For 18 days in June, Anthropic’s most capable public model was unavailable to anyone outside the United States, not because of a technical problem, but by order of the US Department of Commerce. That freeze ended July 1, when access was restored globally. The timeline is worth walking through in full, because it’s one of the clearer recent examples of a frontier AI model getting caught directly in national security policy rather than product decisions.
How it started
Anthropic released Claude Fable 5 on June 9, built with strong safeguards for general use, alongside Claude Mythos 5, a variant with fewer safeguards limited to trusted cybersecurity partners. Three days later, on June 12, the US government — citing national security authorities — issued an export control directive ordering Anthropic to suspend all access to both models by any foreign national, whether inside or outside the United States, including Anthropic’s own foreign-national employees (Anthropic on X). Because the order took effect immediately and Anthropic had no reliable way to verify a user’s nationality in real time, the company suspended access for everyone, not just the specific population the order named.
The government’s stated concern centered on a jailbreak vulnerability. White House adviser David Sacks said publicly that Anthropic had declined to fix the issue; Anthropic disputed that characterization, describing the finding as a narrow potential vulnerability rather than a broad failure, and said it moved to address it as soon as it was reported (CNBC). Whichever framing is more accurate, the practical effect was immediate: a US frontier model went dark for every user outside the country, mid-product-cycle, on national security grounds rather than a service outage or a company decision.
What the vulnerability actually was
Worth being specific here rather than leaving it as “a jailbreak,” since the details are more mundane than the geopolitical fallout suggests. Amazon researchers found that Fable 5 could be prompted to identify software vulnerabilities in a codebase and, in at least one case, produce code demonstrating how that vulnerability could actually be exploited (Redeploying Claude Fable 5 — Anthropic). That’s a real safety-relevant finding — offensive security capability is exactly the kind of thing frontier-model safety testing is supposed to catch.
Anthropic’s counter-argument, though, is the part that complicates the “Anthropic dragged its feet” framing: the company said its own testing confirmed that several less-capable models could identify the same vulnerabilities Fable 5 did, and every model tested could produce the same exploit demonstration once asked. The exploited path involved borderline safeguard cases tied to routine defensive security work, not a capability unique to Mythos-tier models. In other words, this wasn’t a capability unique to Fable 5 that made it uniquely dangerous — it was a capability already present across the current frontier-model tier generally, that happened to get flagged on Fable 5 specifically.
How it was resolved
Anthropic’s fix was a new cybersecurity classifier that blocks the specific technique described in the Amazon report in over 99% of attempts; users who trigger it are notified and redirected to Claude Opus 4.8. Anthropic also says it doubled its safety research staff ahead of the launch and built “defense in depth” — multiple overlapping safeguard layers rather than a single filter — into the response.
That fix, plus two weeks of direct review between Anthropic and Commerce, led to resolution on June 30: the Bureau of Industry and Security withdrew the export controls on both models. Commerce Secretary Howard Lutnick said Anthropic had agreed to proactively detect and address security risks in its models, work with the government on standards for future releases, and report malicious activity, in exchange for no longer needing an export license (Forbes). Anthropic confirmed the news itself the same day and began restoring access the next morning (Anthropic on X). Fable 5 returned globally on July 1 across Claude.ai, the API, Claude Code, and Claude Cowork — with paid-plan users capped at 50% of normal weekly usage limits through July 7 before the service transitioned back to standard usage-based limits — alongside partial restoration of Mythos 5 access for approved US organizations.
| Date | Event |
|---|---|
| June 9 | Fable 5 and Mythos 5 launch |
| June 12 | Commerce issues export control directive; Anthropic suspends all foreign-national access globally |
| June 26 | Mythos 5 access separately approved for select US organizations |
| June 30 | BIS withdraws export controls; Anthropic confirms restoration begins |
| July 1 | Fable 5 back globally; Mythos 5 partially restored for approved US orgs |
The part that outlasts this specific incident
The single-vulnerability framing is almost beside the point. What this episode demonstrates is that a frontier model’s availability can now be suspended by government order on short notice, for reasons entirely separate from the company’s own release and safety decisions, and restored just as unilaterally once a dispute is resolved behind closed doors. That’s a new and material kind of platform risk for anyone building a product on top of a frontier model API: it sits alongside the usual risks of pricing changes, deprecations, and rate limits, and it isn’t something any individual company using the API has any visibility into or control over.
It’s also the same dynamic playing out on the other side of this story: within days of the suspension directive, Chinese lab Zhipu (Z.ai) released its own frontier-competitive model, GLM-5.2, with open weights and no export restrictions at all — a contrast worth reading in full in our separate coverage.


