Breaking: Anthropic Pulls Fable 5 and Mythos 5 After a US Government Directive

What happened, what Anthropic says, and the possibilities ahead. A developing story.

By Han HELOIR YAN, Ph.D. · June 13, 2026

Three days after Anthropic shipped the most capable model it has ever released to the public, the US government ordered it taken offline.

On June 12, 2026, Anthropic said it had received a federal export control directive to suspend access to its Fable 5 and Mythos 5 models for any foreign national, and that complying meant disabling both models for every customer. The company said it is following the order while disagreeing with it. Every other Anthropic model stays available. What follows is what is known so far, what Anthropic has said in its own words, and the range of things that could happen next. This is a developing story, accurate as of June 13, 2026.

Before we start!

πŸ¦ΈπŸ»β€β™€οΈ If this helps you ship better AI systems:

What we know so far

What happened

The timeline is the part that makes this unusual: a state of the art model went from launch to forced shutdown in seventy two hours.

Anthropic published Fable 5 and Mythos 5 on June 9, 2026, describing Fable 5 as the most capable model it had ever made generally available. Three days later, on the afternoon of June 12, the company said it received a directive from the US government, timestamped 5:21pm Eastern, instructing it to suspend all access to both models for any foreign national, whether inside or outside the United States, and explicitly including Anthropic's own foreign national employees.

According to Anthropic, the order was issued under national security authorities, and the letter did not spell out the specific concern behind it. News outlets including Bloomberg, CNBC and NBC reported that the directive came from the Commerce Department, and NBC reported that the letter was sent by Commerce Secretary Howard Lutnick.

The scope of the order created a practical problem. A rule that blocks every foreign national, staff included, is hard to enforce selectively, so Anthropic said it chose to disable Fable 5 and Mythos 5 for all customers rather than attempt partial compliance. The company stressed that access to all of its other models was not affected.

Several outlets described the move as apparently the first time a leading AI company has taken a publicly deployed model offline because of direct federal intervention. Whether or not that framing holds up as more details emerge, the sequence is striking. A model marketed days earlier as a new high water mark for capability was switched off for its entire user base within seventy two hours of launch.

Timeline from the June 9 launch to the June 12 directive and same day shutdown

A seventy two hour timeline: launch on June 9, directive received 5:21pm ET on June 12, both models disabled for all customers the same day. Created by Han HELOIR YAN.

What was actually pulled

Fable 5 and Mythos 5 are not two models. They are one model with two different safety wrappers.

To understand the order, it helps to know what these two products are. In its launch post, Anthropic described Mythos 5 as the same underlying model as Fable 5, with the safeguards lifted in some areas. A footnote in that post is explicit: the safeguards are what distinguish the two models, which is why they carry different names. The weights are shared. What customers experience differently is a control layer sitting in front of the model.

That control layer is a set of classifiers. Anthropic says that when Fable's classifiers detect a request related to cybersecurity, biology and chemistry, or model distillation, the response is handled by its next most capable model, Opus 4.8, instead of by Fable itself, and the user is told when this happens. By the company's own figures, more than 95% of Fable sessions involve no fallback at all, meaning that for the large majority of use the public model behaves effectively the same as the unrestricted one. Anthropic also said the safeguards were tuned conservatively and trigger, on average, in fewer than 5% of sessions, which it acknowledged would sometimes catch harmless requests.

Mythos 5 is the version with the cybersecurity safeguards removed. Anthropic restricted it to a small group of cyber defenders and infrastructure providers through Project Glasswing, a program it runs in collaboration with the US government, and described it as having the strongest cybersecurity capabilities of any model in the world. Fable 5, by contrast, was released broadly, priced at $10 per million input tokens and $50 per million output tokens, and positioned as state of the art across software engineering, knowledge work, vision and scientific research.

So when the directive forced both offline, it removed two things at once. It removed the public, wrapped model that most users could reach, and the restricted, unwrapped model used inside a government linked defender program. The shared foundation is why a single order reached both.

Diagram showing Fable 5 and Mythos 5 sharing the same weights, separated only by a classifier layer

Same weights, two wrappers: Fable routes flagged queries to Opus 4.8 through a classifier layer, while Mythos lifts the cyber safeguards for vetted defenders. Created by Han HELOIR YAN.

The stated reason

The government has not published its reasoning, and Anthropic says it has seen only a narrow, verbally described example.

On the question of why, the public record is thin and one sided, because the directive itself has not been released. Anthropic said its understanding is that the government believes it became aware of a method of bypassing, or jailbreaking, Fable 5. The company said it reviewed a demonstration of the technique and found that it surfaced a small number of previously known, minor vulnerabilities, and that other publicly available models can find the same issues without any bypass.

Anthropic characterized the technique narrowly. By its account, the potential jailbreak that was shared essentially amounts to asking the model to read a particular codebase and fix any software flaws it contains, a task that overlaps heavily with ordinary defensive security work. The company said that, to date, it had been given only verbal evidence of a narrow jailbreak, and that it had not received a disclosure of a concerning case that led to a harmful result.

Anthropic drew a distinction it had made at launch between two kinds of jailbreak. A universal jailbreak, in its framing, broadly unlocks the model's restricted capabilities, while a narrow one works only in limited circumstances or needs to be reworked for each new situation. The company said that no tester, across thousands of hours of red teaming with the US government, the UK AISI and outside organizations, had found a universal jailbreak, though it noted at launch that the UK AISI had made early progress toward one. Its position is that the example behind the directive falls in the narrow category.

