At 5:21 p.m. Eastern on June 12, Anthropic says, a government directive arrived with an instruction broad enough to turn two of the company's most capable AI models into forbidden tools for much of the world.
By that evening, the company had begun removing access to Claude Fable 5 and Claude Mythos 5 for all users. Not just overseas users. Not just new accounts. Everyone. The order, as Anthropic described it, barred access by any foreign national, whether inside or outside the United States, including the company's own foreign-national employees.
That scope made selective compliance hard to imagine. Citizenship is not a field most consumer software platforms can verify at the speed of an emergency order. Anthropic's answer was blunt: take both models down globally and keep the rest of Claude running.
This was not a routine outage. It was a collision between frontier AI deployment and national-security power, arriving days after Anthropic had presented Fable 5 as its first broadly available Mythos-class model.
The Letter Behind the Shutdown
Anthropic said the U.S. government cited national-security authorities and issued the order as an export-control directive. The company said the letter did not provide specific details of the government's concern. Anthropic's understanding was that officials believed they had learned of a method for bypassing, or jailbreaking, Fable 5's safeguards.
The company disputed the force of that reasoning. In its statement, Anthropic said it had reviewed a demonstration of the technique and concluded that it surfaced a small number of previously known, minor vulnerabilities, the kind that other public models could also identify without the same bypass. The government, the company said, had provided only verbal evidence of a narrow, non-universal jailbreak.
The distinction matters. A universal jailbreak would be a key that opens the system's safeguards broadly. A narrow one is something smaller, tied to particular tasks or prompts. Anthropic's argument is that if the latter becomes enough to recall a commercial model, the standard could freeze frontier releases across the industry.
The question is no longer only whether an AI model can be made safe enough to ship. It is who gets to decide when "safe enough" is no longer enough.
Three Days in the Open
Fable 5 had launched on June 9. Anthropic described it as a safer public version of the same underlying model behind Mythos 5, with added safeguards for areas such as cybersecurity, biology, chemistry and model distillation. When Fable detected certain sensitive requests, Anthropic said, it would route the response to Claude Opus 4.8 instead.
Mythos 5 was different. It was meant for a smaller group, including cyberdefenders and critical-infrastructure partners, with some safeguards lifted in controlled settings. Both models sat above the company's Opus class in capability, according to Anthropic's launch materials.
That capability is what made the launch notable. It also made the shutdown possible. Fable 5 was not just another chatbot option in a model picker. Anthropic said it had stronger performance on long-horizon software engineering, scientific reasoning, vision and other complex tasks than any model it had generally released before. It also warned at launch that models at that level carried meaningful dual-use risk.
Then came the directive.
The Safety Fight Moves Into Public View
For years, AI companies have said they can police powerful systems through layered safeguards: classifiers, red-team testing, restricted access, monitoring and data-retention policies. Anthropic leaned into that argument with Fable 5. It said it had spent thousands of hours testing the model with government, outside groups and internal teams. It also required 30-day retention for traffic on Mythos-class systems so it could detect and study attacks.
The government order challenges that bargain. It suggests that even if a company believes its risk controls are proportionate, a federal agency may still decide that a model's capabilities are too sensitive to remain broadly available. In this case, the trigger appears to have been not the base model itself, but a claimed way around its guardrails.
Anthropic did not refuse. It complied. Yet its public statement was unusually direct in its disagreement. The company said it supports a government role in blocking unsafe AI deployments, but argued that such a process should be transparent, fair, clear and grounded in technical facts. It said this action did not meet that standard.
Citizenship as a Software Boundary
The most unusual part of the directive, as Anthropic described it, was the access boundary. It did not simply target countries outside the United States. It targeted foreign nationals everywhere.
That framing turns AI access into something closer to export-controlled hardware, defense technology or certain scientific tools. The user may be sitting in California, London or Bangalore. Under the directive Anthropic described, the relevant question would be nationality.
For software platforms built around global accounts, that is a difficult line to enforce. It also raises a larger policy problem. If frontier AI systems become strategic technologies, governments may increasingly try to control them not only by geography, but by who is allowed to touch them.
Businesses that moved quickly to test Fable 5 now face a more practical issue. Existing Fable sessions can fail. API calls must move elsewhere. BleepingComputer reported that Anthropic's developer notice told integrators to migrate to other Claude models. The rest of Claude remained available, including Opus 4.8, but the model that had drawn attention that week was gone from use.
A Precedent With Edges
The directive lands in an unsettled space. Export controls have long shaped semiconductor supply chains. AI model access is newer terrain. Unlike a chip, a model can be copied, served, restricted, patched, logged and withdrawn at software speed. That makes controls faster to impose, but also harder to define cleanly.
Anthropic's statement leaves important questions unanswered because the directive itself has not been published alongside the company's account. What agency issued it? What evidence did officials review? What threshold did they apply? What would count as remediation? How quickly can access return?
As of June 15, Anthropic's own launch page still carried an update saying access to Claude Fable 5 and Claude Mythos 5 was unavailable and that the company was working to restore access as soon as possible. That may change quickly. The precedent will last longer.
AI companies have often asked policymakers for clear rules. Here, at least from the company's telling, a rule arrived as a sudden command. It shut down two models, unsettled customers and exposed a gap between technical safety claims and state power.
Fable 5 did not go dark because demand faded. It went dark because a government decided that access itself had become a security question. For frontier AI, that may be the new terrain.
