Anthropic has cut off foreign nationals from accessing its newest advanced artificial intelligence systems after receiving a late-Friday directive from the U.S. government, a move that highlights how quickly AI development is colliding with national security policy. The company said the order applies not only to people outside the United States, but also to non-U.S. citizens already working inside the country, including employees at Anthropic itself.
The restriction affects the company’s newly released Fable 5 model and the full, non-public Mythos 5 system, both of which are tied to Anthropic’s most advanced cybersecurity and software analysis capabilities. Anthropic said it was told to comply immediately, leaving the firm little time to assess the implications before access had to be disabled across the board.
The episode underscores a widening debate in Washington and Silicon Valley over who should be allowed to handle the most capable AI models as they become better at finding software flaws, writing code and, potentially, aiding offensive cyber operations.
What Anthropic says the order requires
In a post published Friday, Anthropic said it received the government’s instruction at 5:21 p.m. and was not given a full explanation of the national security concern behind it. According to the company, the directive required it to prevent all foreign nationals from using the affected models.
That sweeping limitation includes foreign nationals living in the U.S., which means some people who already had legitimate access to Anthropic tools for work were locked out as well. Anthropic described the change as abrupt and said it had to act quickly to avoid violating the order.
Anthropic said the government’s letter did not provide enough detail for the company to fully understand the basis for the restriction, though it reviewed material it believes may have prompted the decision.
The company’s account suggests the government is treating access to frontier AI as a sensitive security issue, not just a commercial product decision. That puts Anthropic at the center of a much larger policy question: whether advanced models should be controlled more like strategic technologies than software services.
Why these models matter
The models involved are not ordinary chatbots. Anthropic has positioned Mythos 5 as a high-end system with strong performance in cybersecurity-related tasks, especially identifying vulnerabilities in code and helping engineers fix them before attackers can exploit them. The company says this kind of capability has already been used by U.S. agencies and selected corporate partners to strengthen critical systems.
That same power, however, is what makes the technology difficult to govern. A model that can find obscure software weaknesses can also be used to expose and exploit them at scale. Security experts have long warned that the line between defensive and offensive cyber tools is thin when the underlying system can automate sophisticated code analysis.
Anthropic’s newly released Fable 5 is based on the same underlying technology, but the company said it has disabled the model’s cybersecurity and biotechnology features for broader use. Mythos 5, by contrast, remains the full version, reserved for government agencies and select partners working on system hardening.
From defensive tool to potential cyberweapon
Anthropic’s own framing reveals the tension at the heart of frontier AI policy. On one hand, the models can help close security gaps that have gone unnoticed for years. On the other, those same capabilities could be weaponized by hackers, hostile states or criminal groups if access is not tightly controlled.
That concern has been part of the conversation from the beginning, but the latest U.S. order suggests regulators are increasingly willing to act preemptively. Rather than waiting for a demonstrated misuse incident, the government appears to be limiting access before it believes the risks become harder to contain.
Anthropic pushes back on the rationale
Anthropic said it reviewed a government report that it believes likely triggered the directive. Its internal assessment, however, is that the report points to a relatively narrow capability: using AI to inspect certain program code and correct errors. The company argued that this is not unique to its systems and that similar functionality exists in competing models from other firms.
In particular, Anthropic pointed to OpenAI’s GPT-5.5, saying it also offers code-review and error-correction functions. That comparison was important to the company’s argument that the government’s concern appears to rest on a feature already available elsewhere in the market.
Anthropic said it disagreed with the idea that software used by hundreds of millions of people should be restricted on that basis, and argued that Fable 5 had undergone extensive safety testing.
The company’s response reflects a broader industry frustration: frontier AI companies increasingly face pressure to prove their models are safe, even as regulators grow more skeptical about whether voluntary safeguards are enough.
How the move fits into the broader AI security debate
The U.S. directive arrives at a moment when governments around the world are wrestling with how to control AI systems that can perform highly sensitive tasks. The debate has moved well beyond consumer chatbots and into questions of export controls, access restrictions, model evaluation and the military implications of advanced AI.
Cybersecurity sits near the top of that list. Models that can rapidly inspect code, identify vulnerabilities and recommend patches are useful to defenders, but those same systems can lower the barrier to exploitation. That dual-use quality makes them a natural target for policy intervention.
