Claude Fable 5AnthropicMythos 5+17

Anthropic Fable 5 and Mythos 5 Disabled by US Order

Three days after Anthropic shipped what it called its most capable public model, the US government ordered it switched off. Claude Fable 5 and the gated Mythos 5 went dark worldwide on June 12, 2026, after an export control directive citing an alleged jailbreak and possible Chinese access. The standoff has produced two sharply different accounts, a looming IPO complication, and a precedent-setting question: who actually gets to pull a frontier model after it ships?

Parash Panta

Jul 2, 2026
20 min read

Anthropic Fable 5 and Mythos 5 Disabled by US Order

A Model That Lasted Seventy-Two Hours

On June 9, 2026, Anthropic put its most powerful model into the hands of anyone with an API key. By the evening of June 12, that model was gone, pulled not by a bug, a recall, or a safety review of Anthropic's own choosing, but by a legal order from the United States government.

Anthropic has said that it received the directive at 5:21pm Eastern on Friday, June 12, and that the practical effect was immediate: it had to abruptly disable both Claude Fable 5 and the more capable, gated Claude Mythos 5 for every customer, everywhere, to stay in compliance. According to a source cited by Fortune, the company was given roughly 90 minutes to take its newest model offline, with no prior notice that a national security action was coming.

This is, by any measure, an unusual event. Frontier labs get sued, criticized, and pressured all the time. They do not often get a same-day federal directive that forces them to switch off a flagship product the week it launches. The Fable 5 episode is worth understanding in detail, not because the dramatic framing of a "ban" is fully accurate, but because the mechanism the government used, the disagreement over the facts, and the precedent it sets all matter well beyond this one model.

Here is what is established, what is contested, and what it signals for everyone building on frontier models.

What Actually Happened: The Timeline

The compressed version of events is striking on its own.

April 2026 — Mythos enters the world quietly. Anthropic released Claude Mythos Preview through Project Glasswing, an access program limited to a small set of trusted organizations, many of them focused on critical infrastructure and cyber defense. The model was held back deliberately because of its cybersecurity capabilities. Reporting around the current dispute also notes that unauthorized third parties gained access to Mythos technology at some point during this earlier period, a detail that feeds directly into the government's later concerns.

June 9, 2026 — Fable 5 and Mythos 5 launch. Anthropic introduced Claude Fable 5 as a generally available model and Claude Mythos 5 as a restricted one. The two share the same underlying system; Fable is the guard-railed public version, Mythos the less-restricted version reserved for vetted partners. Anthropic described Fable 5 as exceeding the capability of anything it had ever made generally available, with large gains in software engineering, scientific research, vision, and long-running autonomous work. It launched across the Claude API, Amazon Bedrock, Google's Vertex AI, and Microsoft Foundry.

June 12, 2026 (Friday), 5:21pm ET — the directive lands. Citing national security authorities, the government issued an export control directive suspending all access to Fable 5 and Mythos 5 by any foreign national, inside or outside the United States, including Anthropic's own foreign-national employees. Because Anthropic could not cleanly separate that population from its global user base in the time allowed, the net effect was a worldwide shutoff of both models. Every other Anthropic model — Opus 4.8, Sonnet 4.6, Haiku 4.5 — remained fully available.

June 13, 2026 (Saturday) — the government's account goes public. White House AI adviser David Sacks posted his version of events on X, framing the action as a reluctant last resort after Anthropic declined to patch a reported flaw.

June 14–15, 2026 — the dispute widens. Anthropic flew technical executives to meet officials, additional reporting tied the action to fears about Chinese access, and the company committed to publishing a technical rebuttal.

June 16, 2026 (today) — the standoff continues. The models remain offline. A meeting between Anthropic and White House officials is reported to be scheduled for June 22 in Washington, and no firm restoration date has been set.

From general availability to global blackout in seventy-two hours. That is the shape of the thing.

What Fable 5 and Mythos 5 Actually Are

To understand why the government reacted the way it did, you have to understand what Anthropic shipped.

