U.S. Government Bans Foreign Nationals from Using Fable 5, Anthropic Issues Rebuttal

Author: Xiong Lei

Editor: Xu Qingyang

On June 12th, U.S. time, a rare direct confrontation between government and industry in the history of AI regulation erupted abruptly this Friday.

The U.S. government, citing national security concerns, issued an export control directive to Anthropic, demanding the immediate suspension of all access to the Fable 5 and Mythos 5 AI models by foreign entities. The directive's scope is extremely broad, applying not only to foreign users outside the United States but also to foreign citizens within U.S. territory, even including foreign employees within Anthropic itself.

As a compliance measure, Anthropic had to shut down access to these two models for all users—the only feasible solution currently available to ensure compliance, as the company lacks the technical capability to precisely distinguish between "foreign entity" and "U.S. citizen" user groups. Access to the company's other models remains unaffected, with users automatically falling back to Claude Opus 4.8.

This emergency suspension came as a sudden shock. Fable 5 and Mythos 5 were officially released on June 9th, only three days prior. The abrupt removal of these two models has caused widespread reverberations within the tech industry and AI community.

01 What Exactly Are These Two Models?

To understand the core tension of this incident, one must first understand what kind of models Fable 5 and Mythos 5 are, and why they have been under the regulatory spotlight from the beginning.

Mythos is a new model family from Anthropic that sits at a higher capability tier than the Opus series, representing the highest capability level currently deployable by Anthropic for public use. The first Mythos-class model, Claude Mythos Preview, was released in April this year through the "Project Glasswing" initiative, with access strictly limited to a select few partners, citing its overly powerful capabilities in cybersecurity as unsuitable for broad release.

Fable 5 is the first Mythos-level model officially released to the general public, surpassing all previously available models from Anthropic in capabilities, achieving top-tier industry benchmarks in nearly all tests, including software engineering, knowledge work, visual understanding, and scientific research.

To enable public release, Anthropic equipped Fable 5 with dedicated safety guardrails—in high-risk areas such as cybersecurity, biology, and chemistry, the model automatically blocks responses and falls back to Claude Opus 4.8 for processing.

Mythos 5 is a version built on the same underlying model but with fewer safety guardrails, available only to approved institutions that previously had access to Project Glasswing. It is positioned as a professional tool for cybersecurity defenders and critical infrastructure operators. Both models are priced identically at $10 per million input tokens and $50 per million output tokens.

02 The Trigger for the Directive

According to reports, U.S. Secretary of Commerce Howard Lutnick sent a letter to Anthropic CEO Dario Amodei (Dario Amodei) on June 12th, announcing that Mythos 5 and Fable 5 would be subject to export controls. The immediate trigger for this decision was a claim from another company that it could "jailbreak" Mythos, alerting the Trump administration to potential national security risks.

It is reported that the Trump administration had previously attempted to prevent Anthropic from releasing these two models but was unsuccessful—prompting the subsequent, more forceful measure of export controls.

Faced with this sudden directive, Anthropic, while complying with its execution, issued an unusually strongly worded, lengthy statement, systematically rebutting the government's rationale.

Anthropic argues that the government's evidence of a "jailbreak" pertains only to a very narrow, non-generalizable attack method. Essentially, it involves instructing the model to read a specific code repository and fix software vulnerabilities within it—a capability that also exists in other publicly available models, including OpenAI's GPT-5.5, and is used daily by cybersecurity defenders for normal system maintenance.

Anthropic explicitly stated in its declaration that if "the existence of a limited-scope potential jailbreak" were to become the standard for recalling already-deployed commercial models, it would effectively bring all new deployments of frontier models across the entire industry to a halt. The company also emphasized that this government action did not follow the transparent, fair, and technically fact-based legal procedures it had previously publicly called for.

Anthropic stated it would comply with the government's lawful directive while actively engaging in communication with the government to work towards restoring access as soon as possible, promising to release more technical details within the next 24 hours. The company believes this incident stems from a misunderstanding and deeply apologizes for the inconvenience caused to users.

