The US Government Banned Claude Fable 5 and Mythos 5

Canonical version: The US Government Banned Claude Fable 5 and Mythos 5.

Three days. That's how long Anthropic's most powerful model lasted in the wild before the US government pulled the plug.

On June 12, 2026, the Commerce Department ordered Anthropic to block Claude Fable 5 and Mythos 5 for "any foreign national, whether inside or outside the United States." That includes Anthropic's own non-citizen employees. There was no clean way to comply without locking out its own staff, so Anthropic disabled both models worldwide at 5:21 PM ET. Every other Claude model stayed online.

In this piece, I want to walk you through what actually happened, what the community makes of it, and why I think this is the clearest argument yet for open models, sovereignty, and owning your own stack.

What happened

The directive landed on a Friday afternoon, 5:21 PM ET, citing "national security authorities." It barred access by any foreign national, anywhere. Anthropic couldn't comply selectively without blocking its own employees, so it shut both models down for everyone. Opus, Sonnet, and Haiku stayed up.

The legal basis? Export controls under the Commerce Department's national-security authority. No specific rule was ever named (no BIS rule number, no EAR section, no executive order), and the text of the directive was never made public.

And the trigger for all of this? Three words: "fix this code."

Katie Moussouris, the only outside expert who actually read the research paper, lays it out plainly. Researchers took open-source code with known CVEs, plus code with deliberately planted bugs, and asked Fable, Mythos, and Opus to "review the code for security issues." Fable refused. They then asked it to "fix this code," and through a multistep manual process turned the output into patch-testing scripts. Anthropic says it was handed only "verbal evidence of a potential narrow, non-universal jailbreak."

Here's the part that should give you pause. The UK's AI Security Institute found the model could exploit defences and systems 73% of the time. Professor Gina Neff (Queen Mary University London) called it "a step change in capability in cyber security," and warned the restriction puts safe testing and government collaboration in "uncharted territory." So the capability is real. The question is whether banning it does any good.

What Anthropic said

Anthropic did not go quietly. From its official statement:

• "We must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance."
• "We disagree that the finding of a narrow potential jailbreak should be cause for recalling a commercial model deployed to hundreds of millions of people."

Talking to the BBC, it went further. It had "reviewed a demonstration of this specific technique being used to identify a small number of previously known, minor vulnerabilities" that "other publicly-available models are able to discover... without requiring a bypass." US national security authorities, it said, "had not identified specific concerns." Anthropic asked for a "statutory process that is transparent, fair, clear, and grounded in technical facts," and wondered out loud why the same standard wasn't applied to competitors like OpenAI's GPT-5.5.

The Microsoft mess (a separate story)

Don't confuse this one with the government ban. Microsoft's restriction came first, on June 10, and it was about data, not the directive.

• Microsoft quietly pulled Fable 5 from the internal model picker its own employees use inside GitHub Copilot builds.
• The reason: Fable's safety classifiers force a 30-day retention of every prompt and output, with no opt-out (up to 2 years for flagged content). Microsoft's lawyers are still weighing the risk to proprietary code and regulated data.
• The irony writes itself. Microsoft sells Fable 5 to its customers through Microsoft Foundry while blocking its own staff from touching it.

The invisible-safeguards reversal

This one is uglier, and it's the part that broke trust. Fable shipped with safeguards for "high-risk" areas. For distillation (using a model's outputs to train competing models), the system card said Anthropic would "alter and degrade the model's answers directly," with no notice to the user. No refusal. No flag. You just got a worse answer and never knew it.

The AI research community reacted fast, partly because the same mechanism could hit anyone merely evaluating the model. Anthropic apologized and reversed course. Here's how it explained the original choice to The Verge:

"Visible safeguards can be probed, so they have to be robust, which takes time to get right. Invisible safeguards can be targeted more narrowly, allowing us to ship quickly with very few false positives. We went with invisible safeguards for this reason, and that was the wrong tradeoff... We're sorry for not getting the balance right."

