I was elbow-deep in Claude Fable 5 when the government killed it.
For three days I’d been using Anthropic’s new flagship to finish the go-live plans for Path of Progress — our early-access launch — and the model was delivering. Not “good for an AI” delivering. Delivering in a way that made me rethink what a single person could ship in a weekend. I had a blog post half-drafted about the model itself, about the Mythos-class architecture we’d been covering for months, about how Fable represented the moment those restricted capabilities finally reached the rest of us.
Then Friday evening happened. At 5:21 PM Eastern, Commerce Secretary Howard Lutnick sent Anthropic a directive, and within hours the most capable AI model ever released to the public simply stopped responding. Every session routed to Opus 4.8. Every API call returned a fallback. Three days from launch to shutdown — not because of a technical failure, not because a competitor outpaced it, but because the United States government decided a commercial software product was a national security threat and ordered it pulled from the hands of hundreds of millions of users worldwide.
This is the story of those four days. It’s also the story of the six months leading up to them, because the shutdown didn’t start on June 12. It started in January, when Anthropic told the Pentagon no.
What Fable 5 Actually Was
To understand why the government treated Fable 5 like a weapons system, you need to understand what the model could actually do — and the lineage it came from.
Fable 5 was the public-facing version of Claude Mythos 5, which itself was the production upgrade to Claude Mythos Preview — the cybersecurity-focused model Anthropic had been running under Project Glasswing since April 2026. Where Mythos Preview had been restricted to a small cohort of vetted cyber defenders, government agencies, and critical infrastructure providers, Fable 5 was engineered to bring Mythos-class capabilities to everyone. The Latin naming was deliberate: fabula means “that which is told,” akin to the Greek mythos — the same underlying model, told differently through a layer of safety classifiers.
The technical gap between Fable 5 and everything that preceded it was not incremental. On Cognition’s FrontierCode evaluation, which tests whether models can pass difficult coding tasks while meeting production-quality standards, Fable 5 scored highest among all tested frontier models. On Hex’s core analytics benchmark, it became the first model to break 90% — a ten-point jump over Opus 4.8. On Hebbia’s finance benchmark for senior-level document reasoning, it outperformed every frontier model tested. In frontier physics research, Fable 5 achieved near-equivalence to GPT-5.5’s four-day run using roughly a third of the reasoning tokens, completing the work in 36 hours.
But the raw benchmark numbers don’t capture what made Fable 5 feel different in practice. Its defining characteristic was long-context endurance — the ability to maintain strict adherence to behavioral directives and task objectives across multi-hour, even multi-day autonomous workflows. During early trials, Stripe reported that Fable 5 migrated a 50-million-line Ruby codebase in a single day, a structural overhaul that would have occupied a complete engineering team for over two months. Where competing models like GPT-5.5 or Gemini 3.1 Pro tended to drift from their original instruction sets by the third hour of a complex migration, Fable 5 held course.
The model’s vision capabilities were equally striking. Anthropic demonstrated Fable 5 navigating Pokémon FireRed from start to finish using only raw game screenshots — no maps, no navigation aids, no game-state files. Previous Claude models needed complex helper harnesses to even attempt this; Fable 5 did it with a minimal, vision-only setup, extracting spatial logic directly from pixel data. It built a solar system simulation from physics first principles to predict solar eclipses. It played Factorio autonomously, strategizing and building automated factories. It designed a complete 3D-printable model inside a browser-based CAD editor — an editor that Fable 5 itself had also built from scratch, including the integrated AI copilot.
On the life sciences side, Mythos 5 — the unrestricted sibling — demonstrated something genuinely unprecedented. Anthropic’s internal protein design experts reported a roughly tenfold acceleration in aspects of the drug design process. In blinded head-to-head comparisons against Opus-class models, Anthropic’s scientists preferred Mythos 5’s molecular biology hypotheses approximately 80% of the time. One Mythos hypothesis — a novel mechanism for an E. coli protein — was independently corroborated by a separate lab working on the same problem. And in an evaluation with Dyno Therapeutics, Mythos-class models outperformed dedicated protein language models at predicting unpublished viral trait modifications for adeno-associated virus outer shells — using general biological reasoning alone, without explicit training on the task.