For Washington, the issue is not just about who can use the technology today. It is also about who might gain early familiarity with systems that could shape future cyber operations, intelligence gathering and critical infrastructure security.
Why foreign access is a flashpoint
Limiting access by nationality is especially consequential because frontier AI research and deployment depend heavily on global talent. Major U.S. AI companies employ engineers, researchers and security specialists from many countries, and those employees often contribute directly to model development and testing.
By extending the restriction to foreign nationals already in the U.S., the order reaches beyond border controls and into the internal workings of a private company. That raises practical questions about compliance, workforce access and whether nationality-based rules can be enforced cleanly in a sector built on international collaboration.
It also signals that the government may be thinking not only about foreign adversaries abroad, but about the risk of leakage, misuse or controlled dissemination of powerful AI tools within the United States itself.
Anthropic’s warning about moving too fast
The order came only days after Anthropic publicly urged the world’s leading AI labs to consider slowing the race toward ever more capable systems. In an early-June blog post, the company argued that the pace of progress may soon outstrip human control and said the industry should preserve the option to pause or temporarily slow development if risks escalate.
That message now carries extra weight. Anthropic is simultaneously one of the companies building the most advanced AI systems and one of the loudest voices warning that the technology could become too powerful too quickly. The government’s move may bolster the company’s case that the field needs stronger safeguards, even if it complicates Anthropic’s own operations.
In its earlier statement, Anthropic argued that as AI systems become faster at carrying out tasks, the world should retain the option to slow or temporarily pause further progress.
The company has not said whether it plans to challenge the directive or seek clarification. For now, it appears to be complying while pressing its view that the restriction is broader than necessary.
Timeline: how the access restriction unfolded
| Timeframe | Event | Significance |
|---|---|---|
| Early June | Anthropic publicly calls for a possible pause or slowdown in advanced AI development | Shows growing concern inside the company about frontier-model risks |
| This week | Anthropic releases Fable 5, based on Mythos technology | New model rollout expands access to advanced AI capabilities |
| Friday, 5:21 p.m. | Anthropic receives U.S. government order restricting foreign nationals | Triggers immediate compliance response |
| Shortly after | Access is disabled for foreign nationals, including some employees in the U.S. | Limits use of the affected models across Anthropic’s user base |
| Friday blog post | Anthropic publishes its account of the order and questions the rationale | Brings the dispute into public view |
What this means for the AI industry
The Anthropic case may become a precedent for future restrictions on frontier models, especially if governments conclude that general-purpose AI is now inseparable from cyber risk. If so, the industry may have to prepare for more targeted rules based not just on model capability, but also on who is allowed to use it and where.
That would mark a significant shift from the current norm, in which AI companies typically set their own access policies with broad global availability. National security intervention could lead to a more fragmented market, with different access rules for different classes of users, countries and institutions.
For AI developers, this raises operational and strategic questions:
- How should companies verify nationality or residency without disrupting legitimate work?
- Should the most capable models be distributed only to vetted institutions?
- Can safety testing keep pace with increasingly powerful dual-use capabilities?
- Will governments begin treating frontier model access like a controlled technology?
These are no longer abstract policy questions. The Anthropic order suggests they are becoming part of day-to-day business for the companies building the next generation of AI.
The larger stakes for frontier AI governance
As AI systems become more capable, the central policy challenge is shifting from how to regulate outputs to how to govern access. A model that can reason about code, detect vulnerabilities and help repair them is useful for defenders, but it also narrows the gap between expert and non-expert actors. That can improve productivity, but it can also lower the barriers to harm.
Government action in this area may intensify as frontier models approach tasks once thought to require specialized human expertise. National security agencies are likely to continue pushing for tighter controls, especially where models can be used in cybersecurity, biotech or other sensitive domains.
At the same time, companies like Anthropic will keep arguing that overly broad restrictions risk stalling innovation and punishing legitimate research. The result is a policy struggle that is likely to define the AI industry for years: how to protect the public without freezing a technology that many believe is still in its early stages.
For now, the immediate consequence is simple. Anthropic’s latest models are no longer available to foreign nationals, and the company says it is complying under protest while it seeks a clearer explanation of why the U.S. government judged the restriction necessary.
What comes next will depend on whether regulators provide more detail, whether Anthropic presses back formally, and whether other AI firms face similar orders as frontier models continue to expand their reach.
