Plutonic Rainbows

A day after Claude Fable 5 went public, the verdict is roughly what Anthropic would have wanted, with a couple of asterisks it probably expected too. The benchmark sweep got the headlines: state-of-the-art on nearly everything Anthropic tested, a million-token context window, and a price that landed lower than the run-up suggested. Fable runs $10 per million input tokens and $50 per million output, less than half what the Mythos Preview cost. For a frontier release, cheaper-than-feared is its own kind of good review.

The enterprise side was already leaning this way. The May Ramp AI Index, built from corporate-card and invoice data across more than 50,000 US companies, put Anthropic at 34.4 percent of business adoption against OpenAI's 32.3. That isn't a Fable number, it predates the launch, but it explains the confidence. Anthropic shipped into a market that had already started picking it.

Then the criticism, and most of it is sensible rather than reflexive. The sharpest complaint is about the safety routing. The trapdoor I wrote about yesterday, the classifiers that bounce flagged requests down to Opus 4.8, turns out to fire on more than the obvious bad actors. The SANS Institute's Rob T. Lee found routine incident-response and forensic work getting redirected to the weaker model, which is exactly the false-positive problem you'd predict when a cyber classifier can't tell a defender from an attacker. Anthropic calls the safeguards "intentionally conservative" and admits the false positives. That's honest, but honesty doesn't hand a security team back the capability it's paying for.

The other recurring jab is older: that Anthropic talked up Mythos as too dangerous to release, then released a tamed version anyway, and that the danger talk did some useful marketing along the way. I'm half-persuaded. The pause-button proposal from earlier this week carried the same double image, a real safety argument and a competitive position sharing one stage. You can believe the risk is genuine and still notice it sells.

The pricing is where I think the consensus has it backwards. On the subscription plans (Pro, Max, Team, Enterprise) Fable is free through June 22, and after that, usage runs on credits. The easy read is a bait-and-switch: free trial, then the meter starts. I don't think that's what the wording actually says. Anthropic frames the cutoff around capacity, not price. The announcement says that "if capacity allows" it will extend the included window, and that it aims to "restore Fable 5 as a standard part of subscription plans" once supply catches up. That is not the language of a permanent paywall. It reads like a company that underprovisioned a launch and is rationing compute until the racks catch up.

So June 22 isn't a cliff. It's a soft cap, demand outran the hardware and the cap lifts when the hardware arrives, and the credit requirement is a throttle wearing a price tag. The promise worth holding them to is the exact phrase, "a standard part of subscription plans." It's specific enough to check in July, when we'll know whether the included window actually came back or whether capacity stayed conveniently scarce.

The name set in Roman capitals across the bottom of this January 1989 page of American Vogue belonged to nobody's idea of a celebrity designer. Umberto Ginocchietti owned a knitwear operation in Perugia, and when the New York Times had introduced him to American readers two years earlier, it led with the trade fact rather than the label: here was a mill owner whose fabrics went out under the names Giorgio Armani, Claude Montana and Krizia.

Umbria was full of stories like his. The region's knitwear district grew out of Luisa Spagnoli's angora workshops and ended up clothing half of Europe; one regional trade history puts it with wonderful bluntness: in 1975-80, Umberto Ginocchietti was the pullover in Germany. Between 1985 and 1990 the cashmere business followed, pulled away from Britain by Italian spinning technology, and suddenly the quiet suppliers of Perugia had reason to want their own names on the page.

Buying recognition meant hiring a recognisable face, so here is Cindy Crawford, all sunlit hair and white embroidered knit, carrying an unfamous name toward famous company. She was a year away from the February cover moment that fixed her place in the decade ahead, and she gives the page more warmth than the louder knitwear of that season ever asked for.

My favourite part sits in the top corner, where the ad lists its two American stockists like a parish notice: Antoinette of Santa Barbara, Charles Sumner of Boston and Chestnut Hill, with a telephone number tucked under the logo. A Perugian mill, the most photographed woman of the next decade, and a shop you could ring in Massachusetts.

Reports now put a public version of Claude Mythos a day away, with several outlets pointing to a June 10 release. I'd treat the date as soft. Anthropic has said since the May 28 Opus 4.8 announcement that it expects to bring Mythos-class models to all customers "in the coming weeks," and "coming weeks" is the kind of phrase that quietly absorbs a missed Tuesday.

What's not soft is the gap between the model going public and the model that spent the spring inside Project Glasswing. Mythos earned its restriction. In Anthropic's own testing it produced working exploits 72.4 percent of the time, against roughly zero for Opus 4.6. Pointed at open source, it scanned more than a thousand projects and surfaced over 23,000 flaws, 6,000-plus rated high or critical, including a certificate-forgery bug in wolfSSL that reaches billions of devices. That one's patched. Plenty won't be by tomorrow.

