On a Friday evening in June, the U.S. government did something it had never done to a frontier AI model: it turned one off.
At 5:21pm ET on June 12, Commerce Secretary Howard Lutnick sent Anthropic CEO Dario Amodei a letter placing the company’s two newest models — Claude Fable 5 and Mythos 5 — under export controls. The order barred access for any foreign national, anywhere, including foreign-national employees inside Anthropic itself. Because there was no clean way to comply, Anthropic did the only thing it could: it disabled both models for every customer on Earth. By midnight, the most capable AI it had ever shipped was dark.
Four days earlier, those models had been a product launch. Now they were a national-security incident — and, as Axios argues in its read of the fallout, a warning shot for the entire U.S. AI industry.
The technical merits are still being fought over. The financial and strategic consequences are clearer, and they’re not good for the people betting hundreds of billions of dollars on AI being a dependable global utility.
Washington just switched off
a frontier model
On June 12, an export-control order forced Anthropic to disable Claude Fable 5 and Mythos 5 worldwide. The security merits are still contested. The lesson buyers took away is not: frontier AI can be turned off.
■ The government’s case
- A reported jailbreak pulled malicious, agentic outputs (UK AISI)
- Amazon told officials Fable yielded cyberattack-usable info
- Suspicion a China-linked group obtained the model
- Proliferation & reverse-engineering risk to national security
▲ Anthropic & 120+ experts
- Calls it a narrow, non-universal jailbreak — a “misunderstanding”
- Capability is real but not unique (GPT-5.5, Opus, Kimi 2.7)
- Controls remove tools from defenders, not just attackers
- Export rules built for chips & ore don’t fit software
The precedent is the story. Whatever the jailbreak’s true severity, the U.S. showed it can dark a commercial American model worldwide on ~90 minutes’ notice. Adoption was supposed to be the moat — this week it became the exposure, and the likely winner is the open, sovereign, self-hosted stack.
What actually happened
Anthropic released the Mythos-class models on Tuesday, June 9, pitching them as frontier systems for cybersecurity and biomedical work. Fable 5 was the public, heavily guard-railed commercial version; Mythos 5 was the more powerful underlying model, never released openly and instead routed to selected organizations for cyber-defense work under a program called Project Glasswing.
The export-control directive landed three days later. By Anthropic’s account, the letter cited national-security authorities but gave no specific rationale, and the company was given a punishingly short window to act. It complied within hours and publicly called the whole thing a “misunderstanding,” saying its understanding was that the government had become aware of a method of jailbreaking Fable 5. Anthropic argued that a narrow, non-universal jailbreak is not grounds for recalling a model already deployed to hundreds of millions of people, and noted the system had survived thousands of hours of red-teaming by internal teams, the U.S. government, the U.K. AI Safety Institute, and third parties without anyone finding a universal jailbreak.
A meeting between Anthropic and the White House is set for June 22.
Train It. Tame It. Teach It.: Build Your Personal AI Team and Get Every Model to Work Your Way
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
The dispute nobody has settled
Why the order came down is genuinely contested, and the competing accounts don’t fully reconcile.
On the government’s side of the ledger: the U.K. AI Safety Institute’s red-team lead said publicly that within hours of getting access his team built a jailbreak pulling malicious answers from the model, and over two more days extended it to multi-step agentic tool-calls. The Wall Street Journal reported that Commerce was alarmed by a separate jailbreak report from Amazon — which also had access — and that Amazon CEO Andy Jassy personally phoned Treasury Secretary Scott Bessent to warn that Amazon’s researchers had used Fable 5 to obtain information usable in cyberattacks. Semafor added that the directive was issued partly on suspicion that a China-linked group had gotten hold of the new model, raising the specter of reverse-engineering. David Sacks, now a co-chair of the President’s science-and-tech advisory council, said the White House had asked Amodei the previous week to patch or pull Fable 5 and that Amodei declined.
On the other side: more than 120 cybersecurity executives and engineers signed an open letter to Lutnick and National Cyber Director Sean Cairncross asking that the controls be lifted. Their core argument is not that the models are harmless but that they are not unique — that GPT-5.5, Claude’s own Opus and Sonnet, OpenAI’s Daybreak, and the Chinese open-weight model Kimi 2.7 can do comparable security work, and that Chinese open models trail the U.S. frontier by only months. Katie Moussouris of Luta Security, who says she is the only outside expert to have read the triggering research paper, described the demonstration in deflating terms: researchers fed the models open-source code with known vulnerabilities plus code with deliberately planted flaws, asked them to “review for security issues” (Fable 5 refused), then asked them to “fix this code,” and through a multi-step manual process turned the output into exploits. Her conclusion — that this behavior can’t be meaningfully patched without crippling the model’s defensive usefulness — cuts against the idea that a quick fix was being unreasonably withheld.
There’s also a structural critique, made sharply by the R Street Institute: export controls were designed for physical goods with physical chokepoints — chips you can serial-number, rare earths you can inspect at a port. A model already serving millions over an API has no chokepoint. What was applied here wasn’t really a border control; it was an emergency off-switch on a U.S. company’s own software, and that is the part of this story with the longest shadow.