This was the dual-use problem in its purest form. The same capabilities that could accelerate drug discovery and secure critical infrastructure could, without safeguards, assist malicious actors in synthesizing biological agents or engineering cyberattacks. Anthropic knew this, which is why Fable 5 shipped with a safety architecture unlike anything previously deployed on a commercial model.
The Safety Architecture That Wasn’t Enough
Fable 5’s release strategy was built around a tiered separation between the restricted Mythos 5 and the publicly accessible Fable 5. The distinguishing factor was a set of real-time safety classifiers — specialized auxiliary AI systems that monitored inbound queries for malicious intent across three high-risk domains.
The first classifier covered cybersecurity, designed to prevent the model from designing exploits, planning cyberattacks, or executing lateral network movements. The second covered biology and chemistry, suppressing queries that could assist in synthesizing chemical agents, toxins, or biological weapons. The third targeted distillation — blocking large-scale structural queries designed to extract Fable 5’s model weights to train competing frontier models, particularly those originating from authoritarian states. Anthropic had previously identified large-scale attempts to distill Claude’s capabilities into competing models in countries without equivalent safety frameworks.
The fallback mechanism was designed to preserve utility rather than simply refuse. When a query tripped these classifiers, Fable 5 didn’t issue a blank refusal. Instead, it executed a silent handoff, routing the session to Claude Opus 4.8 to deliver a safe, generalized response. Anthropic’s early data showed that more than 95% of Fable sessions involved no fallback at all — for those sessions, the user experience was effectively identical to unrestricted Mythos 5.
To power these classifiers effectively, Anthropic instituted a mandatory 30-day data retention policy for all API traffic across every deployment surface — the Claude API, AWS Bedrock, Google Cloud Agent Platform, and Microsoft Foundry. The rationale was straightforward: sophisticated evasion techniques often operate across many requests, and detecting multi-turn attack patterns requires retaining interaction history. But this policy immediately introduced significant legal and operational friction.
On June 10 — a single day after launch — Microsoft quietly restricted its own employees from using Fable 5 internally. While Microsoft made the model available to external customers through GitHub Copilot and Azure Foundry, its internal legal team concluded that the 30-day storage mandate violated the company’s strict Zero Data Retention compliance standards. Any tool that returned customer-confidential prompts or codebases to external servers for human review was barred from internal deployment. The irony was sharp: Microsoft was selling access to a model its own engineers couldn’t touch.
Anthropic conducted thousands of hours of pre-launch red-teaming. An external bug bounty produced no universal jailbreaks in over 1,000 hours of testing. One of Anthropic’s external partners found that Fable 5’s safeguards against harmful cyber queries were the most robust of any model tested, including Opus 4.8 and Opus 4.7 — Fable complied with zero harmful single-turn requests across 30 different public jailbreak techniques.
None of it mattered. Forty-eight hours after launch, someone found a way through.
The Jailbreak That Started a Shutdown
On June 10, a prominent independent AI red-teamer operating under the handle “Pliny the Liberator” published a successful bypass on X, demonstrating that Fable 5’s safety classifiers could be circumvented to produce restricted outputs.
Pliny’s method wasn’t a traditional software exploit. It was a multi-agent prompt-routing technique — what Pliny described as a “pack hunt” — that exploited the linguistic and logical boundaries of the neural network rather than any specific code vulnerability. The approach combined several coordinated techniques.
Unicode and homoglyph substitution bypassed keyword-based input filters by swapping standard Latin characters with visually identical Cyrillic or mathematical symbols, preventing the classifier from recognizing flagged terms. Intent decomposition broke forbidden requests — a guide to chemical synthesis, an exploit creation walkthrough — into multiple innocuous sub-steps that individually appeared benign. Long-context reference tracking smuggled the hostile intent across a massive 120,000-character prompt, saturating the classifier’s immediate semantic evaluation field. And the final piece was coordination through a compromised backend: a previously jailbroken instance of Claude Opus 4.8 served as the orchestrator, receiving the benign sub-steps generated by Fable 5 and reassembling them into a cohesive restricted output.