None of this is independently confirmed, and the government's own account may differ. Anthropic said it would share more details within twenty four hours of its statement.

Anthropic's position

Anthropic is doing two things at once: complying fully, and saying plainly that it thinks the order is wrong.

The company's statement is unusually direct about the disagreement. Anthropic said it is removing access to both models to obey the legal directive, while arguing that the finding of a narrow potential jailbreak should not be grounds for recalling a commercial model deployed to hundreds of millions of people. If the same standard were applied across the industry, the company said, it believes it would effectively halt new model deployments for every frontier provider.

Anthropic tied the decision back to the safety approach it described at launch. It said perfect resistance to jailbreaks does not appear possible today for any provider, that every safeguard in the industry is vulnerable to narrow jailbreaks, and that universal ones are likely to be found eventually. Given that, the company said it had adopted what it calls a defense in depth strategy: make jailbreaks either narrow or expensive to produce, and pair that with monitoring to detect and shut down attacks. It pointed to its requirement that customer data on these models be retained for thirty days, a policy it said carries real cost with customers, as part of how it researches and mitigates new jailbreaks.

The company also reached for an industry comparison. It said it had reviewed the report it believes underlies the directive and concluded that the level of capability shown is widely available from other models, naming OpenAI's GPT-5.5, and is used daily by defenders who keep systems safe. It then placed the episode against its own stated policy position: that governments should be able to block unsafe deployments, but through a process that is transparent, fair, clear and grounded in technical facts. This action, Anthropic said, did not meet those principles. The statement closed with an apology to customers and a stated intention to restore access as soon as possible.

A grounded read of where this sits

Set the dispute aside and three plain facts remain, none of which require taking a side.

The first is about what was removed. Because Fable 5 and Mythos 5 share weights, the thing the order reached is, in large part, the safety wrapper and the access around the model rather than a separate model in each case. The raw capability did not change between the two products. The classifiers did. That is a structural observation, not a verdict on whether the order was justified.

The second is about the capability itself. Anthropic's claim that comparable ability is available elsewhere is checkable against the public record. OpenAI's published GPT-5.5 system card, dated April 23, 2026, treats the model as High capability in cybersecurity under its Preparedness Framework, reports a 93.33% pass rate on its internal end to end cyber range, and notes that the UK AISI identified a universal jailbreak of GPT-5.5's cyber safeguards that took six hours of expert red teaming to develop. The same document describes a layered safeguard stack, a fast topical classifier feeding a slower safety reasoner, alongside a Trusted Access for Cyber program for verified defenders. Those mechanisms rhyme closely with Anthropic's classifiers and with Project Glasswing. Noting the parallels is not the same as judging whether the directive was consistent. It simply shows that both the broad capability and the wrapper approach extend beyond a single company.

The third is about precedent. If the framing in several reports holds, this is the first time a publicly deployed frontier model in the United States has been pulled by government action. A first of its kind event tends to matter less for the single case than for the template it sets, and the template here is not yet visible, because the directive and its reasoning are not public. That is the honest limit of what can be said today.

A neutral comparison panel of what the public record shows about the cited capability and safeguard approaches

What the public record shows, side by side, without a verdict: shared weights, comparable cyber capability documented elsewhere, and similar wrapper plus trusted access designs across providers. Created by Han HELOIR YAN.

What could happen next

From here the story could move in several directions, and it would be a mistake to bet confidently on any of them.

One possibility is a quick reversal. Anthropic said it views the situation as a misunderstanding and is working to restore access, and it promised more detail within a day. If its disclosures persuade the government that the cited technique is narrow and widely matched elsewhere, access could return within days, and the episode becomes a footnote.

Another is a longer suspension. If the government treats the matter as warranting a formal review, Fable 5 and Mythos 5 could stay dark for weeks while the technical questions are worked through, with the commercial cost falling on Anthropic and its customers in the meantime.

A third is that the standard spreads. The capability Anthropic points to in GPT-5.5 suggests that, taken literally, a recall trigger based on a narrow cyber jailbreak would not stop at one company. Whether other providers receive similar directives, or quietly adjust their own releases in anticipation, is unknown, but it is the scenario with the widest reach.

A fourth is a process fight rather than a technical one. Anthropic has already framed the disagreement around how such blocks should be made, invoking its public position that government intervention should follow a transparent and fact grounded process. That disagreement could surface in policy debate, in formal channels, or in legal ones, independent of how the specific Fable question resolves.

A fifth is a quieter steady state. Fable 5 could remain unavailable to the general public for some time while Mythos class capability continues to reach a narrow set of vetted defenders through restricted programs, leaving the broad release paused without a dramatic resolution either way.

These are possibilities, not predictions. The facts that would let anyone choose among them, chiefly the contents of the directive and the government's technical reasoning, are not public as of this writing.

A branch diagram of five possible next paths, labeled as possibilities not a forecast

Five branches the story could take, from quick reversal to a spreading standard. These are possibilities, not a forecast. Created by Han HELOIR YAN.

Credits and further reading

This article reflects what was publicly known on June 13, 2026. The situation is moving, and Anthropic said it would publish further detail within twenty four hours of its statement. Claims about the government's reasoning come from Anthropic's account and from news reporting, not from the directive itself, which has not been released.