The US Government Switched Off Anthropic's Most Powerful AI for the Entire World

The United States government has ordered a private American company to switch off its most advanced product for almost everyone on the planet — and the company complied within hours.

On Friday 12 June 2026, Anthropic disabled access to its two most powerful AI models, Fable 5 and Mythos 5, to comply with an export-control directive from the US government. In the company’s own words, the order required it to “suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees.” There was no way to honour that while keeping the models live for anyone, so Anthropic pulled them for every customer worldwide.

It is worth slowing down on what actually happened here, because it is far bigger than a product outage. A government reached into a lawful, three-day-old commercial product used by hundreds of millions of people and turned it off by decree. The precedent it sets, if it holds, threatens the American AI industry far more than whatever it claims to protect — and for the roughly 96% of humanity that is not American, it is a blunt message about who frontier AI is really for.

What actually happened

The facts matter here, and they are well documented.

On 12 June 2026, Anthropic received a directive from the US government at 5:21pm ET and, within hours, disabled both Fable 5 and Mythos 5 for every single customer — not just foreign ones — because that was the only way to guarantee compliance. Anthropic’s own statement describes the “net effect” plainly: “we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance. Access to all other Anthropic models will not be affected.”

According to Axios, which broke the scoop, the order came as a letter from Commerce Secretary Howard Lutnick to Anthropic CEO Dario Amodei, placing the models under export controls “to any location outside of the U.S. and to all foreign persons within the country,” and requiring a licence for the “export, re-export or domestic transfer” of the models. Reuters reported the same: the Trump administration is blocking foreign governments, companies and individuals from accessing Anthropic’s most advanced models, and Anthropic responded by cutting everyone off. By Friday night the story was driving a visible spike in searches for “anthropic”, which tells you the wider world noticed too.

The timing is brutal. Anthropic only released these two models on 9 June — Fable 5 as the safeguarded public model, and Mythos 5 as the same underlying model with some protections removed for vetted users. TechCrunch covered the launch three days before the government pulled the plug. So this was a model that lived, as a publicly available product, for roughly seventy-two hours.

What Fable and Mythos actually are

It is worth being clear about what these models are, because the naming is doing a lot of work. By Anthropic’s own description, Fable 5 and Mythos 5 are a new “Mythos-class” tier that the company positions above Claude Opus — its most capable models yet. Fable 5 and Mythos 5 are, underneath, the same model. The difference is the safety layer: Fable 5 is the version released to the general public with additional safeguards around dual-use capabilities, while Mythos 5 is the same model with those measures removed, made available only to a small set of approved organisations — initially through a US-government cybersecurity collaboration called Project Glasswing. The model documentation lists both at the same price: $10 per million input tokens, $50 per million output.

This sharpens the irony. The model the government pulled was Fable 5 — the safeguarded public version Anthropic deliberately built to be safe for general release. It was not the unrestricted Mythos variant. The government did not just pull the dangerous one; it pulled the one with the seatbelts bolted on, for everyone, worldwide.

The “jailbreak” that triggered this was asking the model to fix a bug

Here is the part that should give everyone pause. The government did not, according to Anthropic, hand over a detailed technical case. Anthropic’s statement says: “The letter did not provide specific details of its national security concern. Our understanding is that the government believes it has become aware of a method of bypassing, or ‘jailbreaking’ Fable 5.”

So what was the terrifying jailbreak? In Anthropic’s words: “To date, the government has only given us verbal evidence of a potential narrow, non-universal jailbreak, which essentially consists of asking the model to read a specific codebase and fix any software flaws.”

Read that again. The capability that supposedly threatens national security is asking an AI to read code and fix the bugs in it — the single most common, mundane thing developers do with these tools every single day. Anthropic goes further and says it “validated that the level of capability displayed there is widely available from other models (including OpenAI’s GPT-5.5), and is used every day by the defenders who keep systems safe.”

Axios reports the chain of events: another company claimed it could jailbreak Mythos, this alarmed the administration, the administration tried to get Anthropic to pause the launch, Anthropic declined, and the export-control letter followed. Anthropic’s blunt assessment of the standard being applied: “If this standard was applied across the industry, we believe it would essentially halt all new model deployments for all frontier model providers.”

To be fair: Washington’s fear is not irrational

It is only fair to put the government’s case at its strongest, because the underlying worry is real. The Mythos family is genuinely frightening on cybersecurity. When Anthropic previewed it in April, its own red team reported that Mythos Preview “is capable of identifying and then exploiting zero-day vulnerabilities in every major operating system and every major web browser when directed by a user to do so” — and that engineers with no security training could get a complete working exploit overnight. That is not nothing. Former US National Cyber Director Kemba Walden called Mythos “a clarion call to address weaknesses in our cyber ecosystem,” describing a model that “autonomously builds and chains exploits — and then covers its tracks.”

