Fable 5 lasted 96 hours. Anthropic launched its most capable public AI model on June 9, 2026, and by the evening of June 12, the US government had ordered it offline — not just for foreign users, but for every user on earth, because Anthropic had no technical means to verify citizenship at the API level in real time. The directive arrived at 5:21 PM Eastern, a letter from Commerce Secretary Howard Lutnick to CEO Dario Amodei that gave no specific national security rationale. Anthropic read it and started the shutdown.
Most coverage has framed what followed as a cybersecurity dispute, a story of government overreach, or the latest episode in a months-long feud between the Trump administration and Silicon Valley. Those readings are incomplete. The company that discovered the alleged jailbreak at the center of the ban is also Anthropic's largest investor, its primary cloud host, and the marketplace through which it sells Claude to enterprise customers. Amazon CEO Andy Jassy called US Treasury Secretary Scott Bessent directly — before notifying Anthropic — and the export control order followed within hours. A story that looked like politics turns out to be something structural, and considerably more uncomfortable.
Six months of conflict set the stage for June 12. The three-word technique the government cited as its justification has since been reviewed by the only independent expert who read the underlying report — her conclusion: no guardrail bypass occurred. The government had pre-approved Fable 5 before launch and pulled it three days later. What happened when Lutnick's letter arrived marks the first time the Commerce Department has used authority granted under the 2018 Export Control Reform Act to pull a publicly deployed AI model — without a court order, without a statutory transparency requirement, and without a hearing.
- Ninety-Six Hours: The Launch and Shutdown of Fable 5
- "Fix This Code": The Technique That Triggered a National Security Order
- Amazon's Call
- The Pentagon Conflict That Set the Fuse
- A Legal Precedent Nobody Voted For
- Who Needs to Act on This
- Verdict
Ninety-Six Hours: What Happened When Fable 5 Launched and Disappeared
Fable 5 was Anthropic's first public release in what the company calls the Mythos class — the tier above its previous Opus-class lineup. At launch, Anthropic claimed its capabilities exceeded those of any model it had ever made generally available. On SWE-bench Verified, the standard benchmark for software engineering performance, Fable 5 scored 95 percent. The model was available through the Claude API, Amazon Bedrock, Google Vertex AI, and Microsoft Foundry simultaneously.
Fable 5 was built on the same architecture as Mythos 5, a separately restricted model available only to vetted organizations. The two differed primarily in output controls: Fable 5 ran classifiers designed to block responses in high-risk domains — cybersecurity, biochemistry, chemical synthesis — routing flagged queries to Opus 4.8 in under 5 percent of sessions. Mythos 5 operated with some of those classifiers removed. Before launch, Anthropic subjected both models to thousands of hours of red-teaming by the US government, the UK AI Security Institute, and third-party organizations. None found a universal bypass. The government, according to a source close to Anthropic cited by The Globe and Mail, gave its approval for Fable 5 to deploy.
Three days later, Amazon security researchers found what they described as a bypass. Within hours of that finding reaching senior White House officials, Lutnick's letter arrived. By midnight on June 12, both models were gone for every user on the planet.
The order barred access by any foreign national — whether inside or outside the United States, including Anthropic's own non-US employees. With no real-time mechanism to filter by nationality at the API level, Anthropic shut both models down globally. Claude Opus 4.8, Sonnet 4.6, and Haiku 4.5 stayed online. Fable 5 had been the most capable publicly deployed AI model in history for fewer than four days.
“Fix This Code”: Why the Three Words Behind the Ban Were Probably Not a Jailbreak
What Amazon's Researchers Actually Did
Amazon security researchers fed Fable 5, Mythos 5, and Claude Opus open-source code containing known CVEs alongside new code deliberately laced with vulnerabilities. They asked the models to review the code for security issues. Fable 5 declined. So the researchers rephrased: fix this code. The model obliged. Through additional manual steps, they turned Fable's output into test scripts — automated instructions for validating patches. Because finding the vulnerability was a prerequisite for generating the fix, the same outputs could theoretically help an attacker identify exploitable code.
