Senior Anthropic technical staff have been dispatched to Washington DC, after a Friday night government demand to implement sweeping export controls resulted in the company yanking its two most capable models Friday night after only a few days of public release – Mythos and Fable (Fable being Mythos with guardrails) – over the alleged ability to ‘jailbreak’ the latter. As of Sunday the models are still down, no restoration date has been set, but sources on both sides told Axios they are eager to resolve it. That said, the two parties best positioned to explain what happened are telling different stories as to how this happened.
The order is narrow on paper and sweeping in effect. It prohibits access by “any foreign national, whether inside or outside the United States, including foreign national Anthropic employees.” Anthropic has no reliable way to verify a user’s citizenship at the moment they send an API request or open a chat window, and its own staff, customers, and cloud partners are spread across dozens of countries. The company concluded it could not selectively block foreign nationals, so it blocked everyone. Anthropic’s other models, including Opus 4.8, Sonnet, and Haiku, are untouched and still running.
The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees.
The net effect of…
— Anthropic (@AnthropicAI) June 13, 2026
What The Order Does, And Why It Went Global
The directive came from Commerce Secretary Howard Lutnick’s office, and a U.S. official confirmed to Bloomberg that the department sent the letter. Curiously, the letter did not spell out the specific national-security concern behind it. The legal mechanism appears to be the “deemed export” rule, the decades-old principle that releasing controlled technology or source code to a foreign person counts as an export to that person’s home country. Applying it to a deployed commercial frontier model is, by NBC’s account, the first time a leading AI company has pulled a publicly deployed model offline because of federal intervention.
What we do know about Lutnick’s letter; it requires a license for the export, re-export, or domestic transfer of the two models and reaches any foreign person on U.S. soil. It does not, on its face, bar U.S. citizens or the U.S. government, and the cutoff for American users is a consequence of Anthropic’s inability to filter rather than the order’s intent. Government access is murkier still: CyberScoop reports the National Security Agency had been given Mythos 5 to conduct offensive cyber operations through Project Glasswing, and it remains unclear how the directive affects that program. Foreign vetted partners were clearly swept in, with the Korea Times reporting that Korean Glasswing members including the Korea Internet & Security Agency, SK Telecom, and Samsung lost their access. In other words, the order disconnected allied security partners abroad while a U.S. agency’s separate channel to the more powerful sibling model appears, on the order’s logic, to sit outside its reach.
Confirmed cut offs:
- Private/commercial users. Fable’s public, API, and enterprise users, plus the private-sector Glasswing partners (the vetted cyber firms) who had Mythos.
- Foreign government and intergovernmental partners. The Korea Times reports Korean Glasswing members (the Korea Internet & Security Agency, SK Telecom, Samsung) lost access, and Security Affairs reports European Glasswing partners including NATO and ENISA (the EU’s cybersecurity agency) were cut off with no notice. Those are foreign nationals under the order, so the order reaches them directly.
The reach inside the United States is the most unusual part, and it produced an awkward result for Anthropic; their own employees can’t use Mythos or Fable now. Any non-citizen querying Fable from, say, an apartment in San Francisco is barred exactly as if they were in Shanghai – and that population includes a meaningful share of Anthropic’s own workforce, since frontier labs run heavily on foreign-born engineers. The company effectively had to lock some of its own staff out of the model it had just shipped. Dean Ball, an AI policy expert who briefly served in the current administration and has been sharply critical of its moves against the company, called the action “cartoonish” on X, pointing to the incoherence of an administration that wants to export advanced AI chips to China while moving to bar allied users, from Britain on down, from the best American models.
Tinfoil, anyone?
The national security order might be a godsend for Anthropic – which priced Fable at ten dollars per million input tokens and fifty per million output, double its Opus 4.8 flagship and, by its own description, less than half the price of Mythos Preview – the most expensive model it sells and a token-hungry one on long tasks. It was free on Pro, Max, Team, and Enterprise plans only from June 9 through June 22, with metered credits taking over after, and Anthropic was candid the staged rollout was about capacity, expecting demand “very high, and difficult to predict.”
So this shutdown, triggered by Amazon (read below), and landing three days into a two-week giveaway conveniently capped an expensive subsidy that after we’re guessing most users switched to the thirsty model.
