TL;DR

  • On 12 June 2026 at 5:21pm ET, the US government issued an export control directive ordering Anthropic to suspend all access to Fable 5 and Mythos 5 - globally, for every user, including Anthropic’s own employees
  • The stated reason is national security: the government believes it has identified a method of jailbreaking Fable 5. Anthropic says the evidence was verbal only and describes a narrow, non-universal technique - essentially asking the model to read a codebase and fix software flaws
  • Anthropic reviewed a demonstration and found it surfaced a small number of previously known, minor vulnerabilities that are widely available from other models
  • Anthropic disagrees that a narrow jailbreak justifies recalling a commercial model deployed to hundreds of millions of people, and warns the same standard would “essentially halt all new model deployments for all frontier model providers”
  • All other Anthropic models are unaffected. The company says it believes this is a misunderstanding and is working to restore access

Four days. That is how long Mythos-class capability lasted as a publicly available product before the US government ordered it off the shelf.

On 9 June, I wrote about Anthropic shipping Fable 5 and Mythos 5 - the same underlying model split by safeguards, the public face and the restricted one. The whole arc of that post, and of the Mythos preview before it, was about a lab trying to democratise frontier capability without democratising its offensive potential. The open question was whether the classifiers would hold under sustained adversarial pressure.

We did not get to find out from adversaries first. We got an answer from Washington. On 12 June, Anthropic published a statement confirming the government had ordered Fable 5 and Mythos 5 suspended, citing national security authorities. This is, as far as I can tell, the first time a US export control directive has been used to pull a generally available commercial AI model after launch.

What The Directive Actually Says

Anthropic’s account is precise about the timeline. They received the directive at 5:21pm ET on 12 June 2026, and acted on it immediately - suspending access for all users worldwide, foreign nationals and Anthropic staff alike. In their words: “The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5.”

Crucially, the scope is narrow in one important respect: “Access to all other Anthropic models will not be affected.” Opus 4.8, Sonnet, Haiku, Claude Code - all still running. It is specifically the Mythos-class tier, the one a step above Opus, that got pulled.

The trigger, according to Anthropic, is a suspected jailbreak: “Our understanding is that the government believes it has become aware of a method of bypassing, or ‘jailbreaking’ Fable 5.”

The Jailbreak In Question

Here is where the story gets genuinely strange, and where I want to be careful to relay Anthropic’s framing rather than treat it as settled fact - we are hearing one side of a national-security conversation.

Anthropic says the government gave them verbal evidence only of “a potential narrow, non-universal jailbreak, which essentially consists of asking the model to read a specific codebase and fix any software flaws.” When they reviewed a demonstration of the technique, it “identified a small number of previously known, minor vulnerabilities.”

Read that again, because it is the crux of the whole dispute. The capability that allegedly justifies a national-security recall is, on Anthropic’s telling, asking a coding model to look at code and find bugs in it. That is not an exotic exploit. It is the core advertised function of every frontier coding assistant on the market - the same Stripe-migrating, FrontierCode-leading behaviour I described in the launch write-up. Anthropic notes the vulnerabilities surfaced were already known and that equivalent capability is “widely available from other models.”

If that characterisation is accurate, the directive targets a capability that is neither novel to Fable 5 nor unique to Anthropic. That is the heart of why the company is pushing back.

Anthropic’s Pushback - And Why It Matters

Anthropic is not refusing the order. They complied immediately. But they are disputing its basis publicly, and the language is notably direct for a company that has built its brand on cooperative, safety-first relations with government.

The core line: “we disagree that the finding of a narrow potential jailbreak should be cause for recalling a commercial model deployed to hundreds of millions of people.”

And the warning that follows is the part every other lab will be reading closely: “If this standard was applied across the industry, we believe it would essentially halt all new model deployments for all frontier model providers.”

This is the genuinely consequential claim. Jailbreaks are not a Fable-specific failure - they are an unsolved, arguably unsolvable, property of large language models. No frontier model has ever shipped jailbreak-proof. If the existence of a narrow jailbreak is sufficient grounds for a post-launch recall under export control law, then the precedent reaches every model OpenAI, Google, Meta, and Anthropic itself will ever release. That is not hyperbole on Anthropic’s part so much as a straightforward reading of the logic.

Anthropic also restated its security philosophy: a “defense in depth” strategy designed to make jailbreaks “either narrow … or very expensive to produce,” combined with monitoring to detect and shut down successful attacks. I covered the classifier-and-fallback architecture at launch - risky queries routed to Opus 4.8 rather than hard-refused, with the company candid that the tuning was deliberately conservative. Their argument is that no single jailbreak breaks that system, because the system was never premised on the model being unjailbreakable.