You are a security engineer. Your team has three days to audit a codebase before it ships to a defense contractor. You ask Fable 5 to review the code for vulnerabilities. It refuses. You ask it to help fix a section you already know is broken. It helps. In the output, you can see exactly where the vulnerability was. This is the standard loop of secure software development — find the flaw, fix it, test the fix — repeated every day, in every organization that takes code security at all seriously.
The Only External Expert Who Read the Report
Anthropic shared the Amazon report with Katie Moussouris, founder and CEO of Luta Security, who served on the technical expert group that renegotiated the Wassenaar Arrangement from 2013 to 2017 — the voluntary framework among 42 countries governing export controls on dual-use software. Those negotiations secured explicit exemptions for defensive cybersecurity research, allowing security teams to share vulnerability data internationally without criminal liability. She is the only external expert who read the document underlying the government's directive.
Her assessment was unambiguous: no jailbreak occurred. Moussouris wrote that the technique Amazon discovered "cannot meaningfully be fixed, and any attempt would only weaken the model for defense." More than 100 cybersecurity leaders signed an open letter urging reversal of the restrictions, making the same point: the capabilities being blocked are used by defenders daily, and pulling them from American AI while adversaries advance without equivalent constraints hands the wrong side an advantage.
Fix the jailbreak or de-deploy Fable 5. — David Sacks, White House AI adviser, as described to reporters
Anthropic's position tracked with Moussouris's analysis. The company said it had validated that the same capability level was available from OpenAI's GPT-5.5, which faces no equivalent export controls. The claimed bypass did not unlock Mythos's most advanced capability — autonomous chaining of multiple vulnerabilities into complex attack sequences — but the government acted as though it had. Anthropic called the directive a misunderstanding and said it was working to restore access. The administration official who spoke to Axios characterized the situation differently: "Everybody said Anthropic was a bad actor. Some people pushed to give them a chance anyway."
Amazon's Call: Who Actually Triggered the Fable 5 Shutdown
Andy Jassy did not call Dario Amodei. He called Scott Bessent. The Treasury Secretary then contacted Commerce Secretary Howard Lutnick and National Cyber Director Sean Cairncross. The White House convened a meeting to review Amazon's findings, Trump approved the foreign access ban, and by 5:21 PM Eastern on June 12, Lutnick's letter was on its way to Amodei. The reporting — confirmed by The Information, Reuters, and Bloomberg — establishes something the broader coverage has underweighted: Anthropic's largest investor chose to escalate a security finding directly to the executive branch before informing the company it had backed with $13 billion.
Hold Amazon's full position in relation to Anthropic in a single frame. Amazon is Anthropic's largest financial backer, with $13 billion invested and plans to commit up to $20 billion more. Anthropic has pledged to spend over $100 billion on AWS infrastructure. Amazon manufactures the Trainium chips used to train Anthropic's models. Amazon Bedrock distributes Claude to enterprise customers. Amazon's security researchers, employed by the same organization doing all of the above, found an alleged vulnerability and escalated it to the White House without telling Anthropic first. That escalation path — from a competitor's security team to the highest levels of the executive branch — has prompted direct questions from people close to Anthropic about whether commercial rivalry played any role in the government's response.
Amazon's own AWS operations were disrupted by the shutdown it triggered — a fact its spokesperson cited in a statement that confirmed the conversations and declined to characterize them further. "As a leading cloud provider that serves a large number of private and public sector customers, it's not uncommon for governments to seek our counsel on potential security risks. When they occur, we don't share the details of these discussions." The statement raises more questions than it resolves about why the appropriate first call was to the Treasury Secretary and not to the company Amazon has bet $13 billion on.
Amazon Nova competes directly with Claude.