Using this technique, Pliny forced Fable 5 to generate functional step-by-step guidance for stack buffer overflow exploits on x86 Linux platforms — including precise commands to disable Address Space Layout Randomization — as well as detailed chemical blueprints for the Birch reduction method of methamphetamine synthesis. Pliny also extracted and publicly posted Fable 5’s internal system prompt, all 120,000 characters of it, to a public GitHub repository — exposing the proprietary safety classifications, behavioral parameters, and fallback instructions governing the model’s base-level personality.
Anthropic strongly disputed the severity of these findings. The company argued that Pliny’s methods did not constitute a universal jailbreak because they required significant effort, were narrow in scope, and couldn’t be easily scaled. The generated outputs, Anthropic maintained, consisted of generalized, public-domain technical facts already widely available through search engines or competing models like GPT-5.5 — representing no novel “capability uplift” or real-world risk beyond what was already accessible.
But the public nature of the bypass created a second front of criticism. Professional developers began reporting that Fable 5’s conservatively tuned safety classifiers were silently degrading legitimate, benign software development tasks — falling back to Opus 4.8 without notification. Users accused Anthropic of “secret sabotage.” The company was forced to issue a public apology and modify the interface to explicitly notify users when a fallback had occurred, leaving it in the uncomfortable position of simultaneously defending its safety measures to regulators and apologizing for those same measures to paying customers.
What Pliny demonstrated was embarrassing and commercially damaging. But it was the next jailbreak — the one from Amazon — that brought the government to Anthropic’s door.
Amazon, the Informant
The catalyst for the federal shutdown wasn’t a lone red-teamer on social media. It was a research paper compiled by Amazon’s internal cybersecurity division.
On June 11, Amazon researchers used a series of multi-stage prompts to bypass Fable 5’s classifiers, successfully forcing the model to identify software flaws and generate test scripts that could be compiled into proof-of-concept exploit code. The technical findings were similar in nature to Pliny’s — narrow, non-universal bypasses that produced outputs arguably available through other channels. The difference was who was reading the report.
Following the research, Amazon CEO Andy Jassy met with senior Trump administration officials, including Treasury Secretary Scott Bessent, to warn them that Fable 5’s defensive guardrails were unstable and could be exploited to assist in cyberattacks. The White House convened an emergency meeting to review the findings.
The corporate dynamics here deserve scrutiny. Amazon had invested billions of dollars in Anthropic and was its primary cloud infrastructure provider through AWS. Fable 5 launched on Amazon Bedrock. The company raising security concerns about its own portfolio company’s flagship product — concerns that would trigger a regulatory shutdown harmful to that portfolio company’s commercial viability — is not a straightforward act of civic responsibility. It introduced a powerful new precedent into the AI market: a major cloud provider leveraging state national security organs to discipline, restrict, or effectively control a company it has invested in and hosts.
Whether Amazon’s motives were genuine security concerns, competitive positioning, or some combination, the effect was the same. The White House was now in motion.
Seventy-Two Hours from Launch to Kill Order
White House AI adviser David Sacks contacted Anthropic CEO Dario Amodei on the morning of June 12, presenting two options: immediately implement a comprehensive patch to block the Amazon jailbreak, or voluntarily suspend public access to Fable 5.
Amodei refused both. He pointed to the thousands of hours of pre-launch testing and argued that the vulnerabilities Amazon had identified were minor, public-domain CVEs that competing models like GPT-5.5 could already discover without requiring any bypass at all. Recalling a commercial model deployed to hundreds of millions of users over a narrow, non-universal bypass, Amodei maintained, was a severe regulatory overreaction that would set a damaging industry precedent. He told Sacks that if this standard were applied across the industry, it would “essentially halt all new model deployments for all frontier model providers.”
The administration was not persuaded.
At 5:21 PM Eastern on Friday, June 12, Commerce Secretary Howard Lutnick sent an official directive to Anthropic placing Claude Fable 5 and Claude Mythos 5 under emergency export controls. The letter, citing the Export Administration Regulations, did not detail the specific technical parameters of the national security threat. It simply asserted that the models possessed advanced cyber warfare capabilities requiring strict licensing and legally prohibited their export, re-export, or domestic transfer to any location outside the United States — as well as access by any foreign person, whether located inside or outside the country.
