The US government switched off Anthropic’s most powerful model 3 days after launch
Inside the Fable 5 and Mythos 5 suspension, both sides of the jailbreak fight, the Amazon twist few saw coming, and the precedent every AI builder should track
On Friday June 12, around 5:21pm ET, Anthropic received a letter from Commerce Secretary Howard Lutnick. By roughly 10pm, its most capable public model was gone. Anthropic switched off Fable 5 and Mythos 5 for every customer worldwide, including on AWS Bedrock, and began refunding users who paid for a product that lived three days.
This marks the first time a leading AI lab has pulled a publicly deployed frontier model because the federal government told it to. Every other Anthropic model, including Claude Opus 4.8, stayed live. Both sides now fight in public, and the details cut in directions that embarrass almost everyone involved.
Here is what happened, what each side claims, and why the precedent matters far more than the incident.
The timeline, straight
June 9. Anthropic launches Fable 5, the first public release from its top-tier Mythos family, with safeguards built to make Mythos-level capability safe for broad use, alongside Mythos 5 for select enterprise partners. Both build on Claude Mythos Preview, the model held back in April under a cybersecurity program called Project Glasswing.
June 10. CEO Dario Amodei publishes a policy essay arguing that governments should hold legal authority to block or reverse the release of frontier models that fail independent safety testing, comparing it to the FAA grounding unsafe aircraft.
Around June 11. Amazon, one of Anthropic’s largest investors, calls administration officials to share a report claiming its researchers jailbroke Fable and reached portions of Mythos that pose a national security risk, according to Axios. The Information reported that Amazon CEO Andy Jassy was among the tech leaders raising concerns to senior officials that week.
June 12, 5:21pm ET. Lutnick’s letter imposes export controls on Mythos 5 and Fable 5 for any location outside the US and any foreign national inside it, including Anthropic’s own non-citizen staff.
June 12, ~10pm ET. Faced with a directive that reached its foreign-born employees, Anthropic switches off both models for all users and posts its statement.
The business and investing stakes here run high, and the Claude and Anthropic library tracks the company’s policy posture across the year for context, including its path to a $1 trillion valuation and the moment it passed OpenAI on revenue.
What the government and its allies say
White House AI czar David Sacks laid out the administration’s version in a public post. His framing, paraphrased: Fable is Mythos with guardrails, so a guardrail failure exposes advanced cyber capability to people who should stay far away from it. A trusted partner testing Fable surfaced a jailbreak, the administration asked Amodei to fix it or pull the model, and in Sacks’s telling Amodei declined, so the export control followed reluctantly. Sacks argues the ball now sits in Anthropic’s court and that remediation would lift the controls quickly.
An administration official told Axios the Commerce Department acted after another company claimed it could jailbreak Mythos, and that the government had earlier tried and failed to get Anthropic to pause the release. Sacks also leaned on a pointed irony: Anthropic itself promoted Mythos as something close to a cyberweapon that warranted regulation, so a vulnerability in its consumer wrapper becomes, by Anthropic’s own standard, the company’s job to patch.
What Anthropic says
Anthropic’s statement tells a different story. The company says the letter withheld the specific national security concern, and that its understanding is the government learned of a jailbreak method. Anthropic reviewed a demonstration and characterized it as narrow and non-universal, essentially asking the model to read a specific codebase and fix software flaws, a capability it says ships in other public models including OpenAI’s GPT-5.5 and runs every day in the hands of the defenders who keep systems safe.
The company’s core arguments:
▫️ Testers so far have surfaced only narrow, non-universal bypasses, while the universal kind that broadly unlocks dangerous cyber capability stays unseen
▫️ It runs a defense-in-depth strategy, including 30-day data retention to detect and shut down attacks fast, a policy it says carries genuine commercial cost
▫️ Recalling a model over a narrow finding sets a precedent that, applied industry-wide, would freeze frontier deployments across every lab
▫️ It is complying while disputing the basis, calling the action a misunderstanding and working to restore access
Anthropic officials told Axios they walked the administration through how the alleged Amazon jailbreak was simple, reproducible on other models, and consistent with healthy safety systems. Both accounts agree a narrow technique was demonstrated. They split completely on what it means.
The irony everyone noticed
The framing that spread fastest, including a TechCrunch headline arguing Anthropic’s safety warnings may have backfired, writes itself. Anthropic spent years as the safety-first lab calling for government oversight of powerful models. Amodei published an essay days earlier requesting exactly the authority the government then used on his own flagship. Critics also seized on the 30-day retention policy, casting the safety-first company as one that now logs every prompt and output to a Mythos-class model.