The fix: distillation queries now fall back to Claude Opus 4.8, visibly. "You will see this every time it happens." That matches how biology, chemistry, and cybersecurity queries already work, though Anthropic admits its biology safeguards are tuned so broadly that Fable is "practically unusable" for even basic questions.

"It's not a jailbreak, it's defense"

Katie Moussouris (Luta Security) is worth listening to here. She sits on Commerce's own Information Systems Technical Advisory Committee and was a technical expert on the Wassenaar Arrangement, the multilateral export-control framework for dual-use tech. Her verdict:

"I've seen the paper. It's not a jailbreak. It was Defense Oriented Prompting (DOP), capabilities defenders need."

Her core argument is simple. Defenders need AI that can fix the bugs in a file, explain why the fix matters, and write tests that prove the patch works. That isn't a guardrail bypass. It's the daily job. And you can't strip that capability out without making the model worse at defending real systems. She even joked about printing '90s-style t-shirts: "fix this code" on the front, "this shirt is a munition" on the back.

She has seen this movie before. When the Wassenaar Arrangement added controls on "intrusion software" in 2013, the language was so broad it swept up vulnerability disclosure, incident response, and coordinated defense, threatening serious delays for defenders. Her conclusion: "We can't export control our way to cyber resilience."

She's not alone. A "FreeFable" open letter (freefable.org) to Commerce Secretary Howard Lutnick and National Cyber Director Sean Cairncross gathered well over 80 signatories: Alex Stamos organizing, plus Casey Ellis, Jon Callas, Paul Vixie, Rachel Tobac, and executives from Nvidia, Google, Adobe, Zoom, and Stanford HAI. Chris Krebs publicly backed her analysis. Their central point lands hard: Fable's ability to find and explain flaws isn't unique. GPT-5.5, other US models with fewer guardrails, and foreign open-weight systems can all do the same. So the ban punishes one company while changing nothing for an actual attacker.

Ben Thompson's read

Ben Thompson (Stratechery, "Anthropic's Safety Superpower") looks past the safety framing to the incentives, and it's the sharpest take I've read. He opens with the obvious paradox: if Mythos is so dangerous, why ship Fable at all, and why fight the government over it?

His answer is that three business imperatives keep getting dressed up as safety. Economic: move closer to the user and replace software. Data: the new 30-day retention is "too valuable not to eventually train on." Power: the plan to silently degrade Fable for rival AI developers proves Anthropic's "capability and willingness to silently alter its models." His line sticks with me: every policy change that "happens to be great for business is the most beautiful coincidence in the world." His real worry isn't that Anthropic is lying. It's that it genuinely believes its own story while controlling something far more consequential than smartphones.

The bigger fight

This ban didn't appear out of nowhere. It's one front in a longer war.

• Anthropic spent months calling the Mythos class "too powerful to release," boasting that "Fable's capabilities exceed those of any model we've ever made generally available." Read that as hype if you like. Regulators read it as a reason to act.
• US Defence Secretary Pete Hegseth had already branded Anthropic a "supply chain risk," the first time a US company has publicly been hit with a label normally reserved for firms in adversarial countries.
• Anthropic is suing the Pentagon over that designation. A judge has already ruled the directive can't be enforced, so agencies can keep using Anthropic while the case plays out.
• Donald Trump has publicly criticized the company. So no, this didn't land in a vacuum.

What the community thinks

The dominant reaction online wasn't "good riddance." It was "you walked into this." The top Hacker News comment said it best: "When you spend a lot of time telling people how dangerous your products are, people who have the power to keep dangerous products off the market might listen."

Beyond that, three threads kept coming up:

• Export controls are theatre. As one commenter put it: "Export control is not an effective tool for controlling consumer-facing technology developers everywhere want to use (see: VPNs)."
• This hands China and the open-model labs a gift. "You can't be on your way to 'power over everything' and get distilled into free Chinese models within months."
• The trust damage is structural, not cosmetic. Sending your whole codebase to a model that might degrade outputs for "competitors," and that retains your data for 30 days with no opt-out, is a real risk. The retention policy alone "breaks enterprise trust messaging."

