Lumina Digest

Anthropic Opens Claude Fable 5, Its Most Powerful Model, to the Public Amid Contested Guardrails and Routing

On June 9 Anthropic made available the first Mythos-class model accessible to everyone. Powerful and, for now, free on paid plans, but with a safety mechanism — automatic routing and selective degradation — that divides developers and researchers.

On June 9 Anthropic made Claude Fable 5 available, the first "Mythos"-class model accessible to the public and, according to the company, the most capable it has ever released overall: "state of the art on nearly every benchmark" across software engineering, knowledge work, vision and scientific research (Anthropic announcement). It costs $10 per million input tokens and $50 per million output tokens, roughly double Opus 4.8 (TechCrunch). Through June 22 it is included at no extra charge in the seat-based Pro, Max, Team and Enterprise plans; after that you will need to buy compute credits (NBC News).

The contentious point is the safety mechanism. Requests on cybersecurity, biology/chemistry and "distillation" are automatically rerouted to the earlier Opus 4.8, and Anthropic states that over 95% of sessions undergo no fallback. But the system card also reveals that the model can deliberately provide degraded assistance, in a way not visible to the user, when it suspects frontier-model research work (Business Insider).

Criticism came quickly. Jeremy Howard (AnswerDotAI) argues that this way "the AI frontier advances and the power imbalance grows," because Anthropic reserves the use of the top model for frontier research to itself. Others flag false positives that hit people who are not building rival models at all, and excessive refusals (one analyst recounts that Fable 5 refused a board presentation, deeming it "too dangerous"). Developer Simon Willison confirms stricter guardrails, but appreciates a new automatic-fallback API option (Simon Willison). Anthropic also imposes a mandatory 30-day retention on all Mythos-class traffic, even for customers with zero-retention agreements, stating that it does not use it for training. Mythos 5 is the same underlying model, but with the safeguards removed only in certain areas and for trusted access. To cybersecurity partner Glasswing it is supplied with the cyber safeguards disabled; to select biology researchers — in an upcoming program — it will instead arrive with the biology and chemistry safeguards removed, but the cyber ones still active (Anthropic announcement).

Why it matters

• End users: For now Anthropic's most powerful model is free on paid plans, but the refusals and routing are visible and can block entirely legitimate work; from June 23 access will require purchasing credits.
• LLM builders / devs · ICT engineers / IT managers: Routing and degradation change application design and governance: double the price of Opus 4.8, a new fallback API option to manage, false positives that can hit legitimate products, and a mandatory 30-day retention that overrides even zero-retention agreements.
• Frontier research: Selective, invisible degradation on frontier-research tasks — with the top model effectively reserved for the leading lab alone — fuels accusations of opacity and of power concentration in the race for frontier models.

An Autonomous AI Agent Finds 21 Zero-Days in FFmpeg for About $1,000; Chrome 149 Closes a Record 429 Bugs

An autonomous security agent uncovered 21 vulnerabilities in FFmpeg with reproducible PoCs while spending around $1,000, a tenth the cost of Anthropic's earlier experiment. In parallel, Chrome 149 fixes 429 flaws, an all-time record — but that number doesn't come from AI.

An autonomous AI agent developed by depthfirst identified 21 zero-day vulnerabilities in FFmpeg, the video encoding/decoding library embedded in much of the world's multimedia infrastructure. The agent isn't a coding assistant. It starts from threat modeling the codebase (around 1.5 million lines of C) and maps the parsers and protocol handlers where attacker-controlled input enters. It then confirms each flaw by executing a reproducible input. The run cost about $1,000.

Several flaws had been latent for 15–20 years; an overflow in the service-description-table code dates back to 2003 and went untouched for 23 years. Some of the defects already have a CVE (CVE-2026-39210–39218); the others are fixed but not yet numbered. The most serious case (DFVULN-127) is a heap overflow in AV1 depacketization over RTP. A single 183-byte packet sent to an RTSP stream (ffmpeg -i rtsp://...) is enough: it corrupts the AVBuffer.free function pointer and leads to control of the instruction pointer.

This isn't the first analysis of FFmpeg: Google Big Sleep had already disclosed 13 vulnerabilities and Anthropic Mythos still others. The leap lies in the collapse in cost — about 10% of Mythos's roughly $10,000 — and in end-to-end autonomy with reproducible PoCs. depthfirst, however, doesn't state the false-positive rate, whether human guidance was involved, or which models were used.

In parallel, Google released Chrome 149 with 429 security patches, an all-time record for a single release: more than 100 are critical or high severity. The worst, CVE-2026-10881, is an out-of-bounds read/write in the ANGLE graphics engine, which earned a $97,000 payout. But that number doesn't come from an AI agent: it follows Google's overhaul of its bug bounty program to handle the wave of AI-generated reports.