So the public release isn't that model. The version heading to general customers carries heavier guardrails and deliberately narrowed cybersecurity functions. The full capability stays behind the Glasswing fence, where access just widened to roughly 200 organisations across more than fifteen countries.

Which puts a familiar question back on the table, the one I had when Mythos moved into infrastructure: who decides where the fence sits? Somebody is sorting the world into the two hundred organisations that get the live model and everyone who gets the muzzled one, and Anthropic frames that sorting as a safety phase. A two-tier capability looks less like a phase the longer it holds, and nobody has named the condition that ends it.

Opus 4.8 was the bridge, the public model that inherited part of the capability without the teeth, and tomorrow's release looks like the same trade made explicit. Anthropic's defence is that none of this lasts: it expects Mythos-level capability to be widely available across the field within six to twelve months, attackers included. That forecast is convenient as well as plausible, since inevitable diffusion is the argument that justifies shipping now rather than holding back. If it's right, the guardrails matter less than they look. The fence holds until someone else sells the gap.

Anthropic shipped Claude Fable 5 today. The benchmark numbers will get the headlines; how its safety actually works is the more interesting story, and it's stranger than the rumors suggested.

Fable 5 and Claude Mythos 5 are the same model. Not sibling models, not a distilled cousin, the same weights. Anthropic says so plainly: Mythos 5 is "the same underlying model as Fable 5, but with the safeguards lifted in some areas." Fable is what the public gets; Mythos stays behind Project Glasswing for vetted cybersecurity partners. The difference between the dangerous one and the safe one is a set of switches.

Those switches are runtime classifiers. Three of them, watching for cyber-exploitation, dual-use biology and chemistry, and attempts to distill the model's capability out of it. When a classifier trips, the request isn't refused so much as rerouted: it falls back to Opus 4.8. So Fable isn't a weaker Mythos. It's the full model with a trapdoor underneath, and Opus 4.8 is what's at the bottom of it. Anthropic says more than 95 percent of Fable sessions never trip a classifier at all.

That reframes the worry I had this morning about a permanent two-tier split, the handful of vetted partners who get the unmuzzled model and everyone else who doesn't. The split is real. But it isn't really two tiers of model. It's one model and a classifier deciding, request by request, which version of itself you're talking to. Whether that's reassuring depends entirely on how good the classifier is, and a gate that fires on fewer than five percent of sessions is a gate that mostly isn't firing.

Pricing landed lower than the run-up suggested. Fable 5 runs $10 per million input tokens and $50 per million output, which Anthropic notes is less than half what the Mythos Preview cost. It's available globally today through the API, the web app, and the subscription plans, free on Pro, Max, Team, and Enterprise through June 22, then on usage credits after that while capacity catches up.

The capability claims arrive in the usual flood, all of them sourced to launch partners, so read them as the vendor's best day rather than yours. Stripe says Fable compressed months of engineering into days on a fifty-million-line Ruby codebase; Mythos 5 reportedly sped up parts of a drug-design pipeline roughly tenfold. Both are the kind of figure that sounds precise and resists checking. The ones I trust more are the daft-sounding ones: the model beat Pokémon FireRed on vision alone, no helper tools, and in Slay the Spire its persistent memory roughly tripled its long-run performance over Opus 4.8. Game-playing reads like a toy benchmark until you remember it's a clean test of holding a plan across thousands of steps.

Strip the framing away and Fable is a frontier model Anthropic doesn't fully trust in the open, shipped anyway, with a classifier and an older model underneath to catch what slips. That's honest engineering. It's also a bet that the classifier is smarter than everyone who'll spend the next year trying to walk around it.

Open the December 1988 American Vogue and Escada doesn't ask for attention, it assumes it. Margaretha Ley built the house on exactly this: the finest fabrics, cashmere and silk and heavy wool, then loaded with print until every surface had a job. Anna Wintour had taken the editor's chair only that year, and the issue still carried the loud confidence of the pre-crash decade.

The whole philosophy sits in this riot of black blooms across yellow silk, a black sash pulling the noise into a waist. More was the argument, not the excess. Restraint came later, and Escada was never really interested.

Romeo Gigli showed his spring 1990 collection in Paris, and the moment that survived was not a silhouette but a sound. Kirsten Owen came out wrapped in a fringe of large glass beads, the kind blown on Murano in the Venetian lagoon, with long pendant earrings and a glass diadem set into her hair. Tim Blanks, returning to the show decades later, described her as the model embodiment of Gigli's fragile, romantic ideal, and wrote that she could have been the Byzantine empress Theodora. The beads tinkled like wind chimes while she walked. Then they began to shatter.

