5-ai-finds-kernel-flaws-servers.md","Claude Fable 5: the AI that finds 27-year-old flaws in your kernel is now public","Paco Cubel",{"type":11,"value":12,"toc":293},"minimark",[13,18,27,38,41,45,48,76,83,87,94,121,128,137,141,148,159,162,181,184,188,191,196,208,212,219,223,230,234,241,244,248,255,258,262],[14,15,17],"h2",{"id":16},"stripping-off-the-marketing-layer","Stripping off the marketing layer",[19,20,21,22,26],"p",{},"On 9 June Anthropic released ",[23,24,25],"strong",{},"Claude Fable 5",", and every outlet ran the usual headline: \"the most powerful AI model ever made public\", record benchmarks, fewer steps to write code, and so on. As with every launch, 90% of the coverage is the same numbers race we already know by heart.",[19,28,29,30,33,34,37],{},"Frankly, \"it's great at coding\" doesn't move us much. The question that actually matters, if you run servers, is a different one: ",[23,31,32],{},"what does this model do that touches the infrastructure you manage?"," And there the answer isn't a benchmark. It's that Fable is the public face of ",[23,35,36],{},"Mythos",", the model that over the past few weeks has been finding security flaws up to 27 years old in the software that runs underneath half the internet.",[19,39,40],{},"That's worth a few minutes. Let's separate the signal from the noise.",[14,42,44],{"id":43},"what-fable-5-is-and-what-mythos-is","What Fable 5 is (and what Mythos is)",[19,46,47],{},"First, let's clear up the naming confusion, because it's the key to the whole thing:",[49,50,51,66],"ul",{},[52,53,54,57,58,61,62,65],"li",{},[23,55,56],{},"Mythos 5"," is Anthropic's frontier model. It's the one with the raw capability. It is ",[23,59,60],{},"not freely available",": only a closed group of \"cyberdefenders\" and critical infrastructure providers use it — AWS, Apple, Cisco, CrowdStrike, Google, Microsoft, NVIDIA, Palo Alto Networks, the Linux Foundation, JPMorganChase and others — inside a programme called ",[23,63,64],{},"Project Glasswing",", in collaboration with the US government.",[52,67,68,71,72,75],{},[23,69,70],{},"Fable 5"," is the ",[23,73,74],{},"same underlying model",", but wrapped in safety classifiers and opened to the general public. It's what you and we have been able to use since yesterday.",[19,77,78,79,82],{},"Put another way: Fable and Mythos share a brain. The difference isn't in what they know, but in ",[23,80,81],{},"what they're allowed to do",". And for a systems administrator, that's the interesting part of the story.",[14,84,86],{"id":85},"what-mythos-has-found-and-why-it-concerns-you","What Mythos has found (and why it concerns you)",[19,88,89,90,93],{},"Here's the real news, the bit that didn't make the front-page headlines. Within Project Glasswing, ",[23,91,92],{},"50 organisations have used the model to identify more than 10,000 high- or critical-severity vulnerabilities",". These aren't toy bugs. A sample of what's surfaced:",[49,95,96,103,109,115],{},[52,97,98,99,102],{},"A ",[23,100,101],{},"remote denial-of-service flaw in OpenBSD that had been in the code for 27 years",". Twenty-seven.",[52,104,98,105,108],{},[23,106,107],{},"16-year-old vulnerability in FFmpeg",", the video library that is, quite literally, everywhere.",[52,110,98,111,114],{},[23,112,113],{},"remote RCE in FreeBSD's NFS"," (CVE-2026-4747).",[52,116,117,120],{},[23,118,119],{},"Multiple privilege-escalation chains in the Linux kernel",".",[19,122,123,124,127],{},"We'll say it without melodrama, but stop and think for a second: we're talking about the kernel running on your VPS, the library decoding the video you serve, the network file system on your machines. Flaws that ",[23,125,126],{},"survived decades of human review",", found in weeks by an AI model.",[19,129,130,131,136],{},"If the pattern feels familiar, it's because it's exactly the same one as ",[132,133,135],"a",{"href":134},"\u002Fen\u002Fblog\u002Fcve-2026-46333-ssh-keysign-pwn-linux-kernel","CVE-2026-46333 \"ssh-keysign-pwn\""," we wrote about last month: a flaw that entered the kernel back in 2017 and that nobody had pieced together until now. Only this time it wasn't a lucky researcher. It was a machine, at scale, finding ten thousand at once.",[14,138,140],{"id":139},"why-they-put-a-lock-on-the-public-version","Why they put a lock on the public version",[19,142,143,144],{},"Here's the obvious question, and a client put it to us almost in these words: ",[145,146,147],"em",{},"\"If that capability can find 27-year-old flaws, why won't the public version let me use it?\"",[19,149,150,151,154,155,158],{},"The answer is ",[23,152,153],{},"dual use",". The same skill that lets a defender find and patch a decades-old hole lets an attacker ",[23,156,157],{},"turn it into an exploit"," before anyone closes it. Finding a zero-day isn't good or bad in itself: it depends on whose hands are on the keyboard.",[19,160,161],{},"That's why Anthropic split the launch in two:",[49,163,164,170],{},[52,165,166,169],{},[23,167,168],{},"Verified defenders"," (Glasswing) get the model with no lock. They want the people protecting the world's OpenBSD to get there before the people attacking it.",[52,171,172,173,176,177,180],{},"The ",[23,174,175],{},"general public"," gets Fable, which is just as capable for almost everything — engineering, analysis, research — ",[23,178,179],{},"but automatically routes offensive exploitation queries to a more conservative model (Opus 4.8)",": hunting for zero-days in operating systems, browsers and the like. According to Anthropic, that fallback triggers in fewer than 5% of sessions.",[19,182,183],{},"It's not a contradiction. It's access control over a dangerous capability. The capability exists and has been demonstrated; they're deciding who gets it without the brakes on.",[14,185,187],{"id":186},"what-actually-changes-for-anyone-running-servers","What actually changes for anyone running servers",[19,189,190],{},"Let's bring this down to earth, which is what we're here for. Beyond the headline, there are three concrete things an administrator should take away:",[192,193,195],"h3",{"id":194},"_1-patching-discipline-is-no-longer-optional-its-survival","1. Patching discipline is no longer optional — it's survival",[19,197,198,199,202,203,207],{},"Until now, a flaw hiding for twenty years played in your favour: if nobody had found it, you probably wouldn't be the one to get hit. ",[23,200,201],{},"That maths is over."," When a machine can audit an entire kernel and spit out ten thousand flaws, the inventory of dormant vulnerabilities is going to come to light — from one side or the other. The server that survives a bad Friday isn't the lucky one, it's the one with its ",[204,205,206],"code",{},"apt update && reboot"," kept current.",[192,209,211],{"id":210},"_2-the-window-between-flaw-disclosed-and-exploit-exists-is-going-to-shrink","2. The window between \"flaw disclosed\" and \"exploit exists\" is going to shrink",[19,213,214,215,218],{},"If vulnerability discovery itself gets automated, so does the chain from discovery to a working exploit. The practical consequence: ",[23,216,217],{},"the time you have to patch after a disclosure gets shorter",". What you could once get away with doing \"next week\" is now best done the same day.",[192,220,222],{"id":221},"_3-youll-see-a-wave-of-rediscovered-old-cves","3. You'll see a wave of \"rediscovered\" old CVEs",[19,224,225,226,229],{},"Over the coming months, expect security advisories about code that had been running for years or decades without a hitch. It's not that the software suddenly got worse: it's that someone is now looking at it with an industrial magnifying glass. ",[23,227,228],{},"Don't panic at every headline, but keep your update plan well oiled",", because it's going to work harder than usual.",[14,231,233],{"id":232},"what-we-think","What we think",[19,235,236,237,240],{},"At