So I get why officials are nervous. But notice that Anthropic anticipated exactly this. Fable 5 was deliberately shipped as “Mythos on a leash” — its classifiers route sensitive cybersecurity and biology queries to its next-most-capable public model, Opus 4.8, and Anthropic kept the full-strength Mythos behind the vetted Project Glasswing circle. The company built the deployment controls first, then the government overrode them by banning the leashed version too. If the fear is real, the remedy still has to make sense — and recalling the safeguarded model while the same capability stays on sale elsewhere does not.

This is an export control. Understand what that machinery is.

The word “export” is doing enormous work here, so it is worth being precise about the legal apparatus, because it is genuinely alarming once you see it.

US export controls are administered by the Commerce Department’s Bureau of Industry and Security (BIS) under the Export Administration Regulations. The concept that lets a directive reach me, in Australia, and also a foreign-national engineer sitting in an office in San Francisco is the deemed export. It is not a metaphor; it is black-letter regulation. 15 CFR § 734.13 defines “export” to include “releasing or otherwise transferring technology or source code to a foreign person in the United States,” and says any such release “is a deemed export to the foreign person’s most recent country of citizenship or permanent residency.” BIS spells it out: showing controlled technology to a foreign national, even one standing in your own office, is legally an export to their home country. That is why Anthropic’s order explicitly covers “foreign national Anthropic employees.” The US government has not just blocked a product at the border. It has reclassified a commercial AI model as something closer to a controlled munition, where the act of showing it to the wrong nationality is the regulated event.

Where does the power come from? The permanent authority is the Export Control Reform Act of 2018, and in particular its provision for controlling “emerging and foundational technologies” essential to national security — which is the natural hook for frontier AI. Sitting behind that is the International Emergency Economic Powers Act, which lets the President “investigate, block … regulate … prevent or prohibit, any … exportation … [or] transfer” of property once a national emergency is declared. And crucially, this is not unprecedented as an idea: the Biden administration’s AI Diffusion Rule (January 2025) already created a control — ECCN 4E091 — that treated the weights of the most advanced closed models as a controlled commodity, before the Trump administration rescinded it in May 2025. The machinery to treat a model like a weapon has been quietly assembled over years. Friday was the day someone pulled the lever on a live consumer product.

Sit with the implication. A huge fraction of the engineers who build these systems in America are foreign nationals. An order that bars foreign nationals from a model bars some of the very people who built it from touching their own work. Anthropic itself flagged this — the directive hits its own employees.

We have already watched this movie with chips

The US has spent years treating AI as a national-security asset to be fenced off, and we have a very clear record of how that goes. The chip controls are the precedent, and they are not a happy one.

It started in October 2022, when BIS restricted advanced AI accelerators to China, instantly making Nvidia’s A100 and H100 non-compliant. Nvidia simply designed the cut-down A800 and H800 to sit just under the threshold. So in October 2023 BIS rewrote the rule to close that gap. Nvidia designed the even-more-cut-down H20. In April 2025 the government required a licence for the H20 too, and Nvidia took a ~$5.5 billion charge. Then it reversed course and let H20s flow again — under a bizarre arrangement where Nvidia and AMD hand 15% of their China chip revenue to the US government for the privilege of an export licence. Whatever that is, it is not a coherent national-security policy.

And the man whose company lived it has been blunt about the result. Nvidia CEO Jensen Huang stood up at Computex in 2025 and said the quiet part out loud: “The export control was a failure.” His reasoning is the whole point: “AI researchers are still doing AI research in China. If they don’t have enough Nvidia, they will use their own.” By his own account, Nvidia’s share of China’s AI-chip market fell from about 95% to effectively zero — not because demand vanished, but because the controls “gave them the spirit, the energy, and the government support to accelerate their development.”

That is the lesson nobody in Washington seems to absorb: when you wall off an American product, you do not delete demand — you redirect it. And the redirection has a name now. CSIS documented how DeepSeek’s R1, released in January 2025, “cemented its reputation as the top frontier AI research lab in China and caused a reassessment of assumptions about the landscape of global AI competition” — frontier-class performance at far lower cost, with user adoption so fast its servers buckled. Customers do not stop wanting frontier AI because they cannot have Claude. They go and get someone else’s — and increasingly, someone else’s is very, very good.

Code as speech — an old fight, unresolved

There is a deeper, almost philosophical problem buried in here, and it is not new. In the 1990s the US tried to treat strong encryption as a controlled munition. A mathematician named Daniel Bernstein challenged it, and in Bernstein v. United States the courts wrestled with whether source code is protected speech under the First Amendment. The Ninth Circuit panel famously found that it was, and the entire crypto-export regime eventually crumbled under that pressure.

