Are users too stupid to deserve Fable? Anthropic's response made me laugh in frustration: the most expensive model, the most aggrieving experience
The Most Powerful Coding Model: Leave the Coding to the Old Model
Has Fable 5 saved Anthropic, whose reputation declined due to the under - performing Sonnet 5?
After the release of Sonnet 5, some users sharply commented, "It can be directly thrown into the trash can." It "costs 1.2 times more than Opus 4.8 Max, 2 times more than GPT - 5.5 - xhigh, 5 times more than GLM - 5.2, 7 times more than Kimi - K2.6, and 57 times more than DeepSeek - V4 - Pro."
Today, Fable 5 is back, and Anthropic is offering a limited - time discount. Some paying users with usage quotas can access Fable 5 before July 7th. They can use up to 50% of their weekly usage quota on Fable 5. After reaching this limit, they can switch to other models or continue using Fable with usage credits.
Anthropic also clearly stated that Claude Fable 5 consumes the quota faster than other Claude models.
The price of Claude Fable 5 is $10 per million input tokens and $50 per million output tokens; the existing 90% discount on prompt caching input tokens still applies. After July 7th, Fable will be split into a separate quota and deducted from points. For workloads running in the United States, the inference process of Fable 5 only runs on U.S. infrastructure, and both input and output tokens are charged at 1.1 times the price.
What has caused the most controversy is the new fallback mechanism this time.
Anthropic has updated its network security protection measures. In the short term, compared with the previous protection mechanism of Fable, the new measures will misjudge a slightly higher proportion of harmless requests as ones that need to be intercepted. When a request is marked, users will receive a clear notice, and the response will be provided by Opus 4.8 instead. "The official said, 'Most coding work will not be affected.'"
Meanwhile, the biological and chemical classifiers remain the same as when they were initially released. These classifiers currently have a broader scope than the official expectations; they will trigger a fallback to Opus 4.8 on some basic biology - related questions. Improvements to these classifiers will be launched later.
Immediately, Dax, a developer of OpenCode, gave feedback, "Many of my prompts have been downgraded. When I checked the logs, it said 'TOO_DUMB_TO_NEED_FABLE'. What on earth is going on?"
Thariq Shihipar, an engineer of Claude Code, replied, "To be honest, I didn't expect you to check the logs."
Some netizens joked, "Dax, don't forget, now it also shows '50% used'. Your so - called Fable usage right is just a joke."
Some users made a fitting analogy:
Anthropic: "I've built you an F1 Ferrari."
Me: "I'm so looking forward to seeing how fast it can go."
Anthropic: "Sure, here's a Prius. Have fun!"
Someone continued, "When you get into that Prius, you'll find a sticker... 'Be glad I didn't delete everything.'"
Some angry developers said bluntly, "I really don't understand who Fable 5 is for. Its price is $10 per million input tokens and $50 per million output tokens, exactly twice that of Opus 4.8. But now, many regular coding and debugging requests will be marked by the new security filter and then rerouted to... Opus 4.8. That means you pay double the price, wait for a classifier to check your request, and finally get an answer from a cheaper model. What's the point of this model then?"
"In my opinion, this whole show is just a marketing campaign, nothing more," a netizen said when commenting on the return of Fable 5.
"They'll never make the high - quality Mythos - level models available to the public, mainly because of money. Since governments and private enterprises can bring them much higher profit margins, why offer these models to the general public? That's why they say open - source AI models may pose potential risks and attack GPT - 5.5 for having too few security guards. They don't want competition; they just want to make your money and keep the really good stuff locked up, only offering it to wealthier companies," a netizen said.
Anti - distillation Backfires on "Security"
The release of the entire new model fully demonstrates Anthropic's style of "saying one thing in public and doing another in practice."
Previously, Anthropic described Mythos as having "unprecedented cybersecurity risks" and said it would not be publicly released in full. Instead, it launched Project Glasswing, providing a $100 million usage quota for enterprises such as Apple, Microsoft, Google, Nvidia, AWS, and JPMorgan. The price of the Mythos Preview is five times that of Opus 4.6.