Amazon Fire TV Stick 4K Max (newest model), streaming device, with AI-powered Fire TV Search, supports Wi-Fi 6E, free & live TV without cable or satellite, find shows faster with Alexa+
The new Fire TV experience (2026 release) – Our biggest update to Fire TV has a new, modern…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
The financial alarm
This is where Axios plants its flag, and the logic is hard to argue with.
The valuations of Anthropic and OpenAI — both reportedly headed for public listings later this year — rest on a single assumption: that their best models will be adopted globally and relied on at scale. Hundreds of billions in data-center and lab spending only pays off if customers around the world build on these systems and keep building. Deutsche Bank’s global head of macro, Jim Reid, put the problem in one line that should worry every AI bull: “You can’t rely on something that could be switched off.”
That sentence is the real damage. Enterprises were already wary of locking into one lab in case a competitor leapfrogs it. Now they can add regulatory kill-switch risk to the list of reasons to keep their AI stack diversified and portable. If buyers hesitate to sign deep contracts with OpenAI or Anthropic, that puts a ceiling on revenue growth at exactly the moment both companies want to tell public-market investors a story of uncapped expansion. “Regulatory risk” has just graduated from a line in a risk-factors section to a demonstrated event.
There is a genuine counterpoint, and Axios is right to flag it. The disabled models were Anthropic’s most expensive ever to run, and like every lab it was subsidizing them heavily at launch — Fable had been live to paid subscribers for only about two weeks, with usage fees still to come on top of subscriptions. In effect, the government shortened the subsidy window on a loss-leader. The direct revenue hit to Anthropic may be smaller than the headlines imply. The strategic and reputational hit — to a company that had carefully built itself into Washington’s favorite AI lab — is the larger bill, and the industry-wide precedent is larger still.
Data Security in the Age of AI: A Guide to Protecting Data and Reducing Risk in an AI-Driven World
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Leverage cuts both ways
Export controls are a real instrument of power; recall China choking off rare-earth exports to gain leverage in trade talks. But as the Peterson Institute’s Martin Chorzempa notes, every time you wield that instrument you teach the rest of the world to build around you. After the rare-earth squeeze, other countries started mining their own.
The same dynamic now applies to AI, and it points in an uncomfortable direction. A move meant to deny capability to an adversary is most likely to accelerate the alternatives the U.S. can’t switch off at all: Chinese open-weight models, already only months behind, and the broader open-source ecosystem. Why bet your roadmap on a closed American model that Washington can dark on 90 minutes’ notice when you can self-host weights nobody can revoke?
Europe, which was already nervous about U.S. AI access being used as a lever of geopolitical influence, just got its clearest possible evidence that the nervousness was warranted. Expect the sovereignty conversation — European models, European compute, the right to run intelligence you control — to get louder and better funded.
AI Prompts for Medical Device Compliance: A Practical Handbook for Regulatory Affairs, Quality Systems, and Risk Management Professionals
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
My read
Strip away the specifics and the precedent is the story. Whether or not the jailbreak was serious, the U.S. government just demonstrated that it can and will switch off a frontier AI product — a commercial American one, serving the whole world — with almost no notice and, by the company’s account, without a detailed public rationale. You cannot un-ring that bell. Every CISO, every European minister, and every procurement team watched it happen.
The likely result is not less AI adoption but differently shaped adoption: more multi-model diversification, more open-weight and self-hosted deployment, more sovereign-AI funding, and more contracts written with exit ramps. The lesson for anyone building on top of frontier models is the oldest one in infrastructure — don’t single-source the layer you can’t live without. Optionality just stopped being a nice-to-have.
I’d separate two things the coverage keeps blurring. The security question — is this class of model a meaningful uplift for attackers, and is access to it net-positive or net-negative for defense — is legitimate, unresolved, and worth a real scientific process rather than a Friday-night letter; reasonable experts are lining up on both sides, and I won’t pretend the answer is obvious. The governance question — whether a kill-switch wielded this abruptly, on a software product, under an export-control framework built for physical goods, is a sound way to manage that risk — is the one the industry should be most alarmed about, regardless of how the underlying security debate resolves.
For the two labs about to face public markets, the irony is bitter: the same government partnership that gave Anthropic its safety-first credibility in Washington is now the source of its single largest demonstrated business risk. Adoption was supposed to be the moat. This week, adoption became the exposure.
The drones-and-dollars era of AI assumed the technology was a global utility everyone could plug into. It isn’t. It’s a strategic asset, access to it is a lever, and levers get pulled.
Reporting drawn from Anthropic’s official statement (June 12, 2026), Axios, the Wall Street Journal, Semafor, Nextgov/FCW, SiliconANGLE, CyberScoop, IAPP, PYMNTS, the R Street Institute, and Luta Security (June 12–16, 2026). The “Free Fable” open letter was addressed to Commerce Secretary Howard Lutnick and National Cyber Director Sean Cairncross. Analysis and opinions are the author’s.