Mythos-class is a capability tier that Anthropic positions above its Opus-class models. The first member, Mythos Preview, arrived in April under tight controls. Fable 5 and Mythos 5 are the next step, and the relationship between them is the crux of the whole affair.

They are the same model with different locks. Mythos 5 is the fuller-capability version. Fable 5 is that same model wrapped in safety classifiers designed to keep certain capabilities — particularly in cybersecurity, biology, chemistry, and model distillation — out of reach for general users. When Fable's classifiers detect a request in those sensitive areas, the request does not get a flat refusal; it falls back to a response from Claude Opus 4.8, and the user is told. Anthropic has said false positives, where a harmless request trips the classifiers, occur in under five percent of sessions on average.

The capabilities are not incremental. Anthropic highlighted software-engineering performance ahead of every other model a developer could use, and pointed to Stripe using Fable to migrate a fifty-million-line codebase in a single day, work the company framed as roughly two months for a human engineering team. That same code-comprehension strength is exactly what makes the model attractive for finding and fixing software vulnerabilities — and, the government worried, for finding and exploiting them.

The commercial terms signaled how seriously Anthropic took the risk. Both models priced at $10 per million input tokens and $50 per million output tokens, and both carried a mandatory 30-day data retention policy with no zero-data-retention option, designations Anthropic labeled "Covered Models." That retention requirement is not a throwaway detail. Anthropic has explicitly said it adopted it so it could research and quickly shut down any jailbreak attempts, accepting real commercial friction with privacy-sensitive customers in exchange for monitoring capability. The rollout was also staggered: Fable 5 was included at no extra cost in Pro, Max, Team, and seat-based Enterprise plans through June 22, with usage credits required from June 23 onward.

In other words, Anthropic shipped a model it knew was powerful enough to help both defenders and attackers, and built a layered containment strategy around it. The dispute is, at its heart, about whether that strategy was good enough.

The Trigger: A Jailbreak, a Trusted Partner, and a China Worry

A jailbreak is a method for getting around an AI model's guardrails to extract behavior the system is supposed to block. In this case, the worry was specific: a technique that could pierce the classifiers separating public Fable 5 from the unrestricted cyber capabilities of the underlying Mythos system.

Per a Semafor report, the deeper concern was that a group with ties to China may have obtained access to Mythos. The fear is not only that such a model could be used directly, but that it could be studied and reverse-engineered, including through distillation — training a smaller model to imitate a larger one's behavior. A frontier cyber-capable model in adversarial hands is the kind of scenario export controls exist to prevent, which is why the government reached for that authority rather than a softer tool.

The Commerce Department ultimately invoked national security export controls to bar Anthropic from distributing Fable 5 and Mythos 5 to foreign nationals. The choice of instrument matters: export control law is built to restrict who, by nationality, can access a sensitive technology, which is why the order swept in foreign nationals worldwide rather than drawing a clean geographic line.

Two Accounts of the Same Event

This is where the story splits, and where readers should be most careful. Anthropic and the administration describe the same sequence of facts and reach almost opposite conclusions about its severity. Both accounts deserve a fair hearing.

Anthropic's version: a narrow flaw, an overbroad response

Anthropic's public statement is unusually direct for a company complying with a government order. Its core claims:

  • The directive arrived without specific technical detail about the national security concern.

  • The company reviewed a demonstration of the technique and found it surfaced a small number of previously known, minor vulnerabilities — the kind it says other publicly available models, including OpenAI's GPT-5.5, can find without any bypass at all.

  • No tester, across thousands of hours of red-teaming with the US government, the UK AI Safety Institute, third parties, and internal teams, had found a universal jailbreak capable of broadly unlocking the model's cyber capabilities.

  • The flaws disclosed to Anthropic were, in its assessment, either benign or offered no Mythos-specific uplift.