The following is the full text of the statement released by Anthropic, titled "Statement Regarding the U.S. Government's Directive to Suspend Access to Fable 5 and Mythos 5":

The U.S. government, citing national security authority, issued an export control directive requiring the suspension of access to Fable 5 and Mythos 5 for all foreign nationals, regardless of whether they are inside or outside the United States, including foreign employees of Anthropic. The practical effect of this directive is: we must immediately shut down Fable 5 and Mythos 5 for all users to ensure compliance. Other Anthropic models are unaffected.

We received this directive at 5:21 PM Eastern Time today. The letter did not specify the specific national security concerns. To our understanding, the government believes it possesses a method to bypass Fable 5's safety guardrails, referred to as a "jailbreak" technique. We reviewed a demonstration of this technique and found it only capable of identifying a small number of previously known, low-impact vulnerabilities. These vulnerabilities are all relatively simple; other publicly available models can identify the same issues without requiring a jailbreak.

In our Fable launch blog post, Anthropic articulated our position regarding its safety guardrails, as follows:

We have established robust safety guardrails that significantly reduce the likelihood of Fable being misused for cybersecurity-related tasks, among others. In fact, some users have reported that our guardrails are overly strict.

For weeks prior to Fable's launch, Anthropic collaborated with the U.S. government, the UK's AI Safety Institute, multiple third-party organizations, and internal teams, conducting cumulative thousands of hours of red-teaming on Fable's safety guardrails. The results showed that Fable's safety guardrails were markedly more effective than those of any previously deployed model.

To date, no testers have been able to find a "generalized jailbreak" method—that is, a jailbreak capable of comprehensively breaching the model's safety guardrails and unlocking a wide range of cyberattack capabilities.

We believe that, currently, no model provider can achieve perfect jailbreak protection. All guardrail mechanisms in the industry are susceptible to being bypassed by "non-generalized jailbreaks" (i.e., obtaining limited cyber information under specific circumstances), and generalized jailbreak methods may also emerge in the future. We made this clear at the time of Fable 5's launch.

Given that perfect jailbreak protection is currently infeasible, Anthropic adopted a defense-in-depth strategy for Fable 5. Our goal is to make jailbreak attacks either extremely narrow in scope (for non-generalized jailbreaks) or prohibitively expensive (for generalized jailbreaks), complemented by comprehensive monitoring to quickly detect and contain any successful attacks. This is also the reason Anthropic requires customer data retention for 30 days—although this policy has real impacts on our customer relationships, it aids our research and response to jailbreak risks.

We stand by this defense-in-depth strategy. It effectively reduces the risks posed by Fable to a level comparable with existing deployed models in the industry.

To date, we have not even received any formal disclosure regarding a non-generalized jailbreak that could lead to harmful consequences. The potential jailbreak cases disclosed to us are either entirely harmless or constitute only minor findings that do not demonstrate capabilities exclusive to Mythos.

Currently, the U.S. government has only provided us with verbal evidence regarding a potential, limited-scope, non-generalized jailbreak method. Its essence is instructing the model to read a specific code repository and fix software vulnerabilities within it. To our knowledge, this potential jailbreak method has been shared with the government. We reviewed a report—which we believe forms the basis for the government's directive—and have verified that the level of capability demonstrated in the report is similarly prevalent in other models (including OpenAI's GPT-5.5) and is used daily by cybersecurity defenders to maintain system security. We will release more details within the next 24 hours.

We will comply with the government's lawful directive and shut down access to Fable 5 and Mythos 5 for all users. However, we do not agree that the discovery of a limited-scope potential jailbreak method is sufficient grounds to recall a commercial model already deployed to hundreds of millions of users. Applying this standard across the industry would effectively bring all new model deployments by frontier model providers to a complete standstill.

We have publicly stated that governments should have the authority to prevent the deployment of unsafe models based on transparent, fair, clear, and technically fact-based legal procedures. This action did not adhere to those principles.

We deeply apologize for the inconvenience caused to our users. We believe this incident stems from a misunderstanding and are actively working to restore access as soon as possible.