On Friday, June 12, at 5:21 PM Eastern time, the US Commerce Department sent a letter to Anthropic invoking an obscure export control directive. The demand was stark: block all non-Americans, including Anthropic’s own employees, from accessing the company’s most powerful AI models, Fable 5 and Mythos 5.
By that evening, Anthropic had pulled both models offline for every user worldwide. The ostensible reason was a “jailbreak” that could let attackers use the model for malicious purposes. But as the dust settles, a clearer picture has emerged: the ban was never really about an AI safety breach. It was driven by a complex tangle of political retaliation, corporate rivalry, and anxiety over China. It has already triggered an international crisis of confidence in American AI dominance.
The purported security threat that triggered the government’s order came from Amazon security researchers who discovered a way to bypass Fable 5’s guardrails. But Katie Moussouris, a cybersecurity veteran and founder of Luta Security who reviewed the researchers’ paper, described the finding in starkly different terms.
In a blog post published over the weekend, Moussouris explained that the researchers did not find a genuine jailbreak. They simply asked Fable 5 to “fix this code” after the model initially refused to “review the code for security issues.” The distinction is semantic; the end result is the same. As Moussouris put it, “The behavior described in the paper cannot meaningfully be fixed, and any attempt would only weaken the model for defense.”
The government did not provide written documentation of its concerns. According to Anthropic, the evidence was conveyed verbally. The enforcement letter itself has not been made public. The Wall Street Journal reported that Amazon CEO Andy Jassy had raised the researchers’ findings with Treasury Secretary Scott Bessent, which may have triggered the directive. But the Axios report on the matter cited sources describing “personality differences” between Anthropic and the Trump administration as a more significant driver than any technical issue with the model.
The episode echoes a cautionary chapter in US export control history. During the 2010s, language intended to restrict cybersecurity tools that could aid cyberattacks was written so broadly that it inadvertently nearly outlawed legitimate vulnerability research. Critics now warn that history is repeating itself, but with higher stakes and a much faster fuse.
A Global Sovereignty Wake-Up Call
The ban’s impact rippled far beyond Anthropic’s servers. The European Commission had published its Technological Sovereignty Package just nine days earlier, on June 3. The sudden shutdown of two of the world’s most advanced AI models by unilateral US action gave that document fresh urgency.
“We cannot rely on access that can be turned off by a foreign government overnight,” said Finnish MEP Aura Salla. Canadian Prime Minister Mark Carney framed the incident as a diversification lesson ahead of a major G7 discussion on AI. UK Minister Kanishka Narayan said the episode should drive investment in Britain’s own AI capabilities. And a French government official stated flatly: “Europe cannot settle for being an open market dependent on technologies designed, funded, and controlled elsewhere.”
The irony was not lost on observers. Dean Ball, a researcher at George Mason University, called the situation “simply cartoonish.” The US government was banning allied nations from accessing AI models while simultaneously exporting advanced AI chips to China.
Defenders Protest the Ban
Seventy-six cybersecurity experts signed an open letter at freefable.org demanding the government reverse the export control order. The signatories represent a who’s-who of the security industry: Alex Stamos, Facebook’s former chief security officer; Casey Ellis, founder of the bug bounty platform Bugcrowd; Jon Callas, a noted cryptographer and former Apple security executive; Paul Vixie, creator of the Berkeley Internet Name Domain (BIND); and Rachel Tobac, CEO of SocialProof Security.
Their letter argued that the ban helps adversaries, not defenders. The capability that triggered the shutdown is replicable on other models, including OpenAI’s GPT-5.5, Anthropic’s own Claude Opus 4.8 and Sonnet, and China’s Kimi 2.7. None of those initially refuse the same straightforward “fix this code” request. Banning Fable 5 only denies defenders access to one of the most capable cybersecurity tools available, while adversaries can use any of the alternatives.
“To pull the best capabilities away from defenders without a good reason when our adversaries are rapidly advancing is dangerous,” the letter stated.
The Great Contradiction
The US government’s directive exposed a fundamental contradiction. Anthropic had already restricted Fable 5’s guardrails so tightly that nearly all legitimate cybersecurity prompts were blocked. Mythos 5, the more powerful version, was available only to approximately 150 organizations in 15 countries through a program Anthropic called Project Glasswing. And the Pentagon had designated Anthropic a “Supply-Chain Risk to National Security” months earlier, after the company refused to allow its technology to be used for mass surveillance or autonomous weapons.
Yet the same government now demanded that Anthropic restrict access even further, effectively punishing a company for building the most effective defensive AI tool in existence. It sent a global message that American AI cannot be relied upon.
White House AI advisor David Sacks offered a public off-ramp, posting on X that “the ball is in Anthropic’s court” to patch the alleged vulnerability and restore access. But doing so may be impossible for a capability that, as Moussouris argued, “cannot meaningfully be fixed” without neutering the model’s defensive value.
Anthropic has sued to reverse the blacklisting, warning of “hundreds of millions of dollars” in revenue losses. The company said Fable 5 had been deployed to hundreds of millions of people. Many of its own researchers, who are foreign-born, found themselves locked out of their own products.
The episode leaves a stark question for the industry and its customers worldwide: if the US government can shut down a leading AI company’s flagship products based on an unverified, verbally described “jailbreak” slipped through by a corporate rival, no American AI company can offer reliable access guarantees. That uncertainty may prove more damaging to US AI leadership than any single export control order.
Sources: TechCrunch (June 15); TechCrunch (June 15); AI News (June 15); The Verge (June 16); Axios (June 15); Wall Street Journal (June 13); Semafor (June 15)