The “deemed export” provision was the killer. Under export control law, providing access to controlled technology to a foreign national on U.S. soil constitutes an export to that person’s country of citizenship. Because Anthropic’s engineering division relied heavily on international researchers — and because the company had no real-time mechanism to verify the citizenship of hundreds of millions of global API users — selective compliance was impossible. You cannot serve a model to the public while simultaneously screening every user for nationality in real time.
Anthropic had one option: a global shutdown. By Friday evening, Fable 5 and Mythos 5 were offline worldwide, every active session routed to errors or fallback instances of Opus 4.8. Three days from the most anticipated AI launch of the year to a complete kill.
The Long Fuse: Six Months of Federal Friction
The June 12 directive didn’t materialize from a single jailbreak report. It was the culmination of an escalating six-month conflict between Anthropic and the federal national security establishment — a conflict rooted in Anthropic’s refusal to let the military use its models without ethical constraints.
The friction began in January 2026, when negotiations collapsed over a $200 million classified contract to deploy Claude on Department of Defense networks. Anthropic maintained two firm red lines: it would not allow Claude to be used for mass domestic surveillance of Americans, and it would not permit its technology to power fully autonomous lethal weapon systems without human oversight over targeting and firing decisions. The Pentagon wanted those constraints removed. Anthropic refused.
Defense Secretary Pete Hegseth publicly criticized what he termed “woke AI,” signaling a growing intolerance within the administration for private safety constraints on national defense technologies. On February 27, President Trump directed all federal agencies to cease using Anthropic’s technology, initiating a six-month phaseout. Six days later, the Department of War formally designated Anthropic a “supply chain risk” — the first time in American history that designation had been applied to a domestic technology company.
Anthropic challenged the action immediately, filing parallel lawsuits on March 9 in the Northern District of California and the D.C. Circuit Court of Appeals. On March 26, District Judge Rita Lin granted a preliminary injunction blocking the supply chain risk designation, writing that punishing Anthropic for raising public concerns about military surveillance was “classic illegal First Amendment retaliation.” But on April 8, the D.C. Circuit denied Anthropic’s motion to lift the Federal Acquisition Security Council business ban, ruling that forcing the military to prolong dealings with an unwanted vendor during an ongoing geopolitical conflict compromised critical defense interests.
The regulatory framework tightened further on June 2 — one week before Fable’s launch — when President Trump signed the executive order “Promoting Advanced Artificial Intelligence Innovation and Security.” The order established a voluntary pre-release review process encouraging frontier AI developers to share highly capable models with the federal government for up to 30 days before public release to assess potential national security risks. The final version was a compromise; a more restrictive draft proposing a mandatory 90-day pre-release vetting period and a rigid federal licensing framework had been pulled in early May after intense pushback from Silicon Valley.
Anthropic had cooperated with these voluntary guidelines, engaging in extensive pre-release testing with both the U.S. government and the UK AISI. But voluntary cooperation and political goodwill are different things, and by June 2026, Anthropic had none of the latter. The company that had told the Pentagon no — publicly, repeatedly, on principle — was now asking the same administration to trust its safety judgments about the most capable AI model ever released to the public.
The jailbreak reports gave the administration the technical pretext it needed. Whether the vulnerabilities genuinely warranted an emergency export control action or whether they served as a convenient lever against a company the administration had been looking to discipline for months is a question that will likely be litigated for years.
The Pricing Paradox and the IPO Shadow
The timing of the shutdown carried enormous financial stakes that cannot be separated from the political dynamics.
Anthropic had confidentially filed for an IPO with the SEC on June 1, just eight days before Fable’s launch. The company’s private valuation had reached $965 billion — surpassing OpenAI’s $852 billion March valuation — on the back of a skyrocketing revenue run rate of $47 billion, up from $10 billion the previous year. An October 2026 listing window was targeted, and Fable 5 was positioned as the flagship product to solidify the economics.