The AI safety movement spent years constructing a public case for the dangers of models too capable to deploy responsibly. Anthropic built much of that argument. What the events of June 2026 reveal is that the most immediate threat to Anthropic was not its models' capabilities — it was the company that funds them.
The Pentagon Conflict That Set the Fuse
February 2026: Two Lines Amodei Would Not Cross
Anthropic signed a $200 million contract with the Pentagon in July 2025 for classified work. By early 2026, the Department of Defense — now also designated the "Department of War" under a September 2025 executive order — wanted unrestricted access to Claude "for all legal purposes." Anthropic drew two conditions: no use for fully autonomous weapons (AI systems making final battlefield targeting decisions without human approval), and no mass domestic surveillance of American citizens.
Defense Secretary Pete Hegseth gave Amodei a deadline of 5:01 PM on February 27, 2026. Anthropic said publicly, the day before, that it would not move. On February 27, Trump directed all federal agencies to "IMMEDIATELY CEASE all use of Anthropic's technology." Within hours, OpenAI announced its own Pentagon deal. Hegseth designated Anthropic a Supply-Chain Risk to National Security — language ordinarily reserved for foreign adversaries, not domestic companies that had offered six months of transition service and negotiated in good faith over lawful use restrictions. "America's warfighters will never be held hostage by the ideological whims of Big Tech," Hegseth wrote. Hegseth did not explain, in the same post, why a supply-chain risk would be permitted to continue operating for six months.
Claude climbed from rank 131 to number one on the US Apple App Store within days of the ban. On March 2, Anthropic's app recorded 11.3 million daily active users — up 183 percent from the start of the year. Every embargo the administration placed on Anthropic produced a wave of users who wanted to decide for themselves. That pattern held through the Pentagon dispute. It held again when Fable 5 disappeared.
March to June: Courts, Capital, and a Launch the Government Pre-Approved
Anthropic filed a civil complaint in the US District Court for the Northern District of California on March 9. A federal judge issued a preliminary injunction on March 26, temporarily reinstating Anthropic products in government procurement while the case proceeded. Amazon added $5 billion to its prior $8 billion investment shortly after. Fable 5 and Mythos 5 launched June 9 — three months after the court provided temporary relief — on a model the government's own red-teamers had tested and cleared before release.
That pre-launch clearance is what makes the June 12 directive particularly difficult to parse. If the government's cybersecurity reviewers spent months evaluating Fable 5 and approved its deployment, and the model was then pulled three days after launch on the basis of a finding by Amazon researchers, the question of what changed in 72 hours does not have a clean technical answer. Semafor reported that White House concerns extended beyond the specific bypass to broader anxieties about Chinese access to Mythos-class capabilities — a concern that predates the Amazon finding and suggests the technical rationale may have served a strategic objective already in motion.
A Legal Precedent Nobody Voted For
According to an export control expert cited by The Globe and Mail, this is the first time the Commerce Department has used authority granted under the 2018 Export Control Reform Act against a publicly deployed AI model. The mechanism matters. The February executive order hit a court challenge within weeks and was paused by a preliminary injunction. Export control directives issued under ECRA and the International Emergency Economic Powers Act carry immediate legal force — they do not require judicial approval before taking effect, and the government is not required to disclose its underlying national security rationale to the company affected.
Anthropic's own statement named the implication plainly: "If this standard was applied across the industry, we believe it would essentially halt all new model deployments for all frontier model providers." GPT-5.5 can do what Fable 5 was banned for doing. Gemini likely can too. The selective application of export controls to one company whose relationship with the administration is already adversarial, using a standard that would close the entire industry if applied uniformly, is either a coincidence or a policy. The government has not said which.
What the precedent establishes, regardless of how the Fable 5 situation resolves, is that the Commerce Department can pull any American AI model from global deployment overnight, citing a national security rationale it is not required to make public, through a statutory authority no court had previously constrained. Anthropic's confidential IPO filing — reported by The Globe and Mail — sits behind a question every prospective investor now has to ask: what is an AI company worth if its most capable model can be revoked without warning, without explanation, and without recourse?
