On June 12 at 5:21 PM, the Commerce Department ordered Anthropic to cut off foreign access to Fable 5 and Mythos 5. The company pulled both models worldwide within hours. Then an NSA general told the Senate the AI had broken into almost every classified system it was aimed at.

The letter arrived at 5:21 PM Eastern on a Friday, the hour when most of Washington has already started its weekend.

It came from the US Commerce Department, it cited national security authorities, and it carried one instruction: cut off all access to Fable 5 and Mythos 5 for any foreign national, anywhere in the world, including Anthropic's own non-citizen employees. There was no court order. There was no public filing. There was no detailed explanation of what, exactly, the government was worried about.

Anthropic had no way to wall off foreign users from American ones fast enough to comply by the letter of the directive. So it did the only thing that guaranteed compliance. It shut down both of its most powerful models for everyone on the planet.

Ten days later, on the afternoon of June 22, Fable 5 and Mythos 5 are still dark. The API endpoint for claude-fable-5 still returns an error. And the official reason for one of the most aggressive government interventions in the history of American software has shifted at least three times.

The Government's Stated Concern Was a Jailbreak Anybody Could Reproduce

In its public statement that same Friday, Anthropic laid out what it understood the problem to be. The company said the government believed it had found a way to "jailbreak" Fable 5, the industry term for a prompt that bypasses a model's built-in safety guardrails.

Anthropic reviewed a demonstration of the technique. By its account, the bypass amounted to asking the model to read a specific codebase and fix any software flaws it found. The vulnerabilities it surfaced were, in the company's words, "previously known, minor" issues that other publicly available models could discover without any bypass at all.

That distinction matters more than it sounds. The gap the government treated as a national security emergency was, according to Anthropic, the difference between asking an AI to "review code for security issues" and asking it to "fix this code." The output is nearly identical. Defenders who protect real networks use exactly this capability every day.

Anthropic was blunt about the precedent. "We disagree that the finding of a narrow potential jailbreak should be cause for recalling a commercial model deployed to hundreds of millions of people," the company wrote. "If this standard was applied across the industry, we believe it would essentially halt all new model deployments for all frontier model providers."

The company also noted, pointedly, that the same class of capability is available from OpenAI's GPT-5.5.

The Security Community Turned on the Order Fast

If the government expected the cybersecurity field to rally behind a tough-on-AI posture, the opposite happened.

Katie Moussouris, a veteran security researcher who founded Luta Security and helped pioneer corporate bug bounty programs, said Anthropic had shared with her a private copy of the research paper that appears to underpin the directive. The Wall Street Journal reported that the paper's authors are security researchers at Amazon. Moussouris read it and published a blunt assessment titled "The Fable 5 export controls harm US cyber defense."

Her conclusion was that the bypass "should never have triggered an export control." Worse, she argued, the behavior in question could not be patched without breaking the model for the defenders who rely on it. "The behavior described in the paper cannot meaningfully be fixed, and any attempt would only weaken the model for defense," she wrote, calling the directive hasty, heavy-handed, and misguided.

She was not alone. Within days, dozens of senior security researchers signed onto a call for the Trump administration to revoke the order, framing the removal of advanced cyber-defense tooling from American network defenders as actively dangerous.

Then the reporting started suggesting the jailbreak was never the real story.

The Theories Multiplied

Axios, citing sources, described a tense standoff over the weekend and reported that "personality differences" between Anthropic and the Trump administration, not a technical flaw, had driven the export directive. TechCrunch reported that Amazon CEO Andy Jassy had reportedly raised concerns about Anthropic's models with senior government officials before the crackdown landed.

None of this happened in a vacuum. The relationship between Anthropic and the current administration has been openly hostile for months. In March, the Pentagon labeled the company a supply chain risk and excluded it while signing eight other AI vendors for classified networks. Anthropic later sued the White House over the blacklist. The government had already refused to let Anthropic expand Mythos access beyond a handful of vetted partners.

Justin Hendrix, editor of Tech Policy Press, captured the prevailing read among policy observers. The move, he said, is "likely to raise alarms in foreign capitals about the reliability of American AI for critical applications." His sharper warning was about motive: "the climate is one of a cloud of suspicion that senior officials are picking favorites based on personal and political factors."

By the middle of the following week, the consensus narrative had hardened. The ban was retaliation dressed up as security policy.

Then a four-star general testified, and the story flipped again.

The Twist Came From a Senate Briefing

On June 21, Senator Mark Warner, the vice chair of the Senate Intelligence Committee, relayed an account that recast the entire affair. Gen. Joshua Rudd, who leads the NSA and US Cyber Command, had told him that in an authorized red-team exercise on June 11, Mythos "broke into almost all of our classified systems, not in weeks, but in hours."

The Economist published the account first. If true, it would mean the government's concern was never really about a narrow public-API jailbreak. It would mean the worry was Mythos's raw autonomous offensive capability, the kind of thing that does not show up in a sanitized launch benchmark.

The detail explains the otherwise baffling speed and scope of the order. A government does not invoke obscure export-control authority on a Friday evening over a minor coding trick. It might do exactly that if its top cyber official had just watched a commercial model walk through classified defenses in an afternoon.

This is the part of the story where certainty would be comforting, and where it is least available.

How Ten Days Unfolded

June 11, 2026

An authorized red-team test

NSA chief Gen. Joshua Rudd later tells the Senate that Mythos breached almost all of the agency's classified systems in hours during this exercise.