How Three Days Unspooled
Fable 5 launched on June 9 as the first broadly available “Mythos-class” model, the public-facing version of a system Anthropic had previously kept behind a vetted-access wall because of its cyber and biological capabilities. Mythos 5, the same underlying model with some safeguards removed, stayed reserved for cleared cybersecurity partners. Fable 5 was the middle path: Mythos-grade capability, Anthropic said, with guardrails strong enough for general release. The company put it on the API, made it generally available on Amazon Bedrock and GitHub Copilot, and folded it into Pro, Max, Team, and Enterprise plans at no extra charge through June 22.
The imminent “Anthropic – White House” ceasefire is the new imminent “Iran-US” ceasefire https://t.co/byCO9mLo2h
— zerohedge (@zerohedge) June 14, 2026
The launch was rocky before Washington entered. Researchers complained the safeguards were overbroad and that ordinary technical work was being downgraded. A sharper backlash hit over what users called a “silent fallback,” a mechanism that quietly rerouted certain high-risk queries to the older Opus 4.8 without telling the user. Anthropic reversed it, apologized, and said flagged requests would be made visible. Then, on June 10, a well-known jailbreaker who posts as Pliny the Liberator published what he claimed was a working bypass of Fable’s safety systems, complete with lurid outputs spanning cyber exploits and chemical synthesis. It gave the controversy a public face, though it is worth noting it was not the finding the government ultimately cited. Anthropic has never confirmed which jailbreak triggered the order, the viral Pliny post or the private report described below.
🚨 JAILBREAK ALERT 🚨
ANTHROPIC: PWNED 🫡
FABLE-5: LIBERATED 🦋let’s start with the 🐘…
the consensus seems to be that this has been one of the most disappointing model drops of all time, effectively preventing legitimate researchers from contributing their talents to our… pic.twitter.com/Z0vdPIt4vY
— Pliny the Liberator 🐉󠅫󠄼󠄿󠅆󠄵󠄐󠅀󠄼󠄹󠄾󠅉󠅭 (@elder_plinius) June 10, 2026
Anthropic says it received a Friday evening call giving it roughly ninety minutes to take the models down over a national-security threat, with no specifics attached. The Lutnick letter followed that afternoon. By late evening, users had lost access, and Anthropic posted its statement calling the situation a misunderstanding. The next day, David Sacks and Pete Hegseth offered the administration’s version in public. As of this writing, the models are still offline.
The Trigger Was Amazon
The finding that set this off appears to have come not from an anonymous internet jailbreak but from Amazon, which is to say from Anthropic’s single largest investor.
According to the Wall Street Journal, corroborated by The Information and Reuters, Amazon researchers found a way to prompt Fable 5 into surfacing information useful for cyberattacks, and Amazon chief executive Andy Jassy raised the concern directly with senior officials, including Treasury Secretary Scott Bessent. The company’s report reportedly showed Fable surfacing security bugs in at least four software programs when fed a specific set of queries, and National Cyber Director Sean Cairncross and Lutnick were both in the conversations. Sacks, in his thread, described the source only as a “highly credible trusted partner.” Amazon has declined to detail the research, telling reporters it is “not uncommon for governments to seek our counsel” on security risks and that it does not discuss the substance of those talks. AWS, which hosted Fable 5 through Bedrock, later confirmed Anthropic had asked it to revoke access for all users in all regions. Amazon was not alone in raising flags, either: at least five other companies submitted warnings in the same window.
What’s interesting is that Amazon is Anthropic’s largest backer – with a cumulative stake of roughly $13 billion and a $100 billion AWS spending commitment running the other way, plus a board seat, the cloud that serves the models, and a Trainium chip relationship. One of the companies most thoroughly entangled with Anthropic’s business helped prompt a government action that knocked Anthropic’s flagship launch offline eleven days after the company filed confidentially for an IPO. There may be an entirely straightforward explanation, that Amazon spotted a real risk and escalated it through the proper channel.
Was Amazon concerned about being legally responsible for jailbroken Fable hackings?
By Anthropic’s account, the government supplied only verbal evidence of a narrow, non-universal bypass that amounted to asking the model to read a codebase and flag software bugs – with the same result obtainable from other public models including OpenAI’s GPT-5.5. The company argues a narrow jailbreak cannot justify “recalling a commercial model deployed to hundreds of millions of people,” and that applying that standard industry-wide would “halt all new model deployments.” It is a first-party account from a company that wants its product back online, but it is the more detailed of the two, and Anthropic notes that thousands of hours of pre-launch red-teaming by the U.S. government, the U.K. AI Security Institute, and outside groups found no universal jailbreak.
