PydanticAI v1.107.0 adds new Claude models and OpenRouter caching
PydanticAI `v1.107.0` ships support for `claude-fable-5` and `claude-mythos-5`, OpenRouter prompt caching via `CachePoint`, a `known_model_names()` utility, and two bug fixes for Anthropic stream handling and token counting.
Score breakdown
The release patches a confused-deputy file-read vulnerability in `VercelAIAdapter` while extending the library's model coverage to include `claude-fable-5` and `claude-mythos-5` and adding OpenRouter prompt caching support.
- 01v1.107.0 adds support for `claude-fable-5` and `claude-mythos-5` Anthropic models
- 02OpenRouter `CachePoint` and prompt caching support added, contributed by @Adversarian
- 03New `known_model_names()` function enumerates all `KnownModelName` members
PydanticAI `v1.107.0`, released on 2026-06-10 and authored by @dsfaccini, delivers a mix of new model support, a developer utility, two bug fixes, and a security notice. On the features side, the release adds `claude-fable-5` and `claude-mythos-5` to the list of supported Anthropic models, and introduces OpenRouter `CachePoint` and prompt caching support. A new `known_model_names()` function is also included, enabling programmatic enumeration of all `KnownModelName` members.
The fix was already shipped in `v1.106.0` and `v2.0.0b6`; `v1.107.0` extends consistent handling of `UploadedFile` alongside `FileUrl` in UI adapters.
The release references a security advisory (GHSA-h7p7-w5gc-xj3w) concerning `VercelAIAdapter` trusting client-controlled provider metadata to construct `UploadedFile` references — a confused-deputy file-read vulnerability. The fix was already shipped in `v1.106.0` and `v2.0.0b6`; `v1.107.0` extends consistent handling of `UploadedFile` alongside `FileUrl` in UI adapters. Applications are affected only if they pass untrusted client-submitted message history to an agent through a UI adapter and their model-provider or cloud-storage account holds files referenceable by an attacker-guessable `UploadedFile` id or storage URI (e.g. `s3://…`, `gs://…`). `AGUIAdapter` / `Agent.to_ag_ui` users on default settings are not affected, as the `preserve_file_data` flag that re-enables the vulnerable path is off by default.
Bug fixes include a guard for `message=None` Bedrock start events in the Anthropic stream path (contributed by first-time contributor @Bartok9) and a correction to `AnthropicModel.count_tokens` when used with native tools (contributed by first-time contributor @kazmer97). The release also bumps 18 Python package dependencies via Dependabot.
Key facts
- 01v1.107.0 adds support for `claude-fable-5` and `claude-mythos-5` Anthropic models
- 02OpenRouter `CachePoint` and prompt caching support added, contributed by @Adversarian
- 03New `known_model_names()` function enumerates all `KnownModelName` members
- 04Security advisory GHSA-h7p7-w5gc-xj3w: `VercelAIAdapter` confused-deputy file-read via client-controlled `UploadedFile` metadata — patched in v1.106.0 and v2.0.0b6
- 05Affected only if passing untrusted client message history through a UI adapter with attacker-guessable file IDs or storage URIs (e.g. `s3://…`, `gs://…`)
- 06Bug fix: guard added for `message=None` Bedrock start events in Anthropic stream path
- 07Bug fix: `AnthropicModel.count_tokens` corrected when used with native tools
Topics
Summary and scoring are generated automatically from the original article. We always link back to the publisher and never republish images or paywalled content. Last processed Jun 11, 2026 · 08:34 UTC. How this works →