0>1.software

// blog/why-the-us-government-suspended-fable-5-and-mythos-5

Why the US Government Suspended Fable 5 and Mythos 5

John Sasser
John Sasser
June 15, 2026
6 min read
anthropicexport-controlsai-policyjailbreaksfable-5
Minimal text card reading 'A letter at 5:21pm took a frontier model offline' with kicker AI POLICY, listing three supporting points about the disputed jailbreak.

On June 12, 2026, at 5:21pm Eastern, Anthropic received a letter from the US government. Citing national security authorities, the government issued an export control directive suspending all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including Anthropic's own foreign-national employees. By the time Anthropic published its statement that evening, both models were dark for every customer. This is the first time a frontier AI model has been pulled from commercial deployment by government order.

What the directive orders

It prohibits access by foreign nationals, anywhere in the world. Anthropic's other models are untouched. The letter, per Anthropic, "did not provide specific details of its national security concern."

A foreign-national restriction becomes a total shutdown under US export control law. Under the deemed export doctrine, releasing controlled technology to a foreign national on US soil is legally treated as an export to that person's home country. That is why the directive explicitly covers foreign nationals "inside or outside the United States" and why it reaches Anthropic's own employees. An API product with hundreds of millions of users has no reliable way to verify the citizenship of every caller, every developer on a team account, and every employee at every enterprise customer. The only compliant posture available on a same-day timeline is to disable the models entirely, which is what Anthropic did: "The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance."

A legal instrument scoped to a category of people can force a full product recall at the infrastructure layer because identity attestation does not exist at the API boundary.

The jailbreak at the center of the dispute

The government's stated concern, as Anthropic understands it, is a method of bypassing Fable 5's safeguards. The statement is unusually specific, and the specifics cut against the severity of the response.

According to Anthropic, the government has provided only verbal evidence of a potential narrow, non-universal jailbreak, one that "essentially consists of asking the model to read a specific codebase and fix any software flaws." Anthropic says its understanding is that a single potential jailbreak was shared with the government. The company reviewed a demonstration of the technique and a report it believes is the basis of the directive, and found that it surfaced "a small number of previously known, minor vulnerabilities."

Two of Anthropic's counterpoints:

  1. Other models can do this. Anthropic validated that the level of capability in the report "is widely available from other models (including OpenAI's GPT-5.5)" without requiring any bypass.
  2. The demonstrated behavior is a defensive workflow. Reading a codebase and fixing software flaws is what security teams and AI coding agents do all day. Anthropic notes this capability "is used every day by the defenders who keep systems safe."

If Anthropic's characterization is accurate, the directive recalls a model over a capability that competing commercial models exhibit openly, demonstrated against vulnerabilities that were already known. Anthropic disagrees "that the finding of a narrow potential jailbreak should be cause for recalling a commercial model deployed to hundreds of millions of people."

Universal versus non-universal jailbreaks

The dispute turns on a distinction that Anthropic laid out at Fable's launch and restates here.

TypeWhat it doesIndustry status
Universal jailbreakBroadly bypasses safeguards, unblocking a wide range of restricted capabilitiesNone found in Fable 5 despite extensive red-teaming; likely to exist eventually for every model
Non-universal jailbreakElicits some restricted information in specific, narrow circumstancesEvery safeguard in the industry is vulnerable to these

Before launch, Anthropic red-teamed Fable's safeguards with the US government, the UK AISI, multiple private third-party organizations, and internal teams, for thousands of hours in total. Per the statement, those tests showed Fable's safeguards to be substantially more effective than any previously deployed model's, and no tester has yet found a universal jailbreak. Anthropic is candid about the ceiling: "We suspect that perfect jailbreak resistance is not currently possible for any model provider."

Anthropic's stated strategy is defense in depth. It makes jailbreaks narrow or expensive to produce and uses monitoring to detect and shut down successful attacks quickly. The 30-day customer data retention requirement on Fable, a policy Anthropic acknowledges "carries real costs for us with customers," supports jailbreak research and mitigation.

Anthropic says it has not received a disclosure of a concerning non-universal jailbreak that led to a harmful result. The disclosed findings have been "either entirely benign responses or are minor findings that provide no Mythos-specific uplift."

A recall standard triggered by any non-universal jailbreak would apply to every deployed model. Anthropic says, "If this standard was applied across the industry, we believe it would essentially halt all new model deployments for all frontier model providers."

Process for model recalls

Anthropic affirms that "the government should have the ability to block unsafe deployments," provided that power sits inside "a statutory process that is transparent, fair, clear, and grounded in technical facts." This action came through a letter at 5:21pm with no specific details, verbal-only evidence, and no apparent mechanism for the technical dispute to be adjudicated before the order took effect.

Anthropic argues for a regulated recall authority with due process instead of an ad hoc authority exercised through export control instruments. Export controls were built for physical goods and dual-use technology transfers, and they lack the evidentiary scaffolding needed for a technical dispute about whether a specific model behavior constitutes meaningful capability uplift. There is no obvious venue in this process where Anthropic's claim that GPT-5.5 exhibits the same capability gets weighed, though that comparison determines whether the directive addresses any actual risk delta.

The US government has demonstrated it can take a deployed frontier model offline on hours of notice, using national security authorities, without publishing its evidence.

Production systems built on frontier models

For teams running production systems, June 12 established a new outage class: regulatory recall of a specific model, effective same-day, with no advance notice to the provider or to you. Ordinary deprecation comes with migration windows, and provider outages end when the incident does. Anthropic says it is working to restore access and promised more details within 24 hours of the statement, but a customer whose agents were pinned to Fable 5 had no say in the timeline and no signal it was coming.

Teams need a tested path to fail over to a second model, since prompts and tool definitions tuned for one model rarely transfer cleanly under pressure. Know which workloads have hard dependencies on tier-specific capability, because a fallback cannot silently absorb them. Treat model access in your risk register as a single-sourced dependency with a regulator in the loop.

Anthropic calls the situation "a misunderstanding" and expects to restore access. Recall power has to distinguish a universal jailbreak from a model doing code review.


Sources