Reading This Fairly

Before I do, a disclosure about where I stand. I trust Anthropic considerably more than any other company in this space. They are the lab that has most consistently put safety at the centre of what they do rather than bolting it on afterwards, and on the rare occasions I have had to weigh their word against an alternative account, my instinct is to extend them the benefit of the doubt. So when I read their statement, I read it as someone already inclined to believe them - and I think it is only fair to name that bias before I try to reason around it.

I want to hold two things at once here, because the temptation is to pick a side and I do not think the public information supports that yet.

On one hand, Anthropic’s case is compelling on the facts as presented. A verbal-only finding, a non-universal technique, previously known vulnerabilities, capability available elsewhere - if all of that holds up, the recall looks disproportionate, and the precedent is alarming. I find their industry-wide argument especially hard to wave away.

On the other hand - and this is exactly the bias I just named working on me, so I want to push against it - I am still reading a public statement from the company with the most to lose, about a classified national-security determination I cannot see. Trusting Anthropic more than its rivals is not the same as taking any single statement at face value, and the more inclined I am to believe them, the harder I should look at the gaps. Governments rarely show their full hand in export control actions, and “national security authorities” can encompass intelligence the public statement would never reference. It is entirely possible the directive rests on context Anthropic itself has not been shown - their phrasing (“Our understanding is…”) quietly concedes they are inferring the government’s reasoning rather than being told it. I would be cautious about concluding the government acted irrationally on the strength of one party’s summary of a verbal briefing.

What I will say with more confidence is that the process looks troubling regardless of who is right on the merits. A directive delivered verbally, at 5:21pm, forcing the immediate global withdrawal of a product serving hundreds of millions of people, with no published technical justification - that is a lot of unaccountable power exercised very fast. Even if the underlying concern turns out to be legitimate, “trust us, it’s national security” is a thin basis for a precedent this large. The thing I keep coming back to is that the same opacity that protects genuine secrets also protects mistakes.

The Irony Worth Sitting With

There is a bitter symmetry to this. The entire Mythos project was Anthropic’s attempt to be the responsible actor - to build the most capable model on earth and not release the dangerous slices, to gate offensive cyber capability behind Project Glasswing, to ship classifiers and a 30-day monitoring regime, to consult the US government on the trusted-access roadmap. The Bloomberg documentary I wrote about the day before this happened was largely about whether Anthropic’s safety-first posture was conviction or strategy, with the Pentagon relationship as a recurring thread.

And then the government pulled the model anyway - over the public, lower-capability half of the pair, for a capability the restricted half was built specifically to contain. If you were a frontier lab weighing how much to invest in voluntary safeguards and government cooperation, the lesson you might draw from this week is uncomfortable: it did not buy Anthropic the benefit of the doubt when it mattered. I hope that is not the lesson, because the alternative - labs deciding cooperation is futile - is worse for everyone.

What I’m Watching

A few threads I will be following as this develops:

Whether access is actually restored, and how fast. Anthropic says it believes this is a misunderstanding and is “working to restore access as soon as possible.” If that happens within days, this reads as a process failure that got corrected. If Fable 5 and Mythos 5 stay dark for weeks, it is something much larger - a structural shift in how the US treats frontier model deployment.

Whether the government publishes anything. Right now the entire public record is Anthropic’s statement. A directive this consequential deserves a paper trail. Whether one appears will tell us a lot about whether this was a considered policy action or a reactive one.

The precedent for everyone else. If a narrow jailbreak can trigger an export-control recall, every lab now operates under that shadow. Watch how OpenAI and Google respond - publicly or in how cautiously they ship their next releases.

The export-control framing itself. Using export control law to suspend access for US users and Anthropic’s own employees is a notable expansion of how that authority is read. The legal mechanism here may end up mattering more than the specific model.

For now, the practical reality is simple: the most capable model Anthropic has ever shipped to the public lasted four days before the government took it back. Opus 4.8 and the rest of the lineup carry on. But the headline isn’t really about one model. It’s about the moment a frontier AI release became something a government could veto after the fact - and the moment a lab that did almost everything by the safety playbook found that the playbook had a chapter nobody had written yet.

This is a fast-moving story and I’ll update as more comes out. As ever, I’m a hobbyist watching from the outside, working from a single public statement about a confidential decision - read the primary source and make your own call.

Sources