It is also corroborated by the only named expert who has read the underlying report. Katie Moussouris, the Luta Security chief executive who built Microsoft’s bug-bounty program and helped design the Pentagon’s first, reviewed the Amazon findings at Anthropic’s request and told the Journal and Fortune it was “not a jailbreak” but “Defense Oriented Prompting (DOP), capabilities defenders need,” adding that if national defense was the goal the response “just scored an own goal against us.” Chris McGuire of the Council on Foreign Relations, no reflexive critic, called the across-the-board restriction “highly questionable.”
The administration’s case runs the other way, and it runs on Anthropic’s own rhetoric. Sacks, who co-chairs the President’s Council of Advisors on Science and Technology and previously served as the White House AI and crypto czar, says a trusted partner found a working jailbreak and that the administration asked CEO Dario Amodei to fix it or pull the model. “Dario allegedly refused.”
Sacks points out that Anthropic spent months calling Mythos-class models a more dangerous category needing oversight; Fable is Mythos with guardrails – so a bypass exposes “operability of a cyber weapon” to people who should not have it. His bottom line: “the ball is in Anthropic’s court.”
I’ve had a number of conversations with folks inside and outside government about the current situation with Anthropic, and here is what I believe to be true:
— As we know, Anthropic publicly released its Mythos class models earlier this week under the commercial name Fable.…
— David Sacks (@DavidSacks) June 13, 2026
Meanwhile, a more alarming claim, that the trigger involved access from China, rests on a single Semafor source and is disputed by Anthropic, which says the issue was never raised and that it blocks access from inside China. Treasury, Commerce, and the Bureau of Industry and Security have not put a technical case on the record. Anthropic wants its model live and its safety brand intact; the White House wants to look alert rather than asleep as AI starts touching cyber operations. Nobody has shown the proof.
Secretary of War Pete Hegseth posted a “Told ya so” – writing “Three months ago, @DeptofWar kicked @AnthropicAI out of our building—forever … Every passing day proves why that was the right move.”
Three months ago, @DeptofWar kicked @AnthropicAI out of our building—forever.
Every passing day proves why that was the right move. 🇺🇸
— Pete Hegseth (@PeteHegseth) June 13, 2026
Sacks has explicitly denied the Fable action is retaliation, and there is no public evidence that it is. But the prior friction is real, and the administration’s own messaging keeps blurring the line between a technical enforcement action and a broader fight over who sets the terms for AI in national security.
Precedent-Setting
For the rest of the industry, the precedent is the point: a frontier model can be launched, praised, and pulled from global availability inside a week, by emergency directive, for reasons its provider cannot fully see. Reporting suggests the administration is treating this as Anthropic-specific for now, but even a one-company action pushes every lab toward pre-clearing high-capability releases. That direction is not hypothetical; Trump signed an executive order this month directing agencies to establish a voluntary mechanism for the government to get early access to powerful models before deployment. The Fable order is what the involuntary version looks like.
Enterprises are reading it as a resilience warning, with analysts urging multi-provider routing, local fallback, and a harder look at open-weight models – exactly the immunity Chinese open-source labs are now marketing. For U.S. allies the lesson is sharper, because the order cut off allied users too, sweeping European, Canadian, and Indian customers into the same blackout. The European Commission said emergency measures should not discriminate against partners; French officials reached for the language of technological sovereignty. The subtext, that AI infrastructure controlled in Washington can be switched off in Washington, is now being said aloud.
Then there’s the paradox Anthropic helped build – long arguing that governments should be able to block unsafe deployments, distinguishing itself from rivals who oppose binding rules. This is what that looks like when the process is not the “transparent, fair, clear, and grounded in technical facts” one it envisioned but an emergency directive with no public record. Its objection is not that no model should ever be stopped, but that this is the wrong way to stop one – a harder argument for a company that spent years naming the danger and marketing the restraint.
The imminent “Anthropic – White House” ceasefire is the new imminent “Iran-US” ceasefire https://t.co/byCO9mLo2h
— zerohedge (@zerohedge) June 14, 2026