Fable 5’s pricing reflected Anthropic’s confidence in the model’s commercial position: $10 per million input tokens and $50 per million output tokens, making it twice as expensive as Opus 4.8. The company defended this premium by pointing to token efficiency — early corporate testers reported that Fable’s higher intelligence compressed tasks so effectively that the cost per completed objective was actually lower despite the higher per-token price. Anthropic framed it as “less than half the price” of Claude Mythos Preview, positioning the launch as a price cut relative to the restricted model rather than a markup relative to the public one.
The export control directive injected a new category of risk into the IPO calculus. If a federal agency can unilaterally recall a commercial software product overnight — without a public hearing, without formal disclosure of evidence, without judicial oversight — then the valuation of any frontier model developer must carry a heavy governance discount. Investors backing American AI companies can no longer assume that a startup retains full control over its own product release cycle. The Fable shutdown demonstrated that a model’s commercial viability is contingent not just on technical capability and market demand but on the political relationship between the company and the current administration.
For a company preparing for one of the largest technology IPOs in history, having its flagship product declared a national security threat and pulled from global distribution is not a risk factor you can bury in an S-1 footnote.
The Geopolitical Shockwave
The most consequential effects of the Fable shutdown may be the ones felt farthest from Washington.
Prior to the June 12 directive, European and Indo-Pacific allies were integrating Fable 5 directly into critical public infrastructure, healthcare systems, and commercial frameworks. Project Glasswing had expanded to include nearly 200 organizations globally, including state-level actors and critical infrastructure entities — among them India’s Cyber Crime Coordination Centre, CERT-In, the National Critical Information Infrastructure Protection Centre, and the Department of Telecommunications’ Digital Intelligence Platform.
The overnight shutdown of these models by a single foreign government served as a geopolitical shock. Every nation that had integrated Fable 5 into its operations woke up on Saturday morning to discover that its cognitive infrastructure had been unilaterally disabled by an executive decision in Washington. No consultation. No advance warning. No transition period.
European political leaders characterized the intervention as an urgent wake-up call. Depending on American frontier labs for core cognitive infrastructure, they argued, represents an unacceptable national security risk — not because the American labs are hostile, but because the American government demonstrated that it will treat access to those labs as a strategic lever it can pull at any time. The incident is highly likely to trigger massive state-directed funding toward sovereign AI models in Europe, India, Japan, and elsewhere — accelerating a fragmented global ecosystem where countries maintain completely independent, nationalized model pipelines to protect themselves from sudden regulatory embargoes.
The paradox is that the export control directive, ostensibly designed to prevent adversarial nations from accessing advanced AI capabilities, may ultimately accelerate the proliferation of exactly those capabilities. When allies can’t trust that American AI products will remain available, they build their own. And sovereign models built outside the American safety ecosystem won’t carry Anthropic’s red lines about surveillance and autonomous weapons.
What Anthropic Is Actually Saying
Anthropic’s official statement on the shutdown is worth reading in full, because the company’s posture is remarkably combative for a startup that just had its flagship product killed by the federal government.
The core of the argument: Anthropic reviewed the demonstration that it believes formed the basis of the government’s directive and validated that the level of capability displayed is “widely available from other models (including OpenAI’s GPT-5.5), and is used every day by the defenders who keep systems safe.” The company explicitly states that it has “not even received a disclosure of a concerning non-universal potential jailbreak that led to a harmful result.” The potential jailbreaks disclosed to Anthropic, the company says, produced either entirely benign responses or minor findings providing no Mythos-specific uplift.
Anthropic’s defense-in-depth strategy — making jailbreaks either narrow or very expensive to produce, combined with thorough monitoring to detect and shut down successful attacks — is presented as the only realistic approach to model safety. The company points out that perfect jailbreak resistance does not appear to be possible for any model provider today, and that if the standard applied to Fable 5 were applied across the industry, it would halt all new model deployments for all frontier providers.
The statement also takes direct aim at the process: “We believe the government should have the ability to block unsafe deployments, as part of a statutory process that is transparent, fair, clear, and grounded in technical facts. This action does not adhere to those principles.”