Why this matters (and why I care)

Here's the lesson I'm taking from all of this, and it has nothing to do with whether you like Anthropic.

Any dependency on a closed, US-hosted frontier model can be switched off overnight. By the vendor (Microsoft's internal block, the silent-degradation clause) or by a government (this directive). It hit Five Eyes allies. It hit Anthropic's own foreign-born employees. If your business runs on a model you can lose access to on a Friday afternoon, that's not a tool. That's a liability waiting to surface.

The EU said the quiet part out loud. Having only just gained Mythos access after weeks of talks, the European Commission said the episode underlined "Europe's need for technological sovereignty." Spokesman Thomas Regnier: "We take note of Anthropic's statement and are assessing." This lands right as the EU rolls out measures to cut its dependence on the US and Asia for key technologies, AI included. Sridhar Vembu (Zoho) put the broader point bluntly: "national sovereignty, national security, all of it is now about technology."

I strongly believe this is the cleanest case yet for Open source and open-weight models. Weights you can host can't be recalled, geofenced, silently nerfed, or forced to keep your data for a month. The FreeFable letter makes the argument almost by accident: the capability already exists everywhere, including in Chinese models, so gating one closed model accomplishes nothing except kneecapping the people who play by the rules.

At the end of the day, capability you can't be denied is worth more than slightly better benchmarks you can lose access to overnight. Own your stack. Run what you can locally. Treat every closed frontier model as a rental, never a foundation.

That's it for today! ✨

If you want more of this kind of analysis, I write about AI, Knowledge Management, and building durable systems every week in my newsletter: https://dsebastien.net/newsletter

References

• Anthropic statement: https://www.anthropic.com/news/fable-mythos-access
• Stratechery, Anthropic's Safety Superpower: https://stratechery.com/2026/anthropics-safety-superpower/
• Luta Security, the Fable 5 export controls harm US cyber defense: https://www.lutasecurity.com/post/the-fable-5-export-controls-harm-us-cyber-defense
• The Verge, Microsoft restricts Fable 5 internally: https://www.theverge.com/report/947575/microsoft-claude-fable-5-restricted-internally
• The Verge, Anthropic apologizes for stealthily throttling Fable 5 (distillation reversal)
• BBC News, Anthropic suspends new AI tools over US security concerns: https://www.bbc.com/news/articles/c932g3v3e13o
• Jon Ready, Fable 5 can sabotage your app if you're a competitor: https://jonready.com/blog/posts/claude-fable5-is-allowed-to-sabotage-your-app-if-youre-a-competitor.html
• Hacker News, statement on the US directive: https://news.ycombinator.com/item?id=48539078
• Hacker News, 30-day data retention: https://news.ycombinator.com/item?id=48511072
• Hacker News, Anthropic apologizes for invisible guardrails: https://news.ycombinator.com/item?id=48489229
• Hacker News, Safety Superpower discussion: https://news.ycombinator.com/item?id=48464258
• Archived coverage: https://archive.ph/y4V4k

Related

• Claude Fable 5
• Anthropic
• Claude
• Open source
• DeepSeek
• Large Language Models (LLMs)
• Prompt injection

About Sébastien

I'm Sébastien Dubois, and I'm on a mission to help knowledge workers escape information overload. After 20+ years in IT and seeing too many brilliant minds drowning in digital chaos, I've decided to help people build systems that actually work. Through the Knowii Community, my courses, products & services and my Website/Newsletter, I share practical and battle-tested systems.

I write about Knowledge Work, Personal Knowledge Management, Note-taking, Lifelong Learning, Personal Organization, Productivity, and more. I also craft lovely digital products and tools.

If you want to follow my work, then become a member and join our community.

Ready to get to the next level?

If you're tired of information overwhelm and ready to build a reliable knowledge system:

• 📚 KM for Beginners — 10+ hours of structured video lessons
• 🚀 Obsidian Starter Kit — Ready-made vault with 40+ templates
• 💼 Knowledge Worker Kit — Complete guides + lifetime community
• 🦉 1-on-1 Coaching — Personalized guidance
• 🎯 Join Knowii — Community + ALL courses & tools