Anthropic’s defenders read it the opposite way: the company asked for a transparent, fair, fact-grounded statutory process, and argues this directive, delivered by letter with the evidence sealed and the harmful result still undisclosed, departs from every one of those principles. Both readings stay live, and which one lands depends largely on how serious you judge the jailbreak to be, which is the part the public still waits to see.
The precedent every builder should track
Strip away the personalities and one question remains: should a government be able to switch off a commercially deployed model on a few hours’ notice, by letter, while the evidence stays sealed? This episode is the first working example of model-layer regulation in practice, and it rewards seeing clearly from both sides.
The case for it runs straight. A frontier model with advanced cyber capability is a national security asset, the government holds a legitimate interest in who can reach it, and a lab that markets its model as dangerous invites the state to treat it as dangerous. When independent testers surface a bypass, pausing the model while it gets patched reads as a reasonable precaution.
The case against it is the one Box CEO Aaron Levie made publicly, and it is the deeper structural worry. Regulating at the model layer hands the government sole discretion over when a model reaches the public, based on risk judgments that stay inherently subjective. Every release becomes a months-long negotiation over what a model can do and how dangerous that is, which produces a backlog, slows the market, and starts to make AI look like any other heavily gated industry. Levie’s sharpest line: had this paradigm existed three years ago, we might still sit near GPT-4. His proposed alternative is to regulate the applied use of AI in cyberattacks, fraud, and biosecurity, leaving the model itself free to ship.
The disagreement reaches past Fable. It is about whether the kill switch belongs at the model or at the use. This week was the first live test, and everyone walked away still arguing.
The AI tools and models library and the Claude and Anthropic library both track how this regulatory question keeps reshaping the release calendar.
The Amazon question
The strangest thread is the trigger. Amazon ranks among Anthropic’s largest investors and a major customer, having poured billions into the company and sold Claude across its cloud. Yet by the reporting, Amazon’s own researchers produced the report that set the takedown in motion, and Andy Jassy carried concerns to the administration.
Why would a major investor strike a blow this disruptive against a company it owns a large stake in? Three readings circulate, each still unconfirmed:
▫️ Genuine safety concern, where Amazon researchers found something alarming and escalated it through the channels available
▫️ Competitive positioning, where a backer with its own model ambitions gains from a rival flagship sitting grounded
▫️ Hedging a complicated relationship, where Amazon balances its Anthropic stake against its government and enterprise commitments
The honest answer is that outsiders still lack the evidence to tell which it is, and the venture dynamics around the big labs make all three plausible at once. The investor list of lists and the biggest VC-backed startups show how tangled the cap tables behind frontier AI have become.
The dual-use paradox at the center of it
Here is the technical knot that makes this hard to resolve cleanly. The capability in dispute, a model reading a codebase and finding or fixing software flaws, is exactly what you want on the defensive side of cybersecurity. The same skill that helps an attacker find a vulnerability helps a defender close it, and defenders run this work daily. By Anthropic’s account, and by Levie’s, the capability already ships broadly across current models.
That is why “is this a cyberweapon” resists a clean verdict either way. A frontier model is dual-use by design, and a rule that grounds any model capable of finding a software flaw would ground most of them. The disagreement between Anthropic and the administration is partly about severity and partly about this deeper question of whether dual-use capability can be governed at the model level while the field keeps moving. The SaaS defense playbook covers how defenders actually put these capabilities to work in production.
The three paths back to release
Anthropic says it is working to restore access. Realistically, Fable returns through one of three doors:
Government reversal. Anthropic demonstrates the jailbreak is narrow and reproducible elsewhere, the administration accepts the technical case, and the controls lift. Sacks has signaled this is the outcome the administration wants, which makes it the fastest path once the technical facts land.
Negotiated remediation. Anthropic ships a patch and extra safeguards, both sides claim a win, and the model returns with tighter controls. This reads as the likeliest middle path given the prior friction between the two.
Court order. Anthropic, already in litigation with the administration over a separate supply chain risk designation, escalates legally. Slower, and it hardens the conflict rather than settling it.
The backdrop matters here. In February, the administration directed federal agencies to stop using Anthropic’s technology after the company objected to certain defense uses, the DOD later labeled Anthropic a supply chain risk, and Anthropic sued. Sacks insists this week’s action runs separate from that history. Others read one continuous conflict. The truth likely sits in between, and the Dario Amodei safety thesis is now colliding with the politics it helped invite, an arc the Davos zeroth-world essay foreshadowed.