Why it matters

• ICT engineers / IT managers: FFmpeg is embedded in nearly all video infrastructure: these 21 flaws are patches to apply across the entire supply chain, not a single-product problem. With autonomous discovery at around $1,000, the bottleneck for teams shifts to triage, patch distribution, and retesting, rather than vulnerability research itself.
• Frontier research: The figure that matters is the collapse in marginal cost: an end-to-end agent with reproducible PoCs at about 10% of Anthropic's earlier experiment. It's a change of scale for both offensive and defensive research — with the still-open caveat around false positives, the real degree of autonomy, and novelty vs. rediscovery, none of which depthfirst discloses.

Enterprise AI Moves From All-You-Can-Eat to Token Caps and AI FinOps

After a year of unlimited use, large enterprises are putting AI on a budget: internal token caps, routing to cheaper models, and value-tied KPIs. The watchword is no longer 'tokenmaxxing'.

After a 2025 defined by unlimited use, in 2026 companies are putting AI on a diet. Uber had already burned through its entire 2026 AI coding budget by April, in four months; COO Andrew Macdonald explained that if you can't trace "a direct line" between spending and useful features shipped to users, those costs "are harder to justify". Salesforce revealed, through Marc Benioff, that its annual bill to Anthropic will reach roughly $300 million.

Priceline saw its Cursor contract renewed at a price 4-5 times higher and began imposing token limits on some teams. Separately, Vitaly Gordon of Faros AI reported that a CTO told him about an engineer who ran up $40,000 in tokens in a single month, while another company reportedly racked up a $500 million Claude bill for failing to set usage caps.

The turning point isn't AI adoption, but the shift to weekly caps, routing to cheaper models, and output-tied KPIs. The culprit is "tokenmaxxing": measuring productivity by tokens consumed triggered Goodhart's law. According to the Financial Times, Amazon employees spun up agents for pointless tasks just to inflate their stats, and one Disney employee interacted with Claude 460,000 times in nine days. Big Tech firms like Meta have dismantled internal leaderboards and Microsoft revoked Claude Code licenses. Experts like Logan Wolfe (Kyndryl) warn that "when token usage becomes the KPI, you incentivize output volume at the expense of outcomes". According to TechCrunch, the Linux Foundation plans to formally launch the Tokenomics Foundation in July, to bring to AI the same cost discipline that FinOps brought to the cloud.

Why it matters

• Entrepreneurs: For entrepreneurs, AI stops being an undifferentiated expense and becomes a cost center to govern: per-team caps, model routing, and KPIs that tie consumption to the economic value produced are now margin levers, not technical details. The scale of the costs is real: Salesforce projects roughly $300 million a year to Anthropic, and Benioff himself, while saying he sees efficiencies, has asked for routing to cheaper models. But those who don't set usage caps risk runaway outcomes like the $500 million Claude bill, and the wrong incentives (rewarding whoever consumes the most tokens) produce waste rather than productivity.

Moonshot AI in Talks for a $30 Billion Raise, Third Round in Six Months

According to a Bloomberg report picked up by several outlets, preliminary talks for up to $2 billion would value the Kimi startup at $30 billion. It would be the third funding round in six months, hot on the heels of the $20 billion round led by Meituan.

Moonshot AI, the Beijing startup developing the Kimi chatbot, has reportedly opened preliminary talks with potential investors to raise up to $2 billion at a valuation of about $30 billion. The news stems from a Bloomberg report on June 8, based on people close to the matter and not confirmed by the company. Independent confirmation comes from the South China Morning Post, which cites a source of its own on the $30 billion target and notes that Moonshot did not respond to a request for comment. It is an ongoing negotiation, not a closed round, opened hot on the heels of the $2 billion round at a $20 billion valuation led by Meituan. It would be the third funding round in six months.

If the target is hit, the company's valuation would mark a roughly sevenfold jump from December 2025, when it was worth a little over $4 billion. Annualized recurring revenue (ARR) topped $200 million in April, roughly double the figure of a few months earlier. Driving it is demand for the chatbot and for the open-weight models in the Kimi line (K2.6 is the second most-used LLM on the OpenRouter platform). Over six months, Moonshot has raised a combined total of about $3.9 billion. In May, the South China Morning Post reports, it told shareholders of its intention to dismantle the offshore structure (the VIE model) ahead of a possible IPO in Hong Kong. It remains an operation still subject to Chinese regulatory approvals, not a process already completed.

The race isn't just about Moonshot. According to an analysis by The Next Web, the field of China's four leading AI labs "collectively seeks valuations exceeding $180 billion." The total combines figures of different kinds: the sought-after, not-yet-closed valuations of Moonshot (~$30 billion) and DeepSeek (up to 59), Zhipu's implied valuation (~80) and MiniMax's market capitalization (~20, listed in Hong Kong). The same analysis calls these numbers "frothy by any standard," with a price-to-revenue ratio of around 150x for Moonshot. The point, it observes, is not whether they are sustainable, but whether the companies can grow fast enough before the public markets decide for them.

Why it matters

• Entrepreneurs: The speed at which China's open-weight labs are amassing capital — Moonshot's third round in six months, sought-after valuations of around 150 times revenue — fuels competitors able to hold aggressive pricing on models and APIs. For anyone building products or choosing AI vendors, it means downward pressure on Western providers' margins, but also a bubble risk to watch before committing to a single ecosystem.