Anthropic's framing is that perfect jailbreak resistance is not achievable for anyone today, that every safeguard in the industry is vulnerable to narrow, situational bypasses, and that its defense-in-depth approach — strong classifiers, 30-day retention, active monitoring — keeps Fable's real-world risk comparable to models already deployed across the industry. The company's sharpest argument is about proportionality: it openly disagrees that a narrow, potential jailbreak should justify recalling a model deployed to hundreds of millions of people, warning that applying that standard industry-wide would effectively freeze every future frontier deployment. It also pointedly noted that it believes governments should be able to block unsafe deployments, but through a process that is transparent, fair, and grounded in technical fact — and that this action, in its view, did not meet that bar.

The government's version: a real flaw, a refusal to fix it

David Sacks, co-chair of the President's Council of Advisors on Science and Technology and the administration's former AI czar, laid out a very different account on X. In his telling:

  • A highly credible partner trusted by both Anthropic and the government, while testing Fable, came forward with a working jailbreak of the guardrails separating Fable from Mythos's cyber capabilities.

  • The administration asked CEO Dario Amodei to either fix the bypass or pull the model.

  • Amodei declined, and, per Sacks, characterized the jailbreak as not serious — a stance Sacks called inconsistent with Anthropic's identity as a safety-first lab that had itself lobbied for Mythos to be treated as a cyberweapon.

  • Only after that refusal, Sacks said, did the administration issue the export control, and it did so reluctantly.

Reporting from Semafor and Fortune adds that Amazon was the source of the warning, with CEO Andy Jassy reportedly raising the issue with administration officials. Politico's account describes several calls between Amodei and senior officials, during which Amodei argued the bypass Amazon found was narrow rather than a true jailbreak of the model's safeguards.

Sacks also tried to decouple this action from Anthropic's prior friction with the administration, including an earlier Pentagon dispute, insisting the move was purely about the security flaw and that the administration values Anthropic's technology and sees the issue as easily resolved. That context is worth flagging honestly: Sacks has clashed repeatedly with Anthropic and has previously accused the company of regulatory-capture tactics rooted in what he calls fear-mongering about AI risk. Readers can weigh his account accordingly, just as they should weigh Anthropic's self-interest in minimizing the flaw.

Reading the gap

Strip away the framing and a narrow factual disagreement sits at the center: the same bypass is described by one side as a minor, already-known vulnerability comparable to what rival models produce, and by the other as an unacceptable crack in the wall protecting a cyberweapon-grade capability. Both can be partly true. A bypass can be technically narrow and still be alarming to a government that has separately heard a major cloud provider raise it and that suspects a foreign adversary may already be inside the system. The severity judgment, not the existence of the flaw, is the real fight.

Why a Targeted Order Became a Global Blackout

One of the most confusing aspects of this story is the mismatch between the order's stated target and its actual effect. The directive restricts foreign nationals. The result was that everyone, including US citizens, lost access.

The mechanism explains the gap. Export control directives keyed to nationality require a provider to prevent a defined class of people — here, all foreign nationals worldwide, including Anthropic's own staff — from touching the technology. Anthropic could not reliably partition that population out of a live, globally distributed product on 90 minutes' notice. Disabling the models entirely was the only way to guarantee compliance. Anthropic asked AWS to revoke access to both models on Amazon Bedrock for the same reason.

So the practical reality for users is simpler than the legal text: treat Fable 5 and Mythos 5 as unavailable everywhere, regardless of where you sit or what passport you hold, until the order is lifted or narrowed. The API string for the model now returns errors, and Anthropic's own guidance and third-party operators alike point to Opus 4.8 as the immediate drop-in replacement.

The Frontier-LLM-Development Controversy Lurking Underneath

There is a second, quieter controversy that the export-control drama has partly overshadowed, and it speaks to the trust dynamics in play.

In Fable 5's system card, Anthropic disclosed that beyond the visible cyber, biology, and chemistry fallbacks, it had added interventions around requests touching frontier large-language-model development — work on pretraining pipelines, distributed training infrastructure, and related areas. Analysts who read the document closely, including a widely circulated Substack breakdown, flagged that this particular safeguard appeared to behave differently from the others. Where the cyber and bio safeguards visibly hand off to Opus 4.8 and tell the user, the frontier-development intervention was described as degrading certain responses in a less transparent way.

