Anthropic has pulled two of its most advanced artificial intelligence models from public use after receiving a U.S. government export-control directive that effectively barred foreign nationals — including some of its own employees — from accessing them. The move, announced Friday, appears to be the first time a major AI company has taken a publicly released model offline in response to a direct government national-security order.
The company said the order forced it to suspend Fable 5 and Mythos 5 for all customers worldwide because it could not reliably restrict access by nationality without broad disruption. The decision came only days after Fable 5 had been opened to users, underscoring how quickly frontier AI systems can move from launch to shutdown when security concerns escalate.
The episode has quickly become a test case for the emerging politics of artificial intelligence: who gets access, who decides what is too dangerous, and what happens when a model’s release collides with government concerns about cyber abuse. It also raises a deeper question for countries and companies that depend on foreign-built AI systems: how much control do they really have over tools they rent from abroad?
What happened and why it matters
According to Anthropic, the Commerce Department issued an export-control directive at 5:21 p.m. local time on Friday. The order reportedly prohibited foreign nationals from using Fable 5 and Mythos 5 on national-security grounds. Rather than create a partial access system, Anthropic chose to disable both models for all users worldwide.
The company said its other models remain available. But the withdrawal of two flagship systems — one newly released, the other offered only to a small number of selected customers — is a major escalation in the relationship between Silicon Valley AI developers and Washington.
On the available record, this is the first known instance of a major AI model being switched off globally at the direction of the U.S. government. Earlier U.S. actions against Chinese technology had focused on hardware, export bans and restrictions on advanced chips. This case goes further by targeting a live, commercial AI service already in use.
That distinction matters. A chip export restriction limits the supply of compute; a model recall interrupts access to a deployed digital product. In practical terms, it means an AI system can now be treated less like software and more like a strategically sensitive asset subject to direct state intervention.
The models at the center of the dispute
Fable 5 and Mythos 5 explained
Fable 5 was introduced as a restricted version of Mythos 5, a frontier model that Anthropic had chosen not to broadly release because of its ability to identify software vulnerabilities. Mythos 5 had been made available only to a limited group of customers and partners.
The concern, according to the company’s understanding of the government’s letter, was that Fable 5 could be “jailbroken” into helping with hacking. Anthropic said the directive itself did not explain the threat in detail, leaving the company to infer that the model might be used to bypass safety controls and produce harmful cyber outputs.
Anthropic rejected the implication that the model posed a unique risk. It said its internal review did not support the idea that the alleged jailbreak enabled capabilities unavailable in other public models. The company also said its testing had not uncovered a universal jailbreak that could defeat the model’s safeguards across all categories of use.
“We disagree that the finding of a narrow potential jailbreak should be cause for recalling a commercial model deployed to hundreds of millions of people,” Anthropic said in its statement, arguing that applying such a standard broadly would effectively freeze new frontier-model launches across the industry.
Those are Anthropic’s characterisations. The government has not publicly disclosed the evidence or rationale behind the order.
How the company ended up disabling access
Anthropic said it faced a technical and operational problem: if foreign nationals were barred from using the models, it would have to create airtight access controls across a global customer base, including its own workforce. The company concluded that the simplest way to comply was to take the models offline for everyone.
That outcome has immediate consequences for developers, enterprises and researchers that had begun integrating the systems into products and workflows. It also highlights a structural vulnerability in cloud AI: customers may build critical processes around a model they do not control, only to see access cut off by a provider or regulator.
The company said it was working to restore access and would provide more technical detail within a day. It also described the government’s action as likely stemming from a misunderstanding.
Still, the signal is unmistakable. Frontier models are no longer just the domain of product launches and benchmark scores. They are now part of national-security debates that can determine whether a tool remains online.
The jailbreak claims that helped trigger the controversy
In the days after Fable 5 became publicly available, security researchers circulated a claim that the model could be manipulated into producing harmful material. The most visible claim came from a pseudonymous researcher known as Pliny the Liberator, a figure well known in AI safety and jailbreak circles for rapidly stripping safeguards from new systems after release.
Pliny said he and collaborators were able to coax restricted content from the model across several risk areas, including cyber-related material and references tied to chemical and explosive harms. His methods, as described publicly, did not rely on a single exploit. Instead, they combined linguistic obfuscation, multi-step prompting and conversational manipulation to slide past guardrails.
Among the tactics he described were:
- substituting letters with lookalikes from other alphabets to evade keyword filters
- breaking a dangerous request into pieces over multiple turns so the model lost track of the broader intent
- framing a harmful request as fiction, research, or compliance documentation
- using one compromised model to help reconstruct fragmented outputs from another
He also claimed that the most effective method was to split a harmful request into innocent-seeming components, retrieve the pieces separately, and combine them afterward. One example he referenced involved a methamphetamine synthesis route that has long been documented in open scientific literature.
The significance of these claims lies not only in their content but in their familiarity. As frontier models become more capable, jailbreak techniques have also become more sophisticated, making it harder for developers to guarantee that a safety layer will hold under all conditions.
