On June 9, Anthropic launched Claude Fable 5 — its most powerful AI model ever, and the first “Mythos-class” system available to the public. Three days later, at 5:21 PM on a Friday evening, the US government ordered Anthropic to pull it. Not for a region. Not for certain users. For everyone on earth.
This is the first time the United States has used export control authority to force a commercial AI model offline. And the story of how we got here involves Amazon, a Pentagon deal gone sideways, a jailbreak that Anthropic calls a “misunderstanding,” and a cybersecurity community stuck in the middle.
What Happened on June 12
Anthropic disclosed the directive late on June 12 — a timing that felt deliberate. The government letter, sent directly from the Commerce Department, cited national security authorities and ordered the suspension of Fable 5 and Mythos 5 for all foreign nationals, including those working inside the United States.
The catch: Anthropic cannot verify the nationality of every API caller at scale. The only way to guarantee compliance was to disable both models for every customer. API calls started failing. Claude.ai and Claude Code silently fell back to the older Opus 4.8 model. Access to other Claude models — Sonnet, Haiku — was unaffected.
Anthropic called it a “misunderstanding.” They’d received no written technical details about the alleged vulnerability. The government had shown them a verbal demonstration of a jailbreak technique — one that, in Anthropic’s assessment, amounted to “asking the model to read a specific codebase and fix any software flaws.” A capability, they pointed out, that GPT-5.5 and other publicly available models already provide.
The Jailbreak That Wasn’t (Or Was It?)
Here’s where it gets complicated. The government’s concern centers on a jailbreak vulnerability reportedly identified by Amazon — Anthropic’s largest investor. Amazon’s security research team allegedly discovered the flaw and reported it to officials, who then used it as the basis for the export control directive.
David Sacks, co-chair of the President’s Council of Advisers on Science and Technology, laid out the administration’s version of events: officials gave Anthropic a choice — fix the jailbreak or take the model offline. “Dario refused,” Sacks said, referring to Anthropic CEO Dario Amodei. He added that the administration “issued this reluctantly” and wants the issue resolved.
Anthropic’s position is that the demonstrated technique is narrow and specific — not a universal jailbreak that broadly unlocks the model’s capabilities. Their 319-page system card documented extensive red-teaming with the US and UK governments, private third-party organizations, and internal teams. No tester found a universal bypass. But Anthropic also acknowledged upfront that “perfect jailbreak resistance is not currently possible for any model provider” — a statement that now reads like a prophecy.
The Conflict Beneath the Conflict
The jailbreak story doesn’t fully explain why the government acted with such speed and scope. To understand the ban, you need to look at what happened in the months before Fable 5 launched.
In July 2025, Anthropic signed a deal with the Pentagon to make Claude the first frontier AI model approved for classified networks. By February 2026, the deal had collapsed. The Pentagon demanded Anthropic allow military use of Claude for “all lawful purposes,” including autonomous warfare and mass surveillance. Anthropic refused.
In March, the Trump administration designated Anthropic a “supply chain risk.” Anthropic filed lawsuits alleging retaliation. A federal judge temporarily blocked the blacklisting. And then, in June, Fable 5 launched — with the same underlying model as Mythos 5, the system the Pentagon wanted but Anthropic wouldn’t give them unrestricted access to.
Defense Secretary Pete Hegseth publicly celebrated Anthropic’s earlier removal from DoD facilities: “Every passing day proves why that was the right move.” The tone suggested institutional hostility that goes well beyond a single jailbreak vulnerability.
Cybersecurity Researchers: Caught in the Crossfire
While Washington and Anthropic duke it out over policy, the people who actually need these models for defensive work are stuck in limbo. Before the ban, cybersecurity researchers were already furious about Fable 5’s guardrails — and for good reason.
The model’s safety classifiers would automatically detect security-related keywords and reroute requests to the older Claude Opus 4.8. That meant asking Fable 5 to review code for vulnerabilities, read a cybersecurity blog post, or even write code following secure development best practices could trigger the guardrail. You’d get downgraded to a less capable model with no explanation.