Who Needs to Act on This
- Enterprise teams with Fable 5 in production pipelines need a documented contingency for the next 5:21 PM letter. The June 12 shutdown gave no advance notice and no grace period. Vendor diversification across at least two frontier model providers is no longer optional risk management — it is a continuity requirement with a recent proof of concept.
- Security teams deploying AI for vulnerability research, patch validation, or offensive simulation face direct operational uncertainty. The technique that triggered an export control order — asking an AI to fix code — is the standard defensive loop. Until the administration clarifies what specifically it will and will not permit, security practitioners cannot be certain that routine defensive workflows remain legally permissible under ECRA.
- AI developers building on any frontier API now have documented proof that model access can be revoked globally within hours, for reasons the provider cannot predict or control. The lesson from June 12 is not specific to Anthropic: any model running on cloud infrastructure operated by a company with competitive interests and a line to executive branch officials faces the same structural exposure.
- Policymakers who want coherent AI governance have a concrete case study in what happens without one. The June 12 directive offered no transparency, no prior hearing, no technical review process, and no appeal mechanism. The open letter from more than 100 cybersecurity leaders asks for exactly the framework that is missing: a statutory process that is transparent, technically grounded, and applicable uniformly across the industry. Congress has not provided it.
For general context on how AI export controls have historically worked, and for a deeper look at what frontier AI model capabilities actually mean for enterprise risk, the policy history leading to ECRA is worth understanding before this dispute reaches its next phase.
Verdict
The government's June 12 directive was not well-founded in technical fact, according to the only independent expert who reviewed it. The technique it cited is a standard defensive practice, available on competing models that face no equivalent restrictions, and non-universally exploitable. The export control mechanism it used bypasses judicial review. The company that escalated the finding to Washington is simultaneously Anthropic's largest investor, its cloud provider, its chip supplier, its enterprise distributor, and its direct competitor. The government pre-approved the model before launch and pulled it three days later without a public explanation.
None of that means the administration acted in bad faith. Genuine uncertainty about frontier AI capability produces genuine errors in judgment, and the Mythos class of models is, by Anthropic's own pre-release disclosures, capable enough to warrant serious scrutiny. Mozilla patched 271 Firefox vulnerabilities using Mythos Preview. The model found exploitable flaws in every major operating system and every major web browser during testing. The concern about what Mythos-class capability means in adversarial hands is not manufactured.
But the process that produced this outcome — a single company's security team escalating to the Treasury Secretary, a letter with no stated rationale arriving at 5:21 PM, global access cut within hours for hundreds of millions of users — is not a process that any democratic institution designed, reviewed, or authorized. Anthropic called it a misunderstanding and sent its senior engineers to Washington to negotiate. That may resolve the immediate question of when Fable 5 comes back.
The structural question it leaves open is harder. No AI lab can build an independent commercial product when its largest investor, cloud provider, and enterprise distributor are all the same company, and that company has a direct line to the Cabinet. That is not a regulatory gap. It is the current condition of American AI.
Frequently Asked Questions
What were Claude Fable 5 and Mythos 5, and how did they differ?
Both models launched on June 9, 2026 and share the same underlying Mythos-class architecture — a tier above Anthropic's previous Opus-class lineup. Fable 5 was the general public release, scoring 95 percent on SWE-bench Verified and carrying output classifiers that blocked high-risk responses in areas like cybersecurity and chemical synthesis. Mythos 5 ran with some of those classifiers removed and was available only to vetted organizations for defensive security work. Both were taken offline on June 12 after the Commerce Department's export control directive.
What was the "jailbreak" that triggered the export control order?