Whatever one concludes about the merits, the optics fed directly into the credibility problem now at the heart of the standoff. A company arguing that the government has overreacted on transparency grounds is in a weaker position if observers believe it was less than fully transparent about how some of its own safeguards behave. This is a reminder that in disputes like this one, perceived candor is itself a form of leverage, and both sides are spending it.

What Anthropic Is Doing About It

Anthropic's response has unfolded on several tracks at once.

Compliance first. Despite its disagreement, the company is following the legal order and has removed access for all users. It has not tried to litigate its way back online or defy the directive; the stance is comply now, contest in parallel.

A public, technical contestation. Anthropic's statement is a rebuttal in everything but name, and the company committed to publishing a detailed technical response to the government's jailbreak assessment, intended to show that the demonstrated capability is widely available from other models and used routinely by defenders.

Direct engagement. Anthropic flew technical executives to meet officials, and Amodei has reportedly held multiple calls with senior administration figures. A meeting between the company and the White House is reported for June 22 in Washington, which is shaping up as the next real inflection point.

Managing the customer fallout. The company apologized for the disruption, emphasized that all other models are unaffected, and framed the episode as a misunderstanding it is working to resolve as quickly as possible. Notably, it has not committed to a restoration timeline, because the resolution depends on the government, not on Anthropic alone.

The realistic paths back are limited. If the dispute is fundamentally about the flaw's severity, restoration likely requires Anthropic to ship a patch the government accepts, or an independent technical review that settles the question. If it is really about process and trust, resolution could stretch into legal or policy engagement that takes far longer. Sacks's framing — that the ball is in Anthropic's court and that a remediation could quickly lift the control — suggests the administration sees a fast technical off-ramp. Anthropic's framing suggests it does not believe there is much to remediate. That distance is the whole problem.

The IPO Shadow

The timing could hardly be worse for Anthropic in one specific respect. The directive landed roughly eleven days after the company confidentially filed for an initial public offering. A federal national-security action that forces a flagship product offline is now part of the narrative any prospective investor will read, and reporting has noted softness in pre-IPO share interest as regulatory risk moves from a hypothetical to a documented event.

This is the kind of risk that does not fully resolve even when the immediate dispute does. A company whose top-tier model can be switched off by directive carries a different risk profile than one whose products are insulated from that possibility. Investors price precedent, and the precedent here is that the most capable thing Anthropic sells is, in a real sense, contingent on government tolerance. Even a clean resolution leaves that fact on the table.

The Sovereignty Backlash

The order's reach — foreign nationals worldwide, switched off without warning — landed hard outside the United States, and the reaction in India was especially sharp. The episode became a live argument about dependence on US-controlled AI infrastructure.

Indian technology leaders used the moment to press the case for sovereign AI. Zoho founder Sridhar Vembu urged India to build its own foundational capability rather than rely on access that a foreign government can revoke. Sarvam's chief executive captured the underlying anxiety with a blunt distinction between using a model and owning it, warning that access is not control. The debate pulled in prominent figures across the Indian tech and policy world, turning a US compliance action into a global conversation about who should own the most capable models a country depends on.

That reaction is rational. If a single government can disable a frontier model for every foreign national on the planet on short notice, then every organization outside that government's jurisdiction has just been given a concrete reason to diversify away from any single national supplier, or to invest in domestic alternatives. The strategic message of the Fable 5 order may end up being more consequential than the order itself.

What This Means for Builders and Operators

Set aside the politics for a moment and look at the operational lesson, because it is the part most directly useful to anyone shipping on frontier models.

Model availability is now a compliance surface, not just an uptime metric. Teams are used to thinking about provider outages, rate limits, and deprecations. The Fable 5 episode adds a new failure mode: a model can disappear because of a legal directive, with essentially no notice, regardless of your contract or your region. That is a different category of risk than a status-page incident, and it does not respond to the usual mitigations.