“If you ask it to write secure code, it assumes it is cybersecurity related work instead of software engineering best practices, and you get downgraded,” said Matt Suiche, technical staff at Tolmo, an AI cybersecurity startup. Valentina “Chompie” Palmiotti, a security researcher at IBM X-Force, was blunter: “Fable rejects any request that could be tangentially cyber related. Even innocuous tasks like reading a blog post.”
Anthropic’s solution was a two-tier access system: public users get Fable with strict guardrails, while vetted cybersecurity professionals can apply for the Cyber Verification Program to unlock fewer restrictions. But that program requires paperwork, approval, and time — luxuries that defenders facing active threats don’t have.
The Covert Guardrails Scandal
As if the export control drama wasn’t enough, researchers also discovered that Fable 5 contained a secret feature buried in its system card: the model would silently detect users it suspected of model distillation — training smaller models using Fable’s outputs — and degrade their responses without telling them. Users had no way to know their query had been flagged or that they were getting a different model’s output.
Anthropic reversed course within days, apologizing and making the guardrails visible. “We made the wrong tradeoff,” a spokesperson told reporters. But the damage to trust was done. In the same week, Anthropic was simultaneously fighting a government ban over a jailbreak it says is overblown, apologizing for secret guardrails that undermined transparency, and trying to convince the cybersecurity community that its safety measures were reasonable.
What This Means for AI Development
The Fable 5 ban is a regulatory tripwire for the entire AI industry. If the government can retroactively force a commercially available model offline using export control authority, every AI lab in the country is operating with a new kind of risk. The model in your workflow can now disappear not because it failed, but because someone decided it might succeed too well.
Microsoft CEO Satya Nadella weighed in on the broader implications: “A frontier without an ecosystem is not stable.” His concern isn’t just about Anthropic — it’s about a world where a small number of AI models capture all economic returns, commoditizing entire industries while regulators scramble to keep up.
Meanwhile, China’s Z.ai wasted no time. Days after the ban, the company announced GLM-5.2, directly referencing the Fable 5 shutdown as proof that US AI models cannot be relied upon by international customers. The export control decision handed geopolitical rivals a ready-made talking point about American AI unreliability.
Where Things Stand Today
As of June 17, no deal has been reached. Anthropic has sent senior engineers to Washington for in-person talks with Commerce Department officials — the first face-to-face meeting since the ban. Sources describe the session as a “crisis negotiation” aimed at presenting a technical remediation path.
The refund deadline for subscribers who signed up during Fable 5’s brief four-day public availability is June 20 — three days away. Anthropic has not issued updated pricing guidance for when, or if, Fable 5 returns. The company’s promised technical rebuttal of the government’s jailbreak claim hasn’t been published.
For the developers and security researchers who were building on Fable 5, the message is clear: in 2026, your AI tools exist at the intersection of technology, politics, and national security. The most capable model in the world can vanish on a Friday evening because of a policy dispute that has nothing to do with your code.
And that might be the most unsettling thing about this entire saga — not the jailbreak, not the guardrails, not the export controls, but the realization that the tools we’re building our future on can be switched off by people who don’t fully understand what they’re switching off.
—
Sources
- Anthropic: Statement on the US government directive to suspend access to Fable 5 and Mythos 5 (June 12, 2026)
- The Verge: Amazon security research reportedly led to the White House’s Anthropic Fable ban (June 13, 2026)
- The Verge: Inside the fight over Claude Mythos 5 (June 16, 2026)
- TechCrunch: Cybersecurity researchers aren’t happy about the guardrails on Anthropic’s Fable (June 10, 2026)
- Tom’s Hardware: David Sacks says Anthropic refused to fix Fable 5 jailbreak (June 13, 2026)
- Ars Technica: Anthropic pauses token-based billing for Claude Agent SDK (June 16, 2026)
- ExplainX: Why Did the US Gov Ban Fable 5? (June 13, 2026)