Anthropic Disables Fable 5 and Mythos 5 Worldwide to Comply with US Export Controls
The US Commerce Department's national-security designation forced Anthropic to shut off worldwide access to its two newest models four days after launch — a first-of-its-kind export-control precedent for frontier AI.
Key Takeaways
|
The first time the US government has invoked export-control authority against a commercial frontier AI model on cybersecurity grounds — a regulatory precedent every frontier lab will now have to plan for.
SAN FRANCISCO, CALIFORNIA — On Friday, June 13, 2026, Anthropic shut off worldwide access to its newly released Claude Fable 5 and Mythos 5 models after the US Commerce Department designated the two models a national-security concern under export controls, per SecurityWeek, CyberScoop, BleepingComputer and The Hacker News. The company says it received the government directive at 5:21 pm Eastern and complied by disabling both models for all customers, while every other Claude model — including Opus 4.8 — continued to operate.
The action matters beyond the two models: it is the first time the US government has invoked export-control authority against a commercial frontier AI model citing cybersecurity risk. The pull came four days after Anthropic launched Fable 5 on June 9 — positioned as a “Mythos-class” model with “cyber safeguards” — and arrived amid a public dispute over a reported jailbreak and reporting that Amazon CEO Andy Jassy had raised model concerns with government officials. Researchers and industry analysts sharply criticized the move; Anthropic framed the shutdown as compliance with the new controls while disputing their reasoning.
| Timeline | |
|---|---|
| Date | Event |
| Tue, June 9, 2026 | Anthropic releases Claude Fable 5 (generally available) and Mythos 5 (the same underlying model with cyber safeguards lifted, restricted to vetted cyber defenders and critical-infrastructure operators); Fable 5 routes flagged high-risk requests to a weaker model. |
| Fri, June 12, 2026 | A researcher publicly reports an alleged jailbreak of Fable 5's safety classifiers; Anthropic publicly disputes the jailbreak, and researchers criticize the model's guardrails. |
| Fri, June 13, 2026 (5:21 pm ET) | The US Commerce Department issues an export-control directive barring access to Fable 5 and Mythos 5 by any “foreign national,” inside or outside the US, including Anthropic's foreign-national employees. |
| Fri, June 13, 2026 | Anthropic disables Fable 5 and Mythos 5 worldwide for all users to comply with the directive; all other Claude models are unaffected. |
| As of June 14, 2026 | Access has not been restored; Anthropic says it is working to restore access and apologized for the disruption. No timeline has been confirmed. |
What Anthropic Did and When
Anthropic released Claude Fable 5 and Mythos 5 on Tuesday, June 9, 2026, shipping what it described as its most capable model to date. Per reporting from The Hacker News, WIRED and Infosecurity Magazine, the company split a single underlying model into two products separated by a layer of safety classifiers: Fable 5, generally available with “cyber safeguards” that route flagged high-risk requests to a weaker model, and Mythos 5, the same model with those safeguards lifted, kept restricted to a vetted group of cyber defenders and critical-infrastructure operators. Coverage framed Fable 5 as a “Mythos-class” model now available to the public.
Within days the rollout drew controversy. On June 12, a researcher reported an alleged jailbreak of Fable 5's classifiers, and Anthropic publicly disputed it. The next day, June 13, the US Commerce Department issued an export-control directive; Anthropic says it arrived at 5:21 pm Eastern and ordered the company to bar access to both models by any “foreign national.” Anthropic responded by disabling Fable 5 and Mythos 5 worldwide for every customer, arguing that the directive's scope — which it understood to cover any foreign national anywhere, including its own foreign-national employees — left no practical way to keep the models available to anyone. Anthropic said all other models, including Opus 4.8, remained unaffected — a recall of a single frontier model days after launch, rather than a wider action against the company.
The Commerce Department's National-Security Designation
What is confirmed is the instrument and the issuer: a US official confirmed the Commerce Department sent the letter, and the action was taken under export-control authority on national-security grounds. What is not confirmed is nearly everything about the mechanism beneath it. The reporting does not name the specific regulation invoked — whether a particular Export Administration Regulations provision, an Export Control Classification Number, or another designation — and the letter itself, per Anthropic, did not detail the national-security concern. Nor is it clear from the public record whether Anthropic was formally compelled by a binding order or chose to comply to avoid escalation; the language varies across sources.
