The global AI paradigm shifted on June 9, 2026. Anthropic released Claude Fable 5 — the first publicly available “Mythos-class” model, delivering frontier-level reasoning, multi-step planning, and autonomous agentic execution to anyone with an API key. Within 24 hours, Reuters reported that Microsoft restricted employee use of the model, citing Anthropic’s new data retention requirements: prompts and outputs are kept for 30 days, and up to two years if flagged by trust-and-safety classifiers.
That corporate standoff is the visible tip of a much larger problem. The same autonomous capabilities that let Fable 5 execute complex enterprise workflows now equip fraudsters with industrial-grade tooling for synthetic identity fraud. For banks, fintechs, and regulated platforms, the arrival of Mythos-class AI marks the definitive end of the traditional “document-plus-selfie” KYC pattern.
Surviving this era of automated deception requires an immediate transition to multi-layered biometric defense — the approach engineered into the QuantoSei AI-Powered Liveness Detection System & API.
Is your onboarding flow ready for agentic AI fraud?
QuantoSei detects deepfakes, virtual cameras, and injection attacks in real time — before they reach your biometric engine.
The Double-Edged Sword: Claude Fable 5 vs. Claude Mythos 5
Claude Fable 5 and its restricted counterpart, Claude Mythos 5, share the same underlying architecture. Mythos 5 remains in limited release through Anthropic’s Project Glasswing for vetted partners — including defensive cybersecurity operations — while Fable 5 is broadly available via the Claude API, Amazon Bedrock, and other cloud marketplaces. To prevent misuse, Fable 5 runs real-time safety classifiers: queries touching cybersecurity exploits, biological or chemical threats, or model distillation are blocked, with the session falling back to the older Claude Opus 4.8 model.
| Operational Attribute | Claude Fable 5 | Claude Mythos 5 | Claude Opus 4.8 |
|---|---|---|---|
| Availability | Public — API & cloud marketplaces | Limited release via Project Glasswing | Public legacy flagship |
| Pricing (per M tokens) | $10 input / $50 output | $10 input / $50 output | $5 input / $25 output |
| FrontierCode benchmark (Cognition) | 29.3% | Comparable or higher (no fallbacks) | 13.4% (GPT 5.5: 5.7%) |
| Primary safeguard | Safety classifiers with fallback to Opus 4.8 | No safety classifiers (vetted partners only) | Standard alignment boundaries |
| Data retention | 30-day safety logging; up to 2 years if flagged | 30-day safety logging; up to 2 years if flagged | Standard platform retention |
Here’s the catch: those safeguards trigger in only a small minority of sessions. For everything else, Fable 5 retains its full autonomous capability. Operating inside agent harnesses like Claude Code or managed agent platforms, it can execute multi-stage plans, deploy sub-agents, and verify its own work over days or weeks without human oversight.
That shift — from simple chat completions to asynchronous, long-running agent workflows — is the critical threat vector. A malicious agent pipeline can acquire stolen personally identifiable information, generate matching synthetic face templates, fabricate plausible credit histories, and systematically register hundreds of fraudulent accounts across targeted financial networks. Simultaneously. Around the clock.
Anatomy of a Modern KYC Bypass: Presentation vs. Digital Injection
To defend remote onboarding against AI-driven threats, security teams must understand the technical distinction between two attack families.
Presentation attacks (the old threat)
Presentation attacks show a physical spoof — a printed photo, a replayed video, a silicone mask — to the device’s camera. These artifacts pass through the physical sensor, and modern Presentation Attack Detection (PAD) systems are reasonably good at catching their optical anomalies: glare, moiré patterns, depth inconsistencies.
Digital injection attacks (the new threat)
Digital injection attacks bypass the camera entirely. The attacker manipulates the data stream at the software, OS, or network layer, forcing the KYC client to ingest pre-rendered synthetic media.
Virtual camera drivers hook directly into the device’s video pipeline, replacing real camera output with a high-fidelity deepfake stream. Real-time face-swap software running on a standard laptop can overlay a synthetic face onto a live operator with under 50ms of latency — and because the feed is digitally pristine (no glare, no print texture, no depth anomalies), legacy PAD models see nothing wrong. These real-time deepfakes also mimic dynamic challenge-response prompts — blinking, smiling, head turns — defeating active liveness checks.
API-level injection goes deeper still. The adversary intercepts traffic between the client app and the backend verification servers, then swaps the captured biometric payload for a synthetic deepfake after the device-level handshake succeeds. The device looks legitimate, the document passes structural inspection, and the server-side biometric engine approves a face that was never in front of any camera.
Scaled through emulators and automated device farms — hundreds of virtual iOS/Android environments running parallel onboarding sessions on cloud servers — these attacks turn identity fraud from manual labor into an automated pipeline. With agentic AI like Fable-class models orchestrating the workflow, the marginal cost of each fraudulent account approaches zero.
The Quantified Risk: Identity Fraud by the Numbers
| Threat Metric | Observed Value | Source | Operational Impact |
|---|---|---|---|
| Three-year deepfake fraud surge | +2,137% | Signicat / Bright Defense | Deepfake attempts grew from 0.1% to 6.5% of all fraud |
| Enterprises hit by deepfakes annually | 62% | Gartner AI Risk Survey | Majority of organizations experienced an incident |
| Liveness stream interception (YoY) | +1,151% | iProov Threat Intelligence | Injection attacks accelerating, especially on iOS |
| Fintech deepfake attack growth | +700% | Deloitte FinTech Risk Report | Digital banking and remote lending hit hardest |
| Deepfakes’ share of biometric fraud | 40% | Entrust Identity Fraud Report | Now the dominant facial-liveness bypass vector |
| Cumulative deepfake fraud losses | $2.19B | Surfshark Research (2019–2026) | US leads losses at ~$712M |
| Anti-fraud teams “highly prepared” for AI fraud | 7% | ACFE & SAS Anti-Fraud Report | Severe enterprise readiness gap |
The Regulatory Mandate: Compliance in the Post-Fable Era
For years, security architects evaluated biometric systems solely through ISO/IEC 30107-3 — the standard governing physical presentation attack detection. But PAD testing says nothing about data substitution inside the digital pipeline. An ISO/IEC 30107-3 certificate offers zero proof of resilience against digital injection.