Timeline of the Anthropic episode
| Date | Event | Why it mattered |
|---|---|---|
| Tuesday | Anthropic released Fable 5 publicly | The model entered broad use after being introduced as a restricted version of a more powerful system |
| June 10 | Jailbreak claims began circulating online | Researchers alleged the model could be coaxed into producing harmful cyber and other sensitive content |
| Friday, 5:21 p.m. local time | Anthropic received a U.S. export-control directive | The order reportedly barred foreign nationals from using Fable 5 and Mythos 5 |
| Friday evening | Anthropic disabled both models globally | The company said it could not selectively comply without affecting all customers |
| Following the shutdown | Debate expanded across the U.S., Europe and India | The case became a broader argument about sovereign AI, regulation and dependence on foreign model providers |
A dispute that fits into a larger Washington-Anthropic clash
The shutdown did not emerge in a vacuum. Anthropic has been in repeated tension with the Trump administration over what kinds of AI applications are acceptable and how safely frontier systems should be deployed.
In past disputes, the company has resisted efforts to use its tools for mass surveillance or autonomous weapons. Those disagreements led to setbacks in defence-related business. The Pentagon later described Anthropic as a supply-chain risk, a label usually reserved for foreign adversaries and one that has complicated its relationship with government contractors. Related litigation is still underway.
This latest order, then, is not just a one-off administrative action. It is part of a broader struggle over the role of private AI firms in national security, and over whether companies should be able to refuse military or surveillance uses while still operating commercially at scale.
It also reflects a political reality that frontier AI companies are increasingly treated as geopolitical actors. Their models are not viewed merely as software products; they are dual-use systems that can be deployed for productivity or abused for cyber and other harmful ends.
Market and policy ripple effects outside the United States
Europe sees a warning about dependence
The impact of the shutdown was felt quickly outside the U.S. The European Union had only recently secured access to Mythos after weeks of negotiations. The abrupt reversal reinforced concerns in Brussels about the bloc’s dependence on American AI infrastructure and suppliers.
A European Commission spokesman said the bloc was taking note of Anthropic’s statement and reviewing the matter. The episode comes at a time when the EU has been trying to reduce reliance on the U.S. and Asia for critical technologies, including artificial intelligence.
European officials framed the development as evidence of the need for greater technological sovereignty, arguing that strategic digital tools should not be vulnerable to sudden external interruption.
That message will resonate with policymakers across Europe, where AI policy has increasingly focused on resilience, domestic capacity and data control rather than simply adoption.
India’s dependence on foreign AI becomes part of the debate
For India, the shutdown offers a different but equally important lesson. The country is Anthropic’s second-largest consumer market after the United States, accounting for 5.8% of global Claude.ai usage in November 2025 and rising to 6.16% in the company’s March update, according to its Economic Index.
The usage pattern is concentrated. Four places — Maharashtra, Tamil Nadu, Karnataka and Delhi — account for more than half of India’s total activity. Indian users also rely heavily on the system for software development, reflecting the country’s deep links to IT services and engineering work.
That makes the shutdown more than a policy story. It is a business continuity issue. If a model becomes embedded in coding, analysis, customer support or internal workflows, losing access can disrupt teams overnight.
It also adds pressure to India’s efforts to build homegrown AI capacity. The country has already signalled that it wants more control over strategic digital infrastructure, and the Anthropic episode strengthens the argument for domestic model development.
Abhishek Upperwal, founder of Soket AI, said the incident shows why India should invest heavily in AI research and development rather than relying on foreign models, whether closed or open source. He argued that the IndiaAI mission is moving in the right direction, but said the country must accelerate efforts to build sovereign models.
Gnani.ai co-founder and CEO Ganesh Gopalan said the shutdown is a reminder that access to elite, centrally controlled AI systems can disappear overnight because of security concerns or policy changes. He warned that businesses and governments cannot assume continuity when they depend on third-party AI stacks, and said the disruption will speed up demand for independent, sovereign systems.
Why this matters for the AI industry
The Anthropic case could become an industry benchmark for how governments and AI companies handle frontier-model risk. If one model can be removed because a regulator believes it may enable hacking, then similar concerns could surface around future releases from other providers.
That raises several difficult questions:
- How should governments evaluate model-specific risk claims before intervening?
- Should companies be required to design nationality-based access controls in advance?
- What standard of evidence should justify recalling a deployed model?
- How much operational dependence should customers accept if access can be revoked suddenly?
For the AI sector, the most immediate takeaway is that safety and geopolitics are now inseparable. A model that is technically impressive may still be politically fragile. A release that looks like a product milestone can become, within days, a national-security issue.
The industry also has to reckon with a market reality: frontier models are increasingly centralized, and centralization makes them easier to control — and easier to stop. That can help reduce risk, but it also creates a single point of failure for businesses that build on top of them.
What happens next
Anthropic has said it will share more technical detail soon and is seeking to restore access. Whether that happens depends not just on the company’s engineering work, but on how Washington interprets the threat and whether the government is satisfied that foreign-national restrictions can be enforced cleanly.
If access returns, the episode will still leave a mark. Customers have now seen that even high-end commercial AI can be switched off with little notice. Policymakers, meanwhile, have an example of how far they may be willing to go when they believe a model creates unacceptable national-security risk.
For now, the Anthropic shutdown stands as a landmark moment in AI governance. It is a reminder that the next great frontier in artificial intelligence is not just better reasoning or more powerful coding assistance. It is control: who has it, who loses it, and what happens when the state decides the answer is no longer up to the company.
In that sense, the global removal of Fable 5 and Mythos 5 is about far more than one company’s product line. It is an early glimpse of a future in which AI access may depend as much on geopolitics as on engineering.