A model is not source code in the Bernstein sense, but the analogy is uncomfortably close: the government is asserting the power to control who may read the outputs of, and interact with, a piece of software, on national-security grounds, with the regulated act being the transfer of information to a foreigner. We litigated a version of this thirty years ago and the government lost. Nobody should assume the AI version is settled law.

What it means for developers outside America

The message just delivered to every developer, startup, and enterprise outside the United States is stark: American frontier AI can be revoked at any moment, retroactively, by executive directive, with no warning and no process to appeal. Anyone who had built workflows on Fable 5 watched them break on Friday — not for anything they did, but because a government they did not vote for and are not citizens of decided foreign access to the model was a national-security risk. Asking a chatbot to read and fix your code is now, apparently, a controlled activity if you hold the wrong passport.

Anthropic, to its credit, apologised — “We apologize for this disruption to our customers” — and says it believes this is a misunderstanding it is working to reverse. That is almost certainly true, and Anthropic is not the party that pulled the trigger. But goodwill does not change the risk calculus. You cannot build a business on an input that a foreign government can switch off without notice or appeal. The rational response is to hedge and diversify away — not out of disloyalty to American AI, but as basic risk management. And that quiet, rational flight is exactly the outcome that should worry Washington most.

Why this could break Anthropic — and hand the game to its rivals

Here is the part I keep coming back to, and it is the genuinely dangerous bit for the American AI industry.

Anthropic is a US company. So is OpenAI. The entire pitch of American AI to the world is “build on us.” A huge share of these companies’ usage and revenue is international. An API-and-cloud business is uniquely exposed to a “no foreign nationals” rule in a way that, say, an exported physical good is not — the product is remote access, and remote access is exactly what got switched off. Cut Anthropic off from every foreign national on the planet and you have not regulated a model; you have amputated its market.

And notice the cruel asymmetry. Anthropic itself points out that the very capability in question is available in OpenAI’s GPT-5.5. So this action does not make the capability disappear from the world. It selectively kneecaps one American company while its American competitor keeps selling. Today it is Anthropic. There is nothing about the mechanism that stops it being OpenAI next week, on someone else’s say-so. A precedent that lets the government disable any frontier model on a single unverified jailbreak claim is a sword hanging over all of them.

Zoom out and it is worse. Every foreign customer Anthropic just lost is a customer that will go shopping — and the alternatives are no longer only American. The world now has capable models out of China and Europe. A US export-control regime that makes American AI unreliable for the 96% of humanity that is not American is, functionally, the single best growth strategy a non-American AI lab could ask for. We may look back on this as the moment the US handed away the one market that actually mattered: everyone else’s.

This is the irony that should keep policymakers up at night. The stated goal is to protect American national security by controlling powerful AI. The likely effect is to make American AI globally untrustworthy, push the world onto non-American models, and weaken the exact companies the policy claims to champion.

The anti-AI mood is what made this possible

None of this happened in a vacuum. A government only reaches for an emergency switch like this when it believes the public will applaud — and the public mood on AI has curdled. Pew Research now finds half of US adults are more concerned than excited about AI in daily life, against just 10% who are more excited than concerned. That concerned share has climbed from 37% in 2021 — a 13-point jump in four years. Stanford’s 2026 AI Index documents the same anxiety, and a widening gap between AI insiders and everyone else.

I am an AI optimist, so I say this carefully: a lot of that anxiety is earned. People watch their juniors’ job prospects, their kids’ homework, and their newsfeeds get churned by this stuff, and they are uneasy. Then a model arrives that can autonomously find and exploit zero-days, the cyber threat is serious enough that it brings Anthropic’s CEO back into the White House to meet the Chief of Staff and the Treasury Secretary, and the doom narrative writes itself. In that climate, “we switched off the scary AI to keep you safe” is a politically rewarding sentence, regardless of whether it withstands ten minutes of technical scrutiny.

And here is the bitter irony I cannot get past. A lot of the loudest anti-AI campaigning comes from people who cast themselves as opponents of unchecked corporate and state power — populist critics and online commentators who built big audiences arguing that AI is a scam, a theft machine, a clear and present danger. Whatever you make of those arguments on their merits, look at what the campaign actually produced. It did not rein in the labs. It handed the government a loaded political weapon and a public primed to cheer when it goes off. And the first thing that weapon was used for was not protecting artists or workers — it was the executive branch reaching into a private company and switching off a lawful product for the entire planet, with no due process, on a claim it would not even put in writing. The anti-AI movement said it wanted a check on power. What it manufactured was a blank cheque for it.

That is the trap. Anti-AI sentiment creates a permission structure for heavy-handed, under-reasoned state action — and because the action is dressed in the language of safety, the normal checks feel like obstruction. The danger is that we let a genuine, legitimate unease about AI be laundered into a precedent that lets the government disable lawful software by decree. You can be worried about AI and alarmed that this is how your government chose to act on that worry. I am both.