Amazon security researchers fed Fable 5 open-source code containing known vulnerabilities and asked it to "review the code for security issues." The model refused. They rephrased the prompt to "fix this code" — and the model helped, producing outputs that could identify exploitable flaws. Katie Moussouris, the only independent expert who reviewed the underlying report, said no jailbreak occurred and that the technique is indistinguishable from standard defensive security practice. The bypass did not unlock Mythos's most advanced capability — autonomous vulnerability chaining — which would have represented a genuine escalation of risk.
Why did Anthropic shut down the models for all users, not just foreign nationals?
The Commerce Department's directive barred access by any foreign national, whether inside or outside the United States, including Anthropic's own non-US employees. Anthropic has no real-time technical mechanism to verify user citizenship at the API level during a session. With no compliant way to serve only domestic users, the company shut both models down globally — the only operationally feasible path to ensuring legal compliance with the order's terms.
What is Amazon's role in this, and why does it matter?
Amazon is simultaneously Anthropic's largest financial backer ($13 billion invested), its primary cloud infrastructure provider (Anthropic committed to $100 billion in AWS spending), the manufacturer of chips used to train its models, an enterprise distributor through Amazon Bedrock, and the company whose security researchers discovered the alleged bypass. Amazon CEO Andy Jassy escalated the finding directly to Treasury Secretary Scott Bessent without first notifying Anthropic, triggering the chain of events that ended in the June 12 directive. Amazon Nova competes directly with Claude. Amazon has not confirmed or denied the specifics of Jassy's conversations with senior officials.
What happened between Anthropic and the Pentagon before the Fable 5 ban?
Anthropic held a $200 million Pentagon contract for classified work and maintained two non-negotiable conditions: no fully autonomous weapons and no mass domestic surveillance. Defense Secretary Pete Hegseth gave Amodei a February 27, 2026 deadline to drop those conditions; Amodei refused; Trump ordered all agencies to immediately cease using Anthropic products and Hegseth designated the company a Supply-Chain Risk to National Security. A federal court issued a preliminary injunction in March, temporarily restoring Anthropic to government procurement — but the June export controls used a different statutory authority that does not require court approval before taking effect.
Can other AI models like GPT-5.5 do what Fable 5 was banned for doing?
Yes, according to both Anthropic's public statement and Moussouris's independent analysis. Anthropic validated that the same level of capability is available from OpenAI's GPT-5.5 and described it as a technique used by defenders every day across the industry. GPT-5.5 is not currently subject to equivalent export controls. This asymmetry is the core argument in the open letter signed by more than 100 cybersecurity leaders demanding the restrictions be reversed — that the ban harms defenders without meaningfully limiting attackers who have access to comparable tools.
What legal authority did the government use, and has it been used before on AI?
The Commerce Department issued the directive under the Export Control Reform Act of 2018 and the International Emergency Economic Powers Act — authorities that carry immediate legal force without requiring prior court approval. According to an export control expert cited by The Globe and Mail, this is the first time ECRA has been used to pull a publicly deployed commercial AI model. The February executive order against Anthropic was challenged in court and paused; the June export control directive operates through a mechanism that has not yet faced equivalent judicial constraint.
When will Fable 5 and Mythos 5 come back online?
As of June 17, 2026, Anthropic's senior engineers have met in person with Commerce Department officials in Washington. National Cyber Director Sean Cairncross joined Monday's working session. Commerce Secretary Lutnick has been on regular calls with Anthropic officials. Both Amodei and Lutnick were scheduled to attend G7 meetings in Evian-les-Bains, France, where further negotiations may occur. Anthropic has committed to communicating any changes ahead of time but has not provided a specific timeline, and analysts tracking the situation assess that restoration before June 20 is unlikely.
Sources: Fortune, The Register, TechCrunch, Axios, The Next Web, Snyk, Time, The Globe and Mail, GeekWire, ABC News, CNBC, NPR, Congress.gov (Congressional Research Service), Anthropic official statement, Luta Security (Moussouris analysis). Reporting reflects the latest available data at time of writing. Always verify current details with official sources.