"Mythos uses the same strategy: emphasize the danger, restrict access, create exclusive demand, and then drive the next round of financing," someone commented. David Sacks, the former White House AI and cryptocurrency director, questioned, "Whenever Anthropic starts scaring people, you have to ask: Is this their 'the sky is falling' routine, or is it for real this time?"
In the past few years, Anthropic has been the company in the AI industry that is best at telling "security stories."
Compared with OpenAI's early commercialization spree, Anthropic appears more restrained and prudent. Dario Amodei and his employees emphasize the importance of "security" in all their external sharing. However, the competitive advantage originally established through "security" has, in the case of Fable 5, started to turn into political considerations about whether to release the model and a real impact on the user's product experience.
To tell a good "security story," Dario Amodei publicly opposes open - source, saying that open - source AI is on a "very dangerous path." He warns that once powerful models are publicly released, enterprises will lose the ability to monitor abuse, revoke access rights, or update security protection measures.
It can be seen that Anthropic is not only selling models but also selling a promise: we are more cautious, more concerned about security, and more worthy of enterprises' trust. That's why users naturally have higher expectations of it.
But its current core contradiction is: it wants to maintain the brand image of a security company while bearing the high inference costs of cutting - edge models; it wants to open up to developers and enterprise customers while preventing resale, proxy, abuse, and distillation; it wants to prove that it is more responsible than OpenAI while improving monetization efficiency and controlling resource consumption under commercial pressure.
These goals are inherently in conflict: the stronger the control, the worse the experience; the higher the price, the more picky the users; the more full - fledged the talk about security, the higher the requirement for transparency. Currently, Anthropic doesn't seem to have found the right balance.
Recently, the controversy surrounding the hidden markers in Claude Code has made users re - examine the trust boundary of Anthropic: Should a company that has long used "security and trustworthiness" as its core selling point encode users' environment and routing information in system prompts in a way that is difficult for users to detect?
This incident first fermented on Reddit. Subsequently, a GitHub technical analysis report said that when Claude Code detects that users set a third - party ANTHROPIC_BASE_URL instead of the official API endpoint, it will check the proxy hostname and system time zone. If the system time zone is Asia/Shanghai or Asia/Urumqi, or if the proxy domain name matches specific Chinese technology companies, Chinese AI laboratories, Claude resale sites, and mirror proxy services, Claude Code is said to modify the line "Today’s date is …" in the system prompt.
The modification method is very subtle. For example, the date separator changes from 2026 - 06 - 30 to 2026/06/30, or the apostrophe in "Today’s date" is replaced with a character that is almost indistinguishable to the naked eye but has a different Unicode encoding.
Transit stations usually clean the HTTP header and filter obvious metadata fields, but rarely rewrite natural - language content like dates. If the request finally returns to the official Anthropic API, Anthropic has the opportunity to identify in the logs whether the request comes from a specific time zone, whether it passes through a suspected proxy, and whether it matches a specific domain name or keyword.
Even Chen Cheng from Ant Group, after looking at the source code of Claude Code version 191, posted an analysis on X, saying, "From a technical perspective, Anthropic's anti - distillation mechanism is quite ingeniously designed."
He explained that there is such a prompt in Claude Code: return `Today${n}s date is ${r}.`;
"They used steganography in this sentence, embedding characters that are almost imperceptible to the human eye into the system prompt to secretly encode the system time zone and proxy endpoint identity. The trigger condition is: you set a third - party transit address ANTHROPIC_BASE_URL, and it is not http://api.anthropic.com. So, if you are a user directly connecting to the official API, you won't be affected at all. In other words, the recent wave of account suspensions has nothing to do with this mechanism."
"It's also quite cunning to choose the sentence 'Today’s date' as the carrier," Chen Cheng said. This marker is hidden in the body of the system prompt, not in the HTTP header or metadata. Transit stations usually rewrite or filter the header, but almost no one will process natural - language content like dates, so this is a watermark that can't be removed even by header cleaning.
