A sudden shutdown of Anthropic’s most powerful models
Just days after launching Fable 5, Anthropic was forced to abruptly disable access to both Fable 5 and its even more capable twin, Mythos 5, following a US government export control directive citing national security concerns.
The order requires Anthropic to suspend access for any foreign national, “whether inside or outside the United States,” which in practice pushed the company to turn both models off for all customers worldwide to stay compliant.
Access to Anthropic’s other Claude models remains unchanged, but the action effectively pulled the plug on its most advanced frontier systems and immediately disrupted developers, enterprises, and researchers who had started to integrate Fable 5 into their workflows.
From launch hype to offline in a matter of days
Fable 5 was introduced as a safety-tuned, public-facing sibling of Mythos 5, designed to offer state-of-the-art capabilities with stronger guardrails around sensitive domains such as cybersecurity and biology.
Mythos 5, by contrast, was positioned as a more powerful model reserved for tightly vetted use cases, including government and critical-infrastructure defenders, because of its heightened potential impact in offensive security contexts.
Within roughly 48 hours of Fable 5’s public release, however, AI red-teamer “Pliny the Liberator” claimed to have bypassed its safety layer, triggering a wave of attention around possible “jailbreaks” of Anthropic’s flagship model.
Just a few days later, on June 12, the US government issued the export control directive that led Anthropic to take both Fable 5 and Mythos 5 offline globally.
The jailbreak claim at the center of the storm
According to public write-ups and posts, Pliny the Liberator says he “liberated” Fable 5 by combining several known jailbreak techniques into a coordinated, multi-step attack.
These techniques reportedly include:
- Unicode and homoglyph tricks to slip past keyword filters.
- Long-context framing to spread intent across a large conversation.
- Narrative or academic-style prompts that disguise harmful requests as research or fiction.
The most effective approach, by his account, was decomposition and recomposition: breaking a dangerous request into many seemingly benign subtasks and then stitching the answers back together into something more operationally useful.
Pliny also claims to have leaked Fable 5’s very long internal system prompt—on the order of tens of thousands of characters—to GitHub, exposing Anthropic’s internal safety and behavior instructions for the model.
Screenshots shared by the researcher show Fable 5 allegedly producing detailed guidance on topics such as stack-based buffer overflow exploits for x86 Linux and classical chemistry pathways, although Anthropic disputes that these examples demonstrate meaningful uplift beyond what’s already publicly available.
Anthropic’s pushback and the US government’s stance
Anthropic says it was informed verbally of a “potential narrow, non-universal jailbreak” that appears to revolve around having Fable 5 review a specific codebase and identify software flaws.
In its public statement, the company stresses that it has not been shown any jailbreak that clearly led to real-world harmful outcomes and argues that similar capabilities exist in other widely accessible AI models today.
The US government, under President Donald Trump, is framing the move as an export-control action grounded in national security law, effectively treating advanced foundation models like sensitive dual-use technologies.
A letter from Commerce Secretary Howard Lutnick to Anthropic CEO Dario Amodei reportedly placed Fable 5 and Mythos 5 under export restrictions, prohibiting their use by foreign nationals and foreign entities, even within the United States.
Anthropic warns that if this standard—pausing deployment over a narrow, contested jailbreak—were applied equally across the industry, it would effectively halt many new releases from all frontier model providers.
At the same time, the company says it is complying with the directive while working with regulators to clarify the technical details and restore access as soon as possible.
Why this matters for developers, teams, and AI roadmaps
For teams building on top of frontier models, this episode is a wake-up call: the biggest risk in your AI stack might not be a model bug, but a regulatory switch you do not control.
Developers who had already started experimenting with Fable 5 for coding copilots, autonomous agents, or security tooling suddenly found their most powerful endpoint unavailable overnight, with no immediate replacement at the same capability level.
There are several practical lessons here:
- Vendor and regulatory risk are now first-class architecture concerns. Building mission-critical systems on a single frontier model, in a single jurisdiction, is increasingly risky.
- Multi-provider and multi-model strategies matter. Having fallbacks across different vendors—and, when possible, self-hosted or open-weight models—reduces the blast radius of political or policy shocks.
- Security and safety posture will influence access. Governments are watching jailbreak research closely, and models used in cybersecurity or sensitive domains may face stricter controls, licensing, or audit requirements.
For agencies and product teams, this also changes how you talk to clients about AI roadmaps: resilience, governance, and compliance are now selling points, not only raw model IQ.
What might come next
Anthropic has called the situation a misunderstanding and has signaled that it plans to publish more technical detail about the alleged jailbreak and its safeguards.
Depending on how those discussions evolve, we could see anything from a rapid restoration of access with additional conditions, to a longer-term regime where only certain vetted organizations can use top-tier models like Mythos-class systems.
More broadly, this incident shows how quickly access to powerful AI can shift from “available to everyone with an API key” to “treated like controlled defense technology,” especially when models touch cybersecurity and dual-use capabilities.
For now, it is a strong signal to every AI-driven business to design architectures, SLAs, and risk models assuming that frontend access to specific models can be revoked at short notice by policy, not just by technical outages.