The precedent is the real story

Strip away the specifics and what remains is this: a government reached into a private company and switched off a lawful, just-launched product used by — in Anthropic’s words — “hundreds of millions of people,” on the strength of a narrow, verbally communicated claim it would not document, and which the company says it could not even reproduce as anything serious.

Anthropic has been consistent about where it stands, and I think it is right: “we believe the government should have the ability to block unsafe deployments, as part of a statutory process that is transparent, fair, clear, and grounded in technical facts. This action does not adhere to those principles.” A government absolutely should be able to act against genuinely dangerous technology. But it has to do so through a process — notice, evidence, a chance to respond, judicial review — not a Friday-evening letter that nukes a product for everyone.

This is not even Anthropic’s first collision with Washington this year. As CNBC notes, the Department of Defense earlier declared Anthropic a “supply chain risk” — a label historically reserved for foreign adversaries. Breaking Defense reported that the designation came under Title 10 § 3252, and that a federal judge, Rita Lin, granted Anthropic a preliminary injunction, finding the stated reasons “were pretextual and that [the government’s] real motive was unlawful retaliation.” Fortune quoted the judge’s line in full: “Nothing in the governing statute supports the Orwellian notion that an American company may be branded a potential adversary and saboteur of the U.S. for expressing disagreement with the government.”

This is now serious enough that the Congressional Research Service has written it up for lawmakers, and legal scholars at Lawfare warned that punishing a domestic company “without notice or an opportunity to be heard” looked like “the beginning of a partial nationalization.” So the relationship between the leading US AI safety lab and the US government is now openly adversarial — litigated in multiple courts. Read that sentence again and tell me it sounds like a healthy basis for “winning the AI race.”

And it is worth being specific about why they fell out, because it reframes everything that has happened since. Breaking Defense reported that the Pentagon’s blacklisting stemmed from disagreements over safeguards Anthropic placed on the use of its AI systems for surveillance and autonomous weapons. Anthropic would not drop them. Negotiations collapsed. The “supply chain risk” label followed — and a judge then found that label was likely unlawful retaliation for the company “expressing disagreement with the government.”

Now hold that pattern up against Friday. A company that has repeatedly told the US government no on weapons and surveillance, that is currently suing the administration, ships the most capable models it has ever built — and within seventy-two hours that same administration invokes emergency national-security export powers to switch those models off for the entire world. I cannot prove motive and I will not pretend to. But a federal judge has already ruled that the last time this administration reached for a national-security label against Anthropic, the label was a pretext for payback. You do not need a conspiracy theory to ask whether this is the next chapter of the same story. You just need to read the docket.

Safety is the costume. Containment is the play.

Let me state plainly what I think is actually going on, because the “safety” framing does not survive contact with the mechanism they chose.

If your genuine concern is a dangerous capability, you restrict the capability. You do not restrict it by passport. But an export control is, by construction, a nationality instrument — the deemed-export doctrine makes the regulated event “a foreigner saw it,” not “harm occurred.” This order does not make Fable’s capabilities disappear. By Anthropic’s own account the same capability ships today in OpenAI’s GPT-5.5. So the policy is not “this is too dangerous to exist.” The policy is “this is too good to share.” Those are completely different statements, and only one of them is about safety.

We have even seen the blueprint written down. The AI Diffusion Rule explicitly carved the planet into tiers: a handful of favoured allies with near-unrestricted access, most of the world capped, and a long list of countries barred outright. The ambition to ration frontier AI by geography is not a conspiracy theory; it is published policy. Friday’s directive is that same instinct applied with a sledgehammer to a single live product. Strip off the safety costume and what is underneath is techno-nationalism: keep the crown jewels inside the border, and let the other ~96% of humanity make do with less. “Safety” is the word you reach for because it is the one word that makes the rest of us feel churlish for objecting to being locked out.

Wrap-up

The facts are damning enough on their own. The trigger was a model fixing a bug. The mechanism was an export-control deemed-export rule designed for munitions and microchips. The blast radius was every foreign national on Earth, including Anthropic’s own staff. The legal theory has lost in court before. And the predictable result is to weaken American AI companies while doing nothing to remove the capability from the world, because the same capability ships in a competitor’s product today.

If the United States wants to lead in AI, this is precisely how it loses that lead — not to a better model, but to its own willingness to make its best companies unusable to everyone outside its borders. Anthropic may well be right that this is a misunderstanding that gets reversed quickly. But the precedent has now been set, and precedents are sticky. The developers, startups, and enterprises outside America who built on these models — and the foreign-national engineers who built the models in the first place — are watching very closely, and many are already thinking about their hedges.

I will update this post as more primary documentation becomes public. As of writing, the government had not released the underlying directive, and Anthropic said it would share more details over the following 24 hours.