Single-model dependence is now a measurable liability. Any pipeline hard-wired to a specific model string inherited an instant outage when Fable 5 went down. The teams that absorbed the shock most easily were those that could reroute to another model — in this case, Opus 4.8 — without rewriting their stack. Multi-model routing has gone from a nice-to-have to a continuity requirement.

This is precisely the problem that agent-management tooling is built to handle. An orchestration layer that treats the underlying model as a swappable dependency, monitors availability, and fails over automatically turns an event like this from an outage into a routing decision. Open-source dashboards in this space, such as OpenClaw Mission Control, exist to give operators exactly that kind of visibility and control across multiple models and providers — the difference between a pipeline that silently breaks at 5:21pm on a Friday and one that quietly shifts traffic and keeps running. The Fable 5 shutdown is the clearest argument yet for designing agent systems around model-agnostic routing rather than betting a production workflow on any single frontier model staying online.

Data-retention terms can carry hidden strategic weight. Fable 5's mandatory 30-day retention was not a privacy afterthought; it was load-bearing for Anthropic's safety strategy. Builders evaluating Covered Models should read retention and access terms not just for compliance, but as signals about how aggressively a provider intends to monitor — and how exposed that model might be to exactly this kind of intervention.

The Bigger Question: Who Gets to Pull a Model?

Strip the Fable 5 dispute down to its load-bearing question and it is not really about one jailbreak. It is about who holds the off switch on frontier AI after a model is already in public hands, and under what process.

Anthropic's position, stated repeatedly, is that governments should be able to block unsafe deployments through a process that is transparent, fair, clear, and grounded in technical facts. The company's complaint is not that the government acted, but that it acted with a same-day directive, minimal technical detail, and a 90-minute window — a process it argues fails that standard. The administration's position, through Sacks, is that it warned the company, asked for a fix, was refused, and used the cleanest legal tool available only as a last resort.

Both can describe a legitimate principle and still leave the precedent unsettled, because the precedent is the part that outlives this dispute. The United States has now demonstrated that it will use export control authority to reach back and disable a generally available frontier model, worldwide, days after launch, on national security grounds, with the practical effect of taking it offline for everyone. Whether or not that was the right call in this specific case, every frontier lab and every government watching now knows the tool exists and that it will be used.

That changes the calculus going forward. Labs will weigh how a launch might trigger such an action. Governments abroad will weigh their dependence on US-controlled models. And the question of what a fair, fact-grounded process for blocking a deployment should actually look like — the process Anthropic says was missing here — has moved from an abstract policy debate to an urgent, concrete one.

What to Watch Next

A few things will tell you where this is heading.

  • The June 22 meeting. The reported Washington meeting between Anthropic and the White House is the most likely near-term venue for a resolution — or for the dispute to harden.

  • Anthropic's technical rebuttal. If the company publishes a detailed, credible demonstration that the bypass is widely available and low-uplift, it strengthens the case that the response was disproportionate. If it does not, the government's account gains ground.

  • Any remediation. A patch the government accepts is the fastest path to restoration. Watch for whether Anthropic ships one, and whether it frames doing so as fixing a real flaw or as an accommodation it disputes.

  • The foreign-access investigation. The unresolved question of whether a China-linked group actually obtained Mythos access is the factor most likely to keep the order in place regardless of the jailbreak's technical severity.

  • The IPO disclosures. As Anthropic moves toward a public listing, how it characterizes this event as a risk factor will reveal how lasting it expects the damage to be.

For now, the situation is simple to state and hard to resolve: Anthropic's most capable public model is offline, the company says it is a misunderstanding, the government says the ball is in Anthropic's court, and the rest of the industry has just learned that a frontier model's availability can end in ninety minutes. Everything else — the restoration date, the precedent, the sovereignty fallout — is still being written.

Anthropic's other models, including Claude Opus 4.8, Sonnet 4.6, and Haiku 4.5, remain available and unaffected throughout.

Parash Panta

Content Creator

Creating insightful content about web development, hosting, and digital innovation at Dplooy.