On Friday June 12 at 5:21pm ET, Anthropic received a letter from the US Commerce Department, signed by Commerce Secretary Howard Lutnick and drafted with officials from the Bureau of Industry and Security.
The directive was blunt: suspend all access to Fable 5 and Mythos 5 for any foreign national, anywhere in the world, including foreign national Anthropic employees. Because Anthropic cannot reliably distinguish foreign nationals from other users in real time, it did the only thing it could do: it disabled both models for everyone.
The company filed a confidential IPO prospectus earlier this month disclosing a $47 billion revenue run rate and a $965 billion valuation. The timing is, at minimum, inconvenient.
“The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees.” reads the statement published by Anthropic. “The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance. Access to all other Anthropic models will not be affected.”
The letter provided no specific national security rationale. Anthropic says it pieced together the reason from verbal communications: the government believes someone demonstrated a jailbreak technique against Fable 5.
Anthropic reviewed what it believes is the report that triggered the directive and pushed back hard on the premise. The alleged jailbreak is narrow and non-universal: essentially asking the model to read a codebase and identify software vulnerabilities.
“Our understanding is that one potential jailbreak was shared with the government.” continues the statement. “We have reviewed a report that we believe is the basis of the government’s directive and validated that the level of capability displayed there is widely available from other models (including OpenAI’s GPT-5.5), and is used every day by the defenders who keep systems safe. We will share more details over the next 24 hours.”
The same technique, Anthropic says, works on models already deployed commercially across the industry without triggering any equivalent action.
The company is complying with the request while arguing that no AI model can be completely jailbreak-proof. It says it was transparent about this limitation from the start and that its layered security approach, including 30-day data retention for rapid detection and response, was designed to address such risks.
“However, we disagree that the finding of a narrow potential jailbreak should be cause for recalling a commercial model deployed to hundreds of millions of people. If this standard was applied across the industry, we believe it would essentially halt all new model deployments for all frontier model providers.” continues the statement. “As we have stated publicly, we believe the government should have the ability to block unsafe deployments, as part of a statutory process that is transparent, fair, clear, and grounded in technical facts. This action does not adhere to those principles.”
That’s not just a defense of Fable 5. It’s a direct challenge to the government’s legal theory.
The geopolitical implications land hardest outside the United States. European governments, companies, and research institutions that had gained access to Fable 5 or Mythos 5, many of them partners under Project Glasswing, including NATO and ENISA, are now cut off with no notice and no timeline for restoration.
“We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible,” concludes the statement.
Anthropic wrote, but “as soon as possible” is doing a lot of work in that sentence given that the directive came from the Commerce Secretary with no expiration date.
For Europe, the practical problem is acute. The EU has no domestic frontier model capable of matching Fable 5 or Mythos 5 on cybersecurity tasks. Mistral is the closest European contender and operates at a different capability level.
The organizations that had integrated these models into security operations, threat hunting pipelines, and vulnerability research workflows are now running on older Claude models or switching to GPT-5.5, which Anthropic pointedly notes can perform the same allegedly dangerous tasks without any export restriction.
The company argues that restricting Fable 5 has limited impact if similar AI capabilities remain available from other providers. The move doesn’t remove the technology from the market, only restricts access to one of the vendors offering it.
The broader precedent is what should concern the industry. This is the first time the US government has used export controls to pull a commercially deployed AI model from the market citing a non-universal jailbreak. Every frontier lab now has to reckon with the possibility that any disclosed vulnerability, however narrow, could trigger the same mechanism.
Anthropic says governments should be able to block unsafe AI deployments, but only through transparent, fair, and evidence-based processes. The company argues that this action failed to meet those standards and has promised more technical details, which could clarify whether the dispute is a misunderstanding or part of a broader conflict.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Fable 5)
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。