What this means for you
Set aside who is right. Three durable lessons hold whichever way the fight ends.
For builders. Treat single-model dependence as a live risk you design around. A model you built a product on can vanish overnight for reasons that trace to forces beyond your control. Design for multi-model resilience: an abstraction layer, a tested fallback to another provider, and an honest answer to “what happens to my product the night this specific model goes dark.” The AI coding tools guide and the power-user setup both cover building across providers.
For investors. Regulatory action now prices in at the frontier as a base case rather than a tail. A model’s release calendar, and therefore a lab’s revenue, can hinge on a letter. That reshapes how you underwrite the frontier labs and lifts the value of companies positioned one layer up from the raw model. The Coatue AI report and the venture map at VC Corner help size where that risk sits, and Mark Cuban’s track record on calling these moments early is worth a read.
For operators. The public, direct-to-audience nature of this fight is the new normal. As Anthony Pompliano observed, both sides skipped the press and posted their own versions, leaving citizens to judge. Read the primary statements, weight the partisan accounts accordingly, and assume every party argues its own book.
While Washington argues, build the leverage
The policy fight will run for weeks. The leverage sits in wielding Claude deeply enough that any single model’s fate matters less to your output. Here is where to go deeper, all in one place:
▫️ Loop engineering for designing the system that prompts your agent for you, in the loop engineering playbook
▫️ The one-person company that runs like a 30-person team, in the one-person startup operating system
▫️ Background automations that run while you sleep, in the Codex background workflows playbook
▫️ The six patterns Anthropic engineers use in the Claude Code dynamic workflows guide
▫️ The Claude Code system that replaces your dev loop, in the full system breakdown
▫️ A five-agent sales team you assemble in a weekend, in the build guide
▫️ A second brain on Claude with Obsidian and the Granola MCP stack
▫️ Your own stock analyst in 12 prompts, in the Claude stock analyst build
▫️ The power-user playbook in Claude best practices and managed agents
▫️ The complete skills library in the Claude Skills startup marketing library and the Claude Skills complete guide
What to watch next
▫️ Anthropic’s promised technical detail, and whether it convincingly shows the jailbreak reproduces widely
▫️ The administration’s evidence, since the sealed specifics sit at the heart of Anthropic’s complaint
▫️ Amazon’s explanation, if any arrives, for triggering an action against a company it heavily backs
▫️ The restoration timeline, and which of the three paths it travels
▫️ Whether other governments copy the move, since a US precedent for model-layer control invites imitation abroad
TL;DR
The US government ordered Anthropic to suspend Fable 5 and Mythos 5 three days after launch, over a jailbreak the administration calls a national security risk and Anthropic calls narrow and widely reproducible. Amazon, a major Anthropic investor, appears to have triggered it. The deeper fight is about model-layer regulation, where the government gates releases directly, and whether that freezes the field or protects it. For builders, the lesson is multi-model resilience plus deep Claude leverage. For investors, regulatory risk now prices in at the frontier. The evidence the public can verify stays thin, so weight every account, including this one, by who gains from it.
Keep reading
Anthropic, Claude, and the policy fight
▫️ Claude and Anthropic library
▫️ Anthropic’s $1 trillion valuation breakdown
▫️ Anthropic passed OpenAI at $30B ARR
▫️ Dario Amodei’s zeroth-world thesis from Davos
▫️ Dario Amodei on safe AI and AGI
▫️ The Claude Code source code leak
Build with Claude while the policy plays out
▫️ Loop engineering for coding agents
▫️ The one-person startup operating system
▫️ Codex background workflows: 10 automations
▫️ Claude Code dynamic workflows: 6 patterns
▫️ The Claude Code system that replaces your dev loop
▫️ Build a five-agent sales team in a weekend
▫️ Obsidian and Claude second brain playbook
▫️ Granola and Claude second brain MCP stack
▫️ Build your own stock analyst with Claude
▫️ Claude best practices power-user guide
▫️ Claude managed agents guide
▫️ Claude Skills startup marketing library
▫️ Claude Skills complete guide
▫️ How to use Claude like the top 1% of users
The capability, security, and market side
▫️ AI Tools and Models library
▫️ SaaS defense playbook for the AI era
▫️ AI coding tools complete guide
▫️ MIT on how ChatGPT is designed to hook you
▫️ Mark Cuban has been right every time
▫️ Business and Investing library