US Restricts Anthropic Model Access Over Security Risk

According to Anthropic and Commerce Secretary Howard Lutnick, the U.S. government ordered the company on June 12, 2026 to suspend all foreign access to its Fable 5 and Mythos 5 models after Amazon researchers reported a way to bypass Fable's safeguards, and Anthropic disabled both models worldwide within hours. The government fully lifted those export controls on June 30, with Fable 5 restored globally on July 1 and Mythos 5 returned to approved partners on June 26. Anthropic says the underlying jailbreak only exposed minor, already-known vulnerabilities that other models including GPT-5.5 could also find, and it built a new safety classifier plus a joint jailbreak-severity framework with Amazon, Microsoft, and Google as part of the resolution.
Anthropic's three-week Fable 5 and Mythos 5 saga is now resolved, but it set a live precedent for how a single contested "jailbreak" report can trigger a worldwide model shutdown under export-control authority - and for what it takes to get that access restored. For practitioners and enterprise buyers, government-ordered access controls on deployed models are now a real operational risk category, not just a chips-and-hardware concern, and the resolution mechanism (new safety classifiers, government-tested mitigations, an industry jailbreak-severity framework) looks likely to become the template other frontier labs are asked to follow.
What happened
On June 12, 2026, the US Department of Commerce, citing national security authorities, ordered Anthropic to suspend all access to Fable 5 and Mythos 5 for any foreign national, inside or outside the United States. Because Anthropic had no reliable way to verify nationality in real time, it disabled both models for all users worldwide within hours of receiving the directive, according to Anthropic's own statement. Reuters and other outlets reported the trigger was a finding by Amazon researchers that a prompting technique could get Fable 5 to identify, and in one case help exploit, a small number of already-known software vulnerabilities.
Timeline
Anthropic launches Fable 5 (public, heavily safeguarded) and Mythos 5 (limited to Project Glasswing cybersecurity partners).
The Commerce Department directs Anthropic to suspend all foreign-national access; Anthropic disables both models worldwide.
Commerce approves restoring Mythos 5 to a set of US organizations, per a letter from Secretary Howard Lutnick.
Lutnick announces Commerce has fully lifted the export controls on both models.
Fable 5 access is restored globally; Mythos 5 returns to Project Glasswing partners.
Technical context
Anthropic says its testing found the reported bypass was not a universal jailbreak, and that comparably capable models, including Claude Opus 4.8, GPT-5.5, and Kimi K2.7, could surface the same vulnerabilities without any bypass. The company says the government provided only "verbal evidence of a potential narrow, non-universal jailbreak." As part of the resolution, Anthropic built a new safety classifier that it says blocks the specific reported technique in over 99% of cases, though at the cost of flagging more benign coding requests; Commerce's Center for AI Standards and Innovation (CAISI) tested both the prior and new safeguards and told Anthropic they are extraordinarily strong.
Industry context
Reuters and ITNews reported more than 80 cybersecurity executives, including leaders from Nvidia and Adobe, signed an open letter urging the restrictions be lifted, arguing they hindered defensive vulnerability research. The Economist and other outlets framed the episode as a shift in US export-control policy from hardware toward directly gating access to deployed models, a shift that coincided with the White House's June 2, 2026 executive order on AI security and with OpenAI facing a similar government-requested limit on its GPT-5.6 rollout, according to Axios.
For practitioners
Anthropic, Amazon, Microsoft, Google, and other Glasswing partners are now drafting a shared framework for scoring jailbreak severity along four axes - capability gain, breadth of capability gain, ease of weaponization, and discoverability - meant to give AI developers and regulators a consistent bar for when a finding warrants a shutdown versus a patch. Anthropic also committed to give designated government evaluators pre-release access to future frontier models and to share threat intelligence in advance of publication, changes that enterprise and government customers relying on Anthropic's roadmap should track.
What to watch
- •Whether the Commerce-Anthropic jailbreak-severity framework becomes a template applied to other frontier labs, including OpenAI's GPT-5.6 restrictions.
- •How the administration's August deadline, set under the June 2 executive order, for standardized AI security benchmarks plays out.
- •Whether China's push toward Mythos-class capability shapes how quickly the US eases remaining restrictions on Mythos 5 access for international Glasswing partners.
Editorial analysis
This episode is likely to be read as a case study in how ad hoc, letter-based export directives, rather than a codified statutory process, can still reach deployed AI models, despite Anthropic's own public position that such actions should follow transparent, technically grounded rules. The three-week resolution timeline, and the fact that the government ultimately accepted mitigations rather than requiring a permanent ban, suggests the administration is using export authority as a pressure lever to extract specific safeguards and information-sharing commitments rather than as a blanket bar on frontier model deployment.
Key Points
- 1The Commerce Department suspended global foreign access to Anthropic's Fable 5 and Mythos 5 on June 12, then fully lifted the export controls June 30.
- 2Anthropic says the underlying jailbreak was narrow and non-universal, matched by other models, while the government's evidence was only verbal.
- 3The resolution produced a new safety classifier and a joint Amazon-Microsoft-Google jailbreak-severity framework that will likely shape future model-security disputes.
Scoring Rationale
First known case of the US government using export-control authority to shut down a deployed frontier AI model over a cybersecurity dispute, now resolved after three weeks through a new safety classifier, government-tested mitigations, and a cross-industry jailbreak-severity framework - a genuine precedent for how governments and labs will handle future model-security standoffs.
Sources
Public references used for this report.
View 11 more sources
- 04U.S. Bars Foreigners From Using Anthropic's Most Advanced A.I. Modelsnytimes.com
- 05Anthropic shuts down newest AI model after U.S. bans foreign usewashingtonpost.com
- 06Anthropic to disable its most advanced AI models after US order limiting foreign accesstheguardian.com
- 07Donald Trump has cut off access to the world's best AI modeleconomist.com
- 08Anthropic Pulls Its Most Powerful AI Models After U.S. Bars Foreign Accesstime.com
- 09Anthropic cuts top-tier AI access after US foreigner bandw.com
- 10US asks Anthropic to block global access to top AI modelsaljazeera.com
- 11Start of AI cold war? Why US cut off global access to Anthropic's frontier modelstimesofindia.indiatimes.com
- 12Lost access to Anthropic's AI models highlights risk of relying on U.S. tech, Canadian experts saytheglobeandmail.com
- 13Why Anthropic denied the Pentagon full access to its AI - in this war or any otherblogs.timesofisrael.com
- 14US saw risk of Anthropic models being diverted to foreign military intelligenceitnews.com.au
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