That detail is the whole argument of the collection in miniature. Gigli was reaching back to Venice as a former Byzantine province, pulling a thousand years of craft into a runway, and the material refused to behave like a costume. Glass is not a sensible thing to hang on a moving body. It rings, it catches light, and it breaks. He used it anyway, because the breaking was part of the point. Beauty that survives intact is just decoration. Beauty that comes apart as you watch is something closer to an event.

Gigli's reputation rested on this kind of soft refusal. While the late eighties were busy with power shoulders and hard tailoring, he was making cocoon coats, cutaway jackets that skimmed rather than gripped, high-waisted trousers as skinny as leggings, and skirts that swaddled the legs in a tulip shape. The palette ran to jewel-toned silks, earthy velvets, shadowy chiffons and gilded gauzes. It read as romantic, even nostalgic, but the construction underneath was precise. He was not draping fabric for atmosphere. He was building a quieter proposition about how a woman might occupy space without armouring herself into it.

There is a useful contrast with Azzedine Alaïa's almost exactly contemporary work, where the body was mapped and held by seaming engineered to the millimetre. Alaïa controlled the body through tension. Gigli let it dissolve into folds and shadow. Both were arguing against the decade's appetite for rigidity, but from opposite ends. One sculpted, the other veiled. The Murano beads belong to the veiling instinct, a surface that hides as much as it shows and announces its own fragility while doing so.

The show was his Paris debut and it landed at the peak of his influence, with a standing ovation. That timing is worth sitting with, because the peak was already close to the edge. Gigli had launched his label in 1983, with production handled by Zamasport from 1985, and by 1991 the structure around him fractured. He split from his business partners Donato Maiano and Carla Sozzani in a traumatic separation that dragged on for more than a decade, the kind of dispute that slowly separates a designer from his own name. The Gigli trademark was eventually sold to IT Holding in 1999. The romantic who made glass sing in 1990 spent much of the rest of the decade in litigation over who got to use the word that was his surname.

I find the spring 1990 show more moving for knowing that. It is not just a pretty piece of Byzantine revivalism. It is a designer at his most assured, making a material that was guaranteed to break, in the same few years that his own commercial footing was about to. The beads shattering on the runway look, in retrospect, less like a flourish and more like a forecast nobody in the room could have read. The same instinct that built something exquisite and doomed into a single walk was the one the business could not protect.

East London once had a ski slope built on the waste from making town gas. The name was Beckton Alps, an old local joke promoted into civic branding, and the whole arrangement sounds invented until the dates and photographs begin to line up. Skiers in bright late-1980s clothes took a tow up a grey artificial hill near the A13. Princess Diana came to open it. Beneath the matting sat the chemical residue of the Victorian city.

Beckton Gas Works began operating in 1870 and grew across roughly 500 acres. Coal arrived, gas and useful by-products left, while ash and contaminated material accumulated in spoil heaps. The remaining Alp rises about 35 metres, according to the University of Edinburgh's Reimagining Waste Landscapes project. It is a modest mountain, but London does not require much altitude before a heap starts behaving like geography.

The dry slope opened in the late 1980s and lasted until 2001. Former Newham councillor Jack Hart filmed skiers there on Super 8, footage later preserved by Newham Archives and partly digitised through a BFI project. The grain of that film suits the place. Beckton Alps already belonged to the category of things that looked like memories while they were still open.

Beckton Alps turned industrial waste into leisure without ever making the waste disappear. The slope borrowed the language of escape, while the hill beneath it remained an account of how London had been heated, lit, poisoned, landscaped, and sold another future.

There is a familiar Docklands confidence in the conversion. A contaminated heap becomes recreation; recreation will become regeneration; regeneration will eventually become an investment prospect. None of those uses is wholly false. People really did ski there, and I doubt the pleasure was diminished by the strange foundation. Still, the sequence makes the site feel less renewed than repeatedly renamed.

The nearby gas industry has already left London with absences large enough to shape the skyline. I wrote about that in Grey Lungs Over Town, where gasholders survive as frames, luxury geometry, or remembered landmarks. Beckton is the opposite form of industrial afterlife. The structure vanished, but its waste acquired contour, vegetation, a ski lift, fencing, and a road junction that still carries the name.

After the slope closed, plans for an indoor centre using real snow stalled. That unrealised replacement is almost too perfect: a refrigerated winter promised on top of poisoned ground, itself left by the fuel system that made modern London possible. Instead, the fenced hill became scrub and habitat. The Edinburgh project notes that parts of the western slopes gained nature conservation status. Toxicity restricted development and helped preserve the place. Damage became a crude form of protection.

I am wary of making dereliction sound noble. A hazardous site is not improved by being picturesque, and the romance of waste usually belongs to somebody who does not have to live beside it. Yet Beckton Alps resists the tidier story in which regeneration cleans the slate. A few miles east, Barking Riverside has the atmosphere of infrastructure waiting for ordinary life to catch up. The Alp has ordinary life growing over infrastructure's bill.