One distinction is worth preserving precisely: as reported, the directive required restricting access for foreign nationals, not a global shutdown. Anthropic chose to disable the models worldwide because, it argued, the order's breadth made a clean partial restriction impractical. Whether that worldwide scope was Anthropic's decision or an unavoidable consequence of the directive is one of the open questions this episode leaves unresolved — and it sits within the policy push, including the scaled-back AI executive order built around AI-found vulnerabilities, that has put frontier models squarely in the government's field of view.
The Amazon-Jassy Angle
A second thread concerns how the concern reached the government. Per TechCrunch, and reporting attributed to the Wall Street Journal, Amazon CEO Andy Jassy reportedly told Treasury Secretary Scott Bessent and other officials that Amazon researchers had used Claude Fable 5 to obtain information that could be used in cyberattacks — and the government subsequently imposed the export-control action. The CyberSignal stresses the hedge the original reporting uses: Jassy is described as having “reportedly” raised the concerns and as someone who “may have been” the source, and his exact role is not independently confirmed.
Amazon has not denied the substance. A spokesperson said that while it is “not uncommon for governments to seek our counsel on potential security risks,” the company does not “share the details of those discussions.” Amazon is both a major Anthropic investor and, through AWS, a distributor of the models — and AWS separately asked Anthropic to revoke access to support compliance with the directive.
Researcher and Industry Reaction
The decision drew sharp criticism from researchers and industry analysts, per CyberScoop. The core objection is about precedent: pulling a commercial model over a narrow, contested jailbreak finding would, critics argue, be unworkable if applied evenhandedly across the industry. Anthropic made that case itself, saying a narrow potential jailbreak should not be cause for recalling a model deployed to hundreds of millions of people, and that the same standard applied industry-wide would essentially halt all new frontier-model deployments. It added that the capabilities apparently causing concern are already available in other publicly accessible models.
The government side has its own account. David Sacks, the administration's former AI czar, said publicly that “a highly credible trusted partner of both Anthropic and the USG” came forward with a jailbreak, and that the administration asked Anthropic's CEO to fix the jailbreak or de-deploy the model, and was refused. The jailbreak claim itself remains unresolved, and The CyberSignal treats neither it nor Anthropic's rebuttal as settled. The episode lands amid a year in which AI tooling has begun surfacing real vulnerabilities in shipping software and researchers have documented AI-orchestrated offensive tooling — the capability anxieties that make a cybersecurity-grounded designation plausible to officials and contestable to the labs.
What This Means for Frontier AI Release Decisions
Whatever the merits, the precedent is the durable part of this story. For the first time, the US government has reached for export-control authority — a framework built for physical and dual-use technologies — and applied it to a commercial frontier AI model on cybersecurity grounds. Every frontier lab, OpenAI, Google and Meta among them, now has to plan for the possibility that a post-launch security finding could trigger a government-ordered restriction, up to a worldwide pull, of an already-released model. That is a materially different risk calculus than the one labs have operated under, where the principal constraints on release were internal safety review and reputational exposure rather than export law.
The CyberSignal has covered Anthropic's Mythos models on the defensive side, where the same capability that worries officials is marketed to defenders — the dual-use tension at the heart of frontier cybersecurity AI. This action puts a regulatory edge on that tension. On the facts reported it is not a ban on Anthropic — every other Claude model continued to run, and the designation targeted two specific models — but it establishes that whether a model can ship is no longer purely the lab's to answer.
Open Questions
Several things remain genuinely unsettled, and The CyberSignal flags them rather than papering over them. Anthropic has confirmed no timeline for restoring access and says it is working toward it. The specific export-control regulation Commerce invoked has not been publicly named. It is not established whether the directive was a formal legal order or a request that Anthropic chose to honor, nor whether the worldwide scope of the shutdown was required or elected. There is no reporting confirming whether other AI labs received similar requests. And the jailbreak claim at the center of the designation — the specific technique, its severity, and whether Anthropic's dispute holds — is unresolved. The CyberSignal will update this story as the company, the Commerce Department, and primary sources clarify the record.