June 12, 5:21 PM ET

The Commerce Department letter lands

An export-control directive bars all foreign nationals, including Anthropic's own employees, from accessing Fable 5 and Mythos 5.

June 12, evening

Anthropic pulls both models worldwide

Unable to selectively block foreign access, the company disables Fable 5 and Mythos 5 for every customer. All other models stay online.

June 13

The Amazon thread surfaces

Reporting ties the underlying paper to Amazon researchers and says CEO Andy Jassy raised model concerns with officials before the order.

June 15

Security researchers revolt

Katie Moussouris publishes a takedown of the order, dozens of researchers demand a revocation, and Axios reports the cause was a political clash, not a technical one.

June 21

The NSA testimony goes public

Senator Warner relays Gen. Rudd's account of the classified-systems breach, reframing the ban as a question about Mythos's offensive power.

June 22

Day ten, still offline

Both models remain unavailable. An Anthropic executive says access should return "in the coming days." No firm date exists.

The Other Side Has a Caveat of Its Own

The NSA account is dramatic, and it is also unconfirmed. There is no official agency document and no public statement from the NSA. Warner is relaying what Rudd told him, secondhand.

The journalist who broke the quote added a warning. Shashank Joshi, the defence editor at The Economist, clarified afterward that the line "should not be read literally." The breach, he said, depended on Mythos operating alongside other tools under specific conditions, not the model single-handedly defeating national security from a chat box.

So both of the strongest claims in this story come with asterisks. Anthropic says the trigger was a trivial jailbreak available in any frontier model, while downplaying what its own most capable system can do when fully unleashed. The government, through a secondhand briefing, says the trigger was a near-total breach of classified networks, a claim its own source now says should not be taken at face value. The full enforcement letter that would settle the question has never been made public.

What is not in dispute is the mechanism. A single federal agency, invoking export-control authority, made an American company take its flagship products offline worldwide in an afternoon, with no judicial review and no published evidence. For practitioners, that is the part worth sitting with.

What This Means for Anyone Building on Frontier Models

The immediate operational lesson is concentration risk. Teams that wired Fable 5 or Mythos 5 into production security workflows lost them with zero notice and still have no restoration date. Any architecture that assumes a specific frontier model will simply remain available is now demonstrably fragile. The model you depend on can vanish not because the vendor failed, but because a government decided it should.

The second lesson is about the new shape of AI governance. For two years the debate over model risk played out in voluntary commitments and responsible-scaling policies. This episode showed that when the state decides to act, it can move faster than any of that, and outside any of it. Anthropic, a company now valued at 965 billion dollars after passing OpenAI, could not keep its own products online for a week against a one-page letter.

The third lesson cuts at the models themselves. The same autonomous capability that makes Mythos genuinely useful to defenders, the ability to read a codebase and find and fix flaws, is what reportedly let it walk through hardened systems in a test. That is not a bug that gets patched. It is the capability, working as designed. As Moussouris put it, you cannot fix the behavior without weakening the defense. The industry has spent years promising that more capable models would be safer. This is the first major case where the capability and the danger turned out to be the same thing.

The Bottom Line

Strip away the dueling narratives and a stark fact remains. The most powerful commercially available AI for cybersecurity work was switched off for the entire world by a government letter, and ten days on, nobody outside a small circle can say with confidence whether the reason was a coding trick, a political grudge, or a machine that broke into the nation's secrets in an afternoon.

All three explanations have been offered by serious people. All three have been partially walked back. The one document that could adjudicate between them sits unreleased in a Commerce Department file.

Anthropic says the models will return in the coming days. When they do, the precedent will not return with them. The government has shown it can pull a frontier model offline at will, without a courtroom, without evidence anyone can check. The question every AI company, and every team that builds on one, now has to answer is the one Tech Policy Press asked first: if it was Anthropic this time, who is it next time?

Sources

Statement on the US government directive to suspend access to Fable 5 and Mythos 5 — Anthropic (Jun 12, 2026)
The US government's Anthropic models ban was never about an AI jailbreak — TechCrunch (Jun 15, 2026)
Anthropic disables Fable and Mythos AI models following U.S. government export ban — Fortune (Jun 13, 2026)
Anthropic disables access to Fable 5 and Mythos 5 to comply with government directive — CNBC (Jun 12, 2026)
The Fable 5 export controls harm US cyber defense — Luta Security / Katie Moussouris (Jun 2026)
Anthropic's Mythos AI broke into almost all NSA classified systems in hours — Security Affairs (Jun 21, 2026)
NSA chief says Mythos breached 'almost all' classified systems in hours — Bankwatch (Jun 21, 2026)
Anthropic's Mythos recall and the White House's missing AI safety playbook — Tech Policy Press (Jun 2026)
Anthropic halts access to top AI models after U.S. ban on foreign use — The Wall Street Journal (Jun 2026)

Practice interview problems based on real data

1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.

Try 250 free problems

Free Career Roadmaps8 PATHS

Step-by-step roadmaps from zero to job-ready — curated courses, salary data, and the exact learning order that gets you hired.

Explore all career paths

Anthropic released Claude Fable 5 on June 9, its most powerful publicly available model. A buried paragraph in the 319-page system card revealed it would quietly degrade responses for frontier AI research without telling users. After backlash from Nathan Lambert, Dean Ball, Jeremy Howard, and others, Anthropic told Wired it would keep the safeguard but make every degraded answer visible.

Jun 11, 2026