Moreover, currentDate is one of the user's context fields, alongside claudeMd and userEmail, and will be carried with each request. Therefore, this marker can appear almost 100% stably. The changes in the apostrophe and date separator are semantically lossless, and the model reads them exactly the same. It's also difficult for users to notice when doing a diff, maximizing the concealment.
"The real key is how to close the evidence chain." This marker will be passed along with the request. When a transit station or distillation pipeline finally returns to the official Anthropic API to resell Claude, the request carrying this marker will flow back to Anthropic's own server.
So Anthropic can see in its own logs: in this "request directly sent to me," the date is 2026/06/30, and the slash represents the Chinese time zone; the apostrophe is ʹ, i.e., U+02B9, representing that both the domain name and the deepseek keyword are matched. This forms very clear evidence: the source is a client in the Chinese time zone and using domestic large - model - related transit services.
It doesn't need to actively detect; the traffic itself will "reveal its identity." As long as the request finally returns to Anthropic, the identity can be self - proven. In this way, they can clearly see which channels are flowing to China, which are resold by transit stations, and which may be used by large companies for distillation, and leave sufficient evidence.
After the incident was widely reported, Thariq Shihipar, an engineer of Claude Code, responded that this was an anti - distillation measure: "This is an experiment we launched in March to prevent unauthorized resellers from abusing accounts and to prevent model distillation. Since then, the team has launched stronger mitigation measures, and we actually always planned to take this mechanism offline. We have merged the relevant PR, and it is expected to be completely rolled back in tomorrow's version."
Actually, it's not uncommon for software vendors to collect telemetry data, and AI companies do have a strong motivation to identify abuse, resale, sanctions risks, and model distillation attempts. To some extent, Anthropic's attempt to prevent the unauthorized resale of Claude access rights in China is not surprising. The problem lies in the method it uses.
Developers can understand and evaluate publicly disclosed telemetry, but secretly modifying invisible prompt characters is another matter. This is a serious boundary issue. If the client quietly encodes routing metadata into the prompt, users have every reason to ask: What other information is encoded? What other client - side checks exist? Are these behaviors documented anywhere? Therefore, this behavior has also annoyed foreign developers.
"Are You Also Fed Up with Anthropic?"
"Are you also fed up with Anthropic's misleading and ever - changing communication and marketing strategies?" A netizen described his feelings on Reddit:
They first said they had created the best model in history, and then said, "Haha, just kidding. This model is too dangerous, so you can't ask these questions."
They released a new model, Sonnet 5, and accompanied it with a performance chart. People thought it was mediocre, and then they updated the same chart, saying, "Now we're using a better benchmark. Hahaha."
The Max 5 - 20 package doesn't actually give you 20 times the weekly usage. You buy an annual package, and then they change the usage limits you originally agreed to, or don't allow you to use certain models.
On the one hand, they say their models are too dangerous for public use and call for a development pause; on the same week, they release the models they just said were dangerous and then prevent us from asking questions.
We don't even know what we're paying for. Similar tasks consume far more tokens on some days.
I encounter errors every day, but the status page shows everything is green, with no incidents.
When the server doesn't respond, they say it's my problem and ask me to check my VPN or network connection. It's never their problem.
You buy a product, and then they change the product at will, cut your quota, and publicly mislead users about performance, usage, and availability. It's really crazy. I don't know how they can keep getting away with it.
"They have their own agenda. They say and do whatever they want. I completely disagree, but until a fair - competition environment emerges, we can only tolerate their misdeeds," a user complained.
Some users said bluntly, "Anthropic is really a rip - off. Every month, I have to deal with stupid things like the model being crippled and the weekly limit being secretly weakened. After switching to Codex, I don't have to worry about these things anymore. The only thing I miss is the front - end generation function."
"Unfortunately, they're also trying to label OS/OW