To close that gap, the European Committee for Standardization developed CEN/TS 18099 — the first dedicated framework for testing biometric injection attack detection (IAD). It formally separates the delivery mechanism from the synthetic payload:
Independent laboratories such as BixeLab now test platforms by attempting multiple injection pathways with diverse payloads under controlled conditions. And alignment is no longer optional: EU AI Act Article 50 imposes disclosure and transparency mandates on systems interacting with AI-generated media, with penalties reaching €35 million or 7% of global revenue. The upcoming ISO/IEC 25456 standard is set to globalize injection-detection requirements. Regulated entities must treat PAD and IAD as distinct, separately audited control families.
Mitigating Autonomous Fraud: The QuantoSei Liveness Detection API
Defending against agent-driven identity fraud requires a unified, developer-first defense stack. The QuantoSei AI-Powered Liveness Detection System & API was engineered for exactly this threat model, securing remote onboarding in real time across four layers:
1. Presentation attack defense. The anti-spoofing engine analyzes optical and texture signals to block physical spoofs in line with ISO/IEC 30107-3.
2. Stream integrity (injection defense). A native stream integrity module monitors the capture path itself, detecting virtual camera drivers, emulators, and API-level hooking before biometric verification is even triggered — directly addressing the CEN/TS 18099 threat model.
3. Zero-cost bot filtering. Because environment checks run first, automated bot sessions are terminated at the threshold. You stop paying biometric verification fees to process synthetic traffic — a direct reduction in cloud and API costs.
4. Risk-weighted scoring. Every session receives a multi-factor Liveness Assurance Score:
where TP is the physical presentation integrity coefficient, TI the digital injection stream integrity index, and TE the device environment security factor. The weights are dynamically tuned to each client application’s risk profile (w1+w2+w3 = 1). If LS falls below the security threshold, the transaction is instantly flagged for stepped-up authentication or routed to manual forensic review.
Integration is deliberately lightweight: a REST API and slim SDKs drop into web portals, mobile apps, or CMS platforms like WordPress with minimal latency. And the liveness engine works natively with SmartScan — QuantoSei’s OCR and document forensics platform — extracting and validating government document data, binding the live face to the document holder, and cross-referencing names against global AML databases via fuzzy search. That closes the “blind spots” of remote onboarding: synthetic identity networks, mule accounts, and post-capture data substitution.
See it on your own onboarding flow.
Deploy presentation + injection defense through one REST API — and stop paying to verify bots.
Strategic Implementation Checklist for CISOs & Compliance Officers
1. Isolate presentation and stream verification controls. ISO/IEC 30107-3 compliance alone leaves you exposed to injection attacks. Mandate independent testing against CEN/TS 18099 to verify that incoming video genuinely originates from physical device hardware.
2. Implement pre-biometric environment filters. Screen for rooted OSes, emulator signatures, and virtual camera drivers at the very start of the workflow — terminating bot traffic before it consumes biometric verification spend.
3. Establish immutable session evidence packages. Replace unverified video recordings with sessions sealed by qualified timestamps and electronic signatures — a tamper-evident chain of custody that survives identity disputes and satisfies digital trust regulations.
4. Unify biometric liveness with forensic document analysis. Deploy integrated platforms — the QuantoSei Liveness Detection API with SmartScan OCR — to dynamically bind the physical user to the authenticated document in real time, defeating post-capture API substitution.
Frequently Asked Questions
What is Claude Fable 5 and why does it matter for KYC?
Claude Fable 5, released by Anthropic on June 9, 2026, is the first publicly available Mythos-class AI model. Its agentic capabilities — autonomous multi-step planning and long-running workflows — drastically lower the cost and skill barrier for synthetic identity fraud at scale, rendering legacy document-plus-selfie KYC obsolete.
What’s the difference between presentation and injection attacks?
Presentation attacks show a physical spoof to the camera; injection attacks bypass the camera entirely, feeding deepfake media into the pipeline via virtual cameras, emulators, API hooking, or network interception. PAD certification does not cover injection attacks.
What is CEN/TS 18099?
The first dedicated European framework for testing biometric injection attack detection, evaluating both the delivery method and the synthetic payload. Together with EU AI Act Article 50, it is becoming a de facto requirement for regulated remote onboarding.
How does QuantoSei stop injection attacks?
By monitoring the capture path itself: the stream integrity module detects virtual cameras, emulators, and API hooking before biometric matching runs, then combines that signal with presentation analysis and device environment checks into a single Liveness Assurance Score.
The Bottom Line
The commercialization of Claude Fable 5 and Mythos-class AI is a permanent upgrade to fraudster capability. In this environment, single-point identity checks are an existential operational risk. Transitioning to a multi-layered, API-driven liveness architecture eliminates the digital injection threat, satisfies the coming wave of compliance mandates — and ensures every onboarding dollar is spent verifying real, human customers.
→ Start with the QuantoSei AI-Powered Liveness Detection System & API
