AI Model Report

Reviews · JULY 2, 2026

Sonnet 5 lands at 63.2% on SWE-bench Pro as Fable 5 returns from an 18-day export-control freeze

Anthropic shipped its mid-tier Sonnet 5 and restored global Fable 5 access on the same day, closing an incident that began when Amazon researchers demonstrated a safeguard bypass — one that Anthropic's own testing showed every frontier model could reproduce.

By Karl Strauchman · Senior model reviewer · July 2, 2026

Anthropic released Claude Sonnet 5 on June 30, 2026, and restored global access to Claude Fable 5 the following day, closing an 18-day export-control suspension that began June 12 when the U.S. Department of Commerce applied controls to Fable 5 and Mythos 5. Two announcements on consecutive days, one a routine mid-tier refresh, the other a postmortem on what happens when a frontier lab's safeguards fail in a way its regulators can't tolerate.

Sonnet 5 posts 63.2% on the SWE-bench Pro agentic coding benchmark, per TechCrunch, against 58.1% for Sonnet 4.6 and 69.2% for Opus 4.8. Anthropic frames the release, in language it didn't attach to a named executive, as "Sonnet 5 is a strict improvement over Sonnet 4.6 and covers a much wider range of cost-performance options than Opus 4.8." The system card is careful to note the model doesn't advance Anthropic's capability frontier. That's the point. Sonnet is the workhorse tier, and the release cadence is now optimized for agent economics, not headline benchmarks.

Introductory pricing runs through August 31, 2026 at $2 per million input tokens and $10 per million output, rising afterward to $3 and $15. A new tokenizer maps 1.0 to 1.35 times more tokens from the same input, which Anthropic says nets out roughly cost-neutral against 4.6.

The system card also quietly re-baselines 4.6 after a grader update: 78.5% on OSWorld-Verified, 34.6% on Humanity's Last Exam without tools, 46.8% with tools. Retrospective benchmark adjustments are the kind of thing that used to be footnotes; now they're the load-bearing methodology.

On safety, TechCrunch and The Register report lower rates of hallucination, sycophancy, and prompt-injection compliance. The Register also notes that Sonnet 5 failed a commanded Firefox exploit but "got a bit further than Sonnet 4.6 in the attempt." Capability rises. Compliance falls. The gap is the product.

Which brings us to Fable 5. Amazon researchers, unnamed in the redeployment note, found a prompting method that got the model to identify software vulnerabilities and produce exploit-demonstration code. Anthropic suspended access globally because it couldn't verify user nationality in real time, an admission that export-control compliance and consumer AI distribution are structurally at odds. Internal testing then showed the same bypass reproduced across Haiku 4.5, Opus 4.6, Opus 4.7, Opus 4.8, GPT-5.4, GPT-5.5, and Kimi K2.7. Every frontier model tested, in other words, has the same hole.

The fix is a new classifier trained on that specific bypass, plus a proposed jailbreak-severity scoring framework, modeled on CVSS, that Anthropic is developing with Amazon, Microsoft, Google, and other Project Glasswing partners. Access returns first to Claude Platform, Claude.ai, Claude Code, and Cowork, with AWS, Google Cloud, and Microsoft Foundry following.

CVSS emerged in 2005 when the security industry decided vendor-by-vendor severity claims had become illegible to buyers. Twenty-one years later, the frontier labs are reaching for the same instrument, at the same point in the cycle, for the same reason.

Sources

  • https://www.anthropic.com/news/claude-sonnet-5
  • https://www.anthropic.com/news/redeploying-fable-5
  • https://www.anthropic.com/claude-sonnet-5-system-card
  • https://techcrunch.com/2026/06/30/anthropic-launches-claude-sonnet-5-as-a-cheaper-way-to-run-agents/
  • https://www.theregister.com/devops/2026/07/01/claude-sonnet-50-heads-straight-down-the-middle-of-the-road-to-dodge-controversy/5265398