At 5:21 PM ET on June 12, the Commerce Department delivered Anthropic an export-control directive ordering it to cut off access to Fable 5 and Mythos 5 for any foreign national. By the end of the night, Anthropic had disabled both models worldwide, three days after their launch, because the directive's scope reached down to non-citizen employees inside the company and made a clean foreign-only carveout operationally impossible.

The order's language, as quoted in Anthropic's statement, blocks use "by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees." A US official confirmed the letter to Bloomberg. Anthropic says the Commerce letter "did not provide specific details" of the underlying national-security concern and that the government has so far supplied only verbal evidence of the technique at issue. All other Claude models, including Claude Opus 4.8, are unaffected.

This is, by any reasonable accounting, the first time US export controls have reached past compute thresholds and model weights to name a specific frontier SKU. The trigger is narrower still. Anthropic describes the bypass as a single non-universal jailbreak that "essentially consists of asking the model to read a specific codebase and fix any software flaws," surfacing what it calls "a small number of previously known, minor vulnerabilities." The company concedes that perfect jailbreak resistance "does not appear to be possible today," and notes that Fable's safeguards were red-teamed for thousands of hours alongside the US government, UK AISI, and outside parties before launch. Fable 5 itself is the productized form of Mythos, the cybersecurity-tuned model that ran in limited preview through Project Glasswing in April.

The provenance of the alarm is where the story gets interesting. The Wall Street Journal, with parallel accounts from Reuters and The Information, reports that Amazon CEO Andy Jassy told Treasury Secretary Scott Bessent and other officials that Amazon researchers had used Fable 5 to obtain information usable in cyberattacks. Amazon, which is also a major Anthropic investor, declined to confirm specifics. David Sacks, co-chair of PCAST, attributed the underlying warning to "a highly credible trusted partner of both Anthropic and the government."

Anthropic's rebuttal is unusually pointed for a compliance statement. "We have reviewed a report that we believe is the basis of the government's directive and validated that the level of capability displayed there is widely available from other models (including OpenAI's GPT-5.5)." If Commerce's standard holds, the company argues, it "would essentially halt all new model deployments for all frontier model providers." A 30-day customer-data retention policy, instituted to detect bypasses, is cited as evidence of seriousness about the threat model the government says it can't share in writing.

The structural read is straightforward. An investor flagged a competitor's model to Treasury. Commerce moved within a window measured in days. The capability cited is, by the targeted company's account, already shipping at a rival. Export control as competitive instrument is no longer a theoretical risk; it's the operating environment.

Commerce orders Fable 5 and Mythos 5 dark to foreign nationals; Anthropic pulls both globally

Sources