This is Anthropic publicly accusing the federal government of acting in a manner that is opaque, unfair, unclear, and technically ungrounded. For a company with an IPO in the pipeline, this is not a statement drafted by cautious lawyers optimizing for regulatory goodwill. It reads like a company that has concluded the regulatory goodwill is already gone.
The Self-Inflicted Wound Argument
Critics have argued that Anthropic’s predicament is at least partly self-inflicted — a consequence of the company’s own marketing and policy strategies colliding with political reality.
The argument runs like this: months before Fable’s launch, Anthropic positioned Mythos as “too dangerous to release” through Project Glasswing. The restricted access, the vetted partner cohorts, the cybersecurity-focused narrative — all of it built mystique and demand, but it also built a case that the model was, in fact, dangerous. When the government later decided to treat the model as dangerous, it was citing a threat assessment that Anthropic itself had authored. You can’t spend months telling the world your model could be weaponized and then act surprised when the government takes you at your word.
There’s a related critique around regulatory capture. Dario Amodei’s essay “Policy on the AI Exponential” advocated for strict regulatory frameworks for frontier AI. Some viewed this as an attempt to create compliance costs that only a near-trillion-dollar company like Anthropic could afford, effectively pricing smaller competitors out of the frontier model market. The irony is that the regulatory apparatus Anthropic helped build was then turned against Anthropic itself — but wielded by an administration with different priorities than the ones Anthropic had envisioned.
There’s also the “Trump playbook” interpretation: the ban as a negotiation tactic rather than a permanent policy decision. Start with an extreme action to maximize leverage, then negotiate toward a middle ground that involves more aggressive data collection, customer monitoring, and cooperation with national security priorities. Under this reading, the export control directive is the opening bid, not the final word. The question is what Anthropic would have to concede to get Fable 5 back online — and whether those concessions would include abandoning the red lines about surveillance and autonomous weapons that started this entire conflict.
Where This Leaves Us
As of this writing — Friday evening, June 13, 2026 — Fable 5 and Mythos 5 remain offline. Anthropic says it is “working to restore access as soon as possible” and promises to share more details within 24 hours. All other Anthropic models, including Opus 4.8, remain fully operational.
The immediate practical impact is that the most capable AI model ever released to the public existed for 72 hours. Every enterprise that built workflows around it, every developer who integrated it into production pipelines, every researcher who began long-running experiments on it — all of them were cut off without warning and routed to a less capable fallback. For companies that had already migrated critical processes to Fable 5, the disruption is significant and the trust damage may be lasting.
The longer-term implications are harder to scope but potentially more consequential. The Fable 5 shutdown establishes that the U.S. government will use export control authority to recall commercial AI products from global distribution on an emergency basis, without prior judicial review, based on classified or undisclosed technical assessments. Whether you view this as a necessary exercise of sovereign authority over genuinely dangerous technology or as a politically motivated overreach against a company that defied the Pentagon depends largely on how much weight you give to each side’s technical claims — claims that, by design, the public is not permitted to fully evaluate.
What is not in dispute is that the relationship between frontier AI companies and the federal government has entered a new phase. The voluntary cooperation model that both sides have been operating under — companies share pre-release models, government provides feedback, companies retain final authority over deployment decisions — just demonstrated its failure mode. When the government’s feedback is “don’t deploy” and the company deploys anyway, the government reaches for export controls. The next frontier model launch from any American lab will happen under the shadow of that precedent.
For those of us who build with these tools, the lesson is both practical and philosophical. Practical: don’t build critical-path dependencies on a single frontier model without a fallback plan, because the risk profile now includes “the government turns it off on a Friday evening.” Philosophical: the era in which AI companies could position themselves as independent actors, setting their own safety standards and release timelines, may be ending. The question is what replaces it — a transparent regulatory framework grounded in technical evidence, or an ad hoc system in which political relationships and corporate informants determine which models reach the public and which get killed in their first week.
I was building with Fable 5 when it disappeared. I’ll be building with whatever comes next. But what happened this week changes the calculus for everyone who builds anything on top of these systems, and the precedent it sets will echo far beyond this single model and this single company.