Atenea Systems we're not going to use Fable to \"hunt zero-days\" — it won't let us, and it's not our job. But the news confirms something we've been preaching to our clients for years: ",[23,238,239],{},"the patching plan isn't a maintenance chore, it's your first line of defence",". What Fable and Mythos change isn't the nature of the problem, it's its speed. Whoever already kept their servers current stays calm. Whoever was running on \"when I get around to it\" now has one more reason to stop.",[19,242,243],{},"And it's worth keeping perspective amid all the noise: Fable is, on top of all this, a perfectly capable tool for entirely ordinary tasks — documentation, log analysis, defensive review of your own code. That part has no lock, and it's what most people will use. As with any launch, a dazzling demo is one thing and a tool proven in production is another. We note it, we follow it, and we recommend it once it stops being a headline and starts being reliable.",[14,245,247],{"id":246},"the-underlying-lesson","The underlying lesson",[19,249,250,251,254],{},"Every so often the tool changes, but the conclusion is always the same: ",[23,252,253],{},"what protects you isn't the obscurity of your code, it's your discipline in updating it",". For years, many flaws lived quietly because finding them was expensive and slow. That's over. From now on you have to assume that everything wrong with your software will eventually be found — and hope it's found by one of the good guys before anyone else.",[19,256,257],{},"If your update plan today amounts to \"when there's time\", it's a good moment for us to talk.",[14,259,261],{"id":260},"references","References",[49,263,264,272,279,286],{},[52,265,266],{},[132,267,271],{"href":268,"rel":269},"https:\u002F\u002Fwww.anthropic.com\u002Fnews\u002Fclaude-fable-5-mythos-5",[270],"nofollow","Claude Fable 5 and Claude Mythos 5 — Anthropic",[52,273,274],{},[132,275,278],{"href":276,"rel":277},"https:\u002F\u002Fwww.anthropic.com\u002Fresearch\u002Fglasswing-initial-update",[270],"Project Glasswing: An initial update — Anthropic",[52,280,281],{},[132,282,285],{"href":283,"rel":284},"https:\u002F\u002Fwww.helpnetsecurity.com\u002F2026\u002F05\u002F26\u002Fanthropic-project-glasswing-update\u002F",[270],"Anthropic: Claude Mythos identified 10,000+ software flaws — Help Net Security",[52,287,288],{},[132,289,292],{"href":290,"rel":291},"https:\u002F\u002Fwww.itpro.com\u002Ftechnology\u002Fartificial-intelligence\u002Fanthropic-just-launched-claude-fable-5-its-first-mythos-class-ai-model-but-it-has-new-safeguards-to-prevent-misuse-and-will-fall-back-to-opus-4-8-for-high-risk-queries",[270],"Anthropic just launched Claude Fable 5, its first Mythos-class AI model — IT Pro",{"title":294,"searchDepth":295,"depth":295,"links":296},"",2,[297,298,299,300,301,307,308,309],{"id":16,"depth":295,"text":17},{"id":43,"depth":295,"text":44},{"id":85,"depth":295,"text":86},{"id":139,"depth":295,"text":140},{"id":186,"depth":295,"text":187,"children":302},[303,305,306],{"id":194,"depth":304,"text":195},3,{"id":210,"depth":304,"text":211},{"id":221,"depth":304,"text":222},{"id":232,"depth":295,"text":233},{"id":246,"depth":295,"text":247},{"id":260,"depth":295,"text":261},"2026-06-10","Anthropic has released Fable 5, the public version of the same model that, in testing, uncovered more than 10,000 vulnerabilities in kernels, browsers and libraries that had gone undetected for decades. Here's what it is, what actually changes for anyone running servers, and why they put a lock on it.","md","\u002Fog\u002Fog-default.png",{},true,"claude-fable-5-ia-encuentra-fallos-kernel-servidores","\u002Fen\u002Fblog\u002Fclaude-fable-5-ai-finds-kernel-flaws-servers",{"title":8,"description":311},"en\u002Fblog\u002Fclaude-fable-5-ai-finds-kernel-flaws-servers",[321,322,323,324],"Security","AI","Linux","Servers","XZaJACUVCaWA9tp7Jfzz1Oceh-P2Vf6TKmUYmKz4Rwc",1781154907963]