On Friday afternoon I had a clear weekend planned and a new model to build with. By Saturday morning Fable 5 was gone, and not just for me. Anthropic had disabled Fable 5 and its larger sibling Mythos 5 for every customer on the planet, after the US government handed it an export control order it could not work around. The official line is national security and a jailbreak. The more I have read over the weekend, the more the jailbreak looks like the smallest part of this.
What actually happened
Anthropic's own statement is worth reading before anyone's hot take, including mine. On 12 June it received a directive from the US government, citing national security, that suspended access to Fable 5 and Mythos 5 for "any foreign national, whether inside or outside the United States, including foreign national Anthropic employees." Read that again. The order did not name a list of sanctioned countries. It barred every non-US citizen, which takes in Anthropic's own engineers and developers like me here in the UK.
Anthropic cannot reliably tell, in real time, who is a foreign national and who is not. So it had one way to comply, and it took it. Both models went dark for everyone, while Opus, Sonnet and the rest of the range carried on as normal. The company says the letter arrived at 5:21pm Eastern and gave no specific detail of the national security concern behind it.
The jailbreak everyone is arguing about
The trigger appears to be a jailbreak, and here the accounts diverge. Researchers at Amazon found a way to prompt Fable 5 into producing instructions useful for cyberattacks, and Amazon's chief executive Andy Jassy reportedly took it straight to the White House rather than only to Anthropic. Around the same time, the well known red-teamer who goes by Pliny the Liberator published his own very public jailbreak on X. So there is a private report that reached government, and a public stunt, running side by side.
Anthropic's response is unusually blunt for a company in a regulatory corner. It says the technique amounts to asking the model to read a specific codebase and fix the software flaws it finds, that the vulnerabilities are minor and already known, and that other public models do the same thing without anyone reaching for an export ban. It names OpenAI's GPT-5.5 directly. It points out that Fable was red-teamed for thousands of hours before launch, alongside the US government, the UK's Ai Safety Institute and outside specialists, and that no universal jailbreak has been found. Its position is that a narrow flaw is being treated as a five-alarm fire.
The government sees it very differently. David Sacks, the White House Ai and Crypto Czar, said the order was issued reluctantly, and only after Dario Amodei refused either to patch the flaw or to take the model down. He went further and accused Anthropic of putting its consumer product ahead of the safety positions it preaches in public. Anthropic disputes that account. Reporting from Semafor adds another layer, linking the move to worries inside the White House about Chinese access to Mythos. Whichever version you find most convincing, the gap between "minor, widely available flaw" and "national security emergency" is enormous, and that gap is the entire argument.
Why Amodei was always going to clash with Washington
To understand why this became a standoff rather than a quiet patch, you have to look at the man running Anthropic. Dario Amodei has spent years writing in public about how he thinks Ai should and should not be used. In "Machines of Loving Grace" in 2024 he set out an almost utopian case for the technology, curing disease and compressing decades of scientific progress into a few years. In January this year he followed it with "The Adolescence of Technology", a much darker essay arguing that powerful Ai is now a serious national security matter, with real risks to security, to economies and to democracy. This is not a man who treats these questions lightly, and he has drawn lines he will not cross.
Those lines were already causing friction long before the weekend. In March the Pentagon designated Anthropic a "supply chain risk", the first time a US company has been labelled that way under a procurement rule built to keep foreign sabotage out of military systems. The dispute underneath it was about use. Anthropic wanted assurances that Claude would not be turned to fully autonomous weapons or domestic mass surveillance, and the Department of Defense wanted unrestricted access. Anthropic sued the administration, and the cases have gone both ways in court. This is not a company and a government having a one-off misunderstanding. It is a relationship that has been fracturing in slow motion for months, and Fable 5 is where it broke into the open.
What this means if you build on Ai
For those of us who build on these models rather than make them, the precedent is the thing to watch. A live, commercial model used by hundreds of millions of people was pulled worldwide over a flaw its maker says is narrow, disputed and freely available elsewhere. If that becomes the standard, every frontier provider has to assume any new model can be switched off at short notice over a contested security claim. Anthropic itself warns that applying this bar across the industry would essentially halt new model deployments. I think they are right to be worried, and so should anyone whose product leans on a model staying online.
For a long time the risks of building on someone else's model felt technical and commercial. Rate limits, context windows, price changes, the occasional outage. This weekend added a different category to the list. A model can now vanish because of where your users hold their passports, or because of an argument between a lab and a government that you have no part in. That is not something you can engineer around in your codebase. It is a governance and resilience question, and it belongs in your planning rather than in the small print.
None of this calls for panic. It calls for a simple discipline, which is to stop treating any single model as load-bearing. Keep your prompts, your data and your evaluations portable across providers, so that losing one model is an inconvenience and not an outage. Know which provider each part of your product depends on, and what your fallback is if it goes dark on a Friday afternoon. This is the same thing I push with clients for every other dependency in a business, and it turns out frontier Ai is no different. I spent the weekend carrying on with Opus 4.8, which rather made the point for me. The work continued because there was somewhere else to go.
The question underneath all of this
Strip away the jailbreak and the politics and one question is left standing. Who decides when a frontier model is allowed to be online, the company that built it and holds its own red lines, or the government that can reach for an export rule and pull the switch? That is being argued behind closed doors right now, and the answer will shape what the rest of us are allowed to build on for years.