The Londonist history describes a clay cap over the contaminated heap. That detail stays with me more than the royal visit. A cap is neither erasure nor cure. It is an agreement with the ground: stay there, hold still, let something else happen on top. For thirteen years, the something else was skiing.

Edward Abbey's Desert Solitaire is usually filed under nature writing, which is accurate in the way that calling a knife a kitchen utensil is accurate. First published in 1968, the book draws on Abbey's seasons as a ranger at Arches National Monument. It contains ravishing descriptions of rock, heat, silence, snakes, and stars, then turns around and starts an argument.

That argument is the book's real force. Abbey despises what he calls "Industrial Tourism": the roads, cars, facilities, and bureaucratic thinking that make wilderness easier to consume while steadily removing the wildness. His anger can be funny, precise, and exhilarating. It can also become tiresome. He is arrogant and far too pleased with his own performance as the solitary man who sees through civilisation.

I wouldn't sand those qualities away. They give the book its difficult energy. Abbey's desert isn't a backdrop for personal healing. It is indifferent, dangerous, and valuable without needing to serve us. The University of Arizona Press description stresses his love of the canyonlands and his disgust at the "improvements" intended to increase visitation. Abbey wants people to encounter wilderness, yet still resents the machinery that lets more of them arrive.

The prose is strongest when he stops lecturing and pays attention. A stone, a moonlit road, or the body of a dead animal receives an intensity that makes urban vision seem half-awake. Abbey makes solitude feel less like escape than a necessary correction to the scale at which modern life operates.

More than fifty years later, the polemic still bites because the problem has not gone away. We preserve landscapes partly by opening them to public love, then risk wearing them down through that same access. Desert Solitaire does not solve the contradiction. It makes comfort with it impossible.

The White House has stopped treating military AI as a future procurement question and started treating it as a live operating layer. On 5 June, President Donald Trump signed National Security Presidential Memorandum 11, a directive called "Artificial Intelligence in the National Security Enterprise." The title is bureaucratic in the usual way, but the memo itself is not coy. It tells the intelligence and warfighting parts of the state to speed up adoption.

The four headings are adoption, adaptation, assurance, and accountability, which sounds tidy until you look at what sits underneath them. Agencies are told to bring on advanced models from multiple vendors, protect high-security AI compute, build an AI test range, and create an AI talent reserve. The White House fact sheet frames the goal as advanced, secure, reliable AI for warfighters and intelligence professionals. The real policy move is not that Washington wants AI in the national-security machine. That was already happening. The move is that the machine is now being told to make room for AI as infrastructure: procured, tested, secured, reserved, and kept online.

One line does a lot of work. The memo says national-security AI must not be used to censor speech, enforce ideological bias, or conduct unauthorized or unlawful surveillance. That language belongs in the document, and it matters. It also reveals the thing everyone can see from the outside: once these systems are inside military and intelligence workflows, the debate shifts from whether they should exist to how much institutional friction remains around them.

AP's account catches the same tension, describing a push to accelerate AI use while acknowledging civil-liberty protections and oversight of autonomous weapon systems. The memo also gives the Department of Defense 90 days to update Directive 3000.09, the policy governing autonomy in weapons systems. That is where the phrase "chain of command" becomes less comforting than it first sounds. A chain of command is a human doctrine, but the systems being introduced are built to compress recognition, recommendation, and action into shorter intervals.

I wrote earlier this week about the White House's voluntary frontier-model review, where the government asked leading AI developers to submit powerful models for cybersecurity tests before public release. NSPM-11 feels like the other half of that same week. One hand asks the labs to show their homework before the models reach the public. The other hand tells national-security agencies to move faster with the technology once it is useful enough to matter.

There is an uncomfortable symmetry with Anthropic's new argument for a verifiable pause. Anthropic is worried about recursive self-improvement and the inspection problem around labs. Washington is worried about adversaries, reliability, and whether the United States can keep AI systems available when warfighters depend on them. Both arguments end up in the same place: verification, resilience, and control. Different rooms, similar furniture.

The phrase "high-security compute" will probably pass most readers by because it sounds like procurement furniture. It may be the most revealing phrase in the memo. Compute used to be talked about as capacity, then as economic power, then as a choke point in export controls. Here it becomes something closer to a protected military utility. Not just machines that run models, but machines whose degradation becomes a national-security concern.

That is the nightmarish part and also the boring part. AI policy keeps arriving in grand claims, but the lasting changes are often administrative: who may buy which model, which facility may host it, who signs off when it fails, what office owns the exception, how fast the old directive must be rewritten. The future turns up as a memo with numbered sections and a deadline in 90 days.