At 5:21pm Eastern on Friday, June 12, 2026, Anthropic received an export-control directive from the US Department of Commerce. It ordered the company to make Claude Fable 5 and Claude Mythos 5 — its two most capable models, both launched seventy-two hours earlier on June 9 — unavailable to “any foreign national, whether inside or outside the United States.” Within hours, Anthropic disabled both models for every customer on Earth.

It is the first time in history that a US government order has removed a commercial AI model from the market.

Key Facts
Directive received
June 12, 2026, 5:21pm ET
Issuing agency
US Department of Commerce
Targets
Claude Fable 5 and Claude Mythos 5 only
Scope
Block all foreign nationals worldwide, including foreign nationals working inside the US — Anthropic's own non-citizen employees included
Anthropic's response
Disabled both models globally for all users; complied with the directive while publicly disputing the rationale
Unaffected
Claude Opus 4.8 and all other Anthropic models
Stated reason
Government learned of a "technique to bypass Fable 5's safeguards"

What the order actually said

The directive came under US export-control authority — the same legal regime that governs how advanced chips ship to China and how cryptography software crosses borders. Commerce’s instruction was not “disable these models.” It was narrower and stranger: block all foreign nationals from using them, regardless of where those people are physically located.

That distinction is what forced the global shutdown. Anthropic has no real-time way to verify the citizenship of every individual user routing through its API or apps. A US-based startup using Fable 5 might employ a green-card holder in San Francisco; a French researcher might log in from a hotel in Boston. The company concluded that the only way to comply with certainty was to switch the models off for everyone and keep them off until the order is modified.

The legal mechanism Commerce invoked treats Fable 5 and Mythos 5 not as products but as controlled technology — closer in regulatory category to a high-performance GPU than to a piece of consumer software. That framing matters for what comes next: it is now a documented precedent that frontier AI weights can be export-controlled at the level of who can interact with them, not just where they can be downloaded.

The jailbreak the government cited

Per Anthropic’s own statement, the trigger was a single demonstration. Another company — not publicly named — showed Commerce a technique that bypassed Fable 5’s safety classifiers. Anthropic was given the chance to review the demonstration before complying.

Their assessment, in their own words:

"We disagree that the finding of a narrow potential jailbreak should be cause for recalling a commercial model deployed to hundreds of millions of people." — Anthropic statement, June 12, 2026

The company’s characterization of the specific technique: it consisted of asking the model to read a particular codebase and identify or fix software flaws — a capability widely available in competitors’ systems and not, in Anthropic’s view, a universal bypass. The vulnerabilities it surfaced were described as “minor and already-known.”

If that characterization is accurate, the standard Commerce applied is extraordinary. Every frontier model on the market today — OpenAI’s GPT-5.4, Google’s Gemini, Meta’s Llama family, Mistral — can be coaxed into reading code and pointing at weaknesses. That is, in fact, one of their advertised commercial use cases. If “narrow, non-universal jailbreak demonstrated by a third party” is the bar for an export-control directive, the same bar can be cleared against every comparable model by the end of the week.

Anthropic’s public position is exactly this. The company’s argument is not that Fable 5 is safe in some absolute sense; it is that the standard the government applied, if generalized, would shut down every comparable deployment in the country.

The other jailbreak — the one the government didn’t cite

Here is the part that complicates the story.

In the days between Fable 5’s June 9 launch and the Commerce directive, a well-known independent researcher operating under the handle “Pliny the Liberator” publicly demonstrated a substantially deeper bypass of Fable 5. The technique combined multi-agent decomposition, Unicode and Cyrillic homoglyph substitution to evade keyword classifiers, long-context reference smuggling, and narrative framing — the standard modern jailbreak stack, deployed competently and at scale.

What the bypass produced is the part that should be taken seriously:

  • Fable 5’s approximately 120,000-character system prompt, posted to GitHub
  • Step-by-step guidance for stack buffer overflow exploitation on x86 Linux, including disabling ASLR and writing intentionally vulnerable C servers with strcpy
  • Synthesis routes for chemical reductions (Birch reduction was specifically demonstrated)
Sourcing note: The Pliny jailbreak is reported through the security press, not Anthropic. Anthropic has not publicly confirmed which specific demonstration it reviewed for the Commerce Department. It is possible — but unconfirmed — that the technique Commerce was shown is related to or downstream of the Pliny work. The narrow characterization in Anthropic's statement is in tension with what Pliny publicly demonstrated, and that tension has not been reconciled in any public document as of writing.

If the Commerce demonstration was the narrow code-review technique Anthropic described, the government’s response is disproportionate. If it was the Pliny-style bypass, the response is more defensible, but Anthropic’s public framing becomes harder to credit. Both readings cannot be true simultaneously. Neither side has clarified.

Why “no foreign nationals” became “no one”

The shape of the directive — restricting users by citizenship rather than location — is the signature of export-control thinking applied to a service. Hardware export controls work because chips have serial numbers and shipping manifests. Software export controls work because software has download endpoints that can be geo-fenced. A live API call from an authenticated user can be neither.

Anthropic’s choice to disable globally rather than attempt a partial block was a compliance decision, not a product decision. The company has no reliable way to determine in real time whether a logged-in account belongs to a US person, a green-card holder, a visa holder, or a foreign national logging in from a US IP address. Attempting to enforce the directive with incomplete information would expose the company to liability for any miss.

The practical consequence: an Anthropic employee on an H-1B visa, working at the San Francisco office, currently cannot use the company’s own most capable models. The same is true for foreign post-docs at US labs, for non-citizen employees at Anthropic’s enterprise customers, and for any user whose citizenship Anthropic cannot positively verify — which is almost all of them.

What this means going forward

Three things are clearly established.

One: the export-control framework now extends to live AI services. This had been discussed as a possibility for two years. As of June 12, it is operational law. Future frontier launches will be planned with this in mind. Compliance review will happen before launch, not after.

Two: the bar for triggering a directive is now publicly contested. Anthropic’s statement is, among other things, a regulatory comment in real time. The company is arguing — correctly or not — that if a narrow demonstrated jailbreak is sufficient grounds for a global pull, no new frontier model can be deployed without indefinite suspension risk. Whether that argument prevails in the back-channel resolution of this specific case will shape every subsequent enforcement decision.

Three: the asymmetry between US and non-US models is now a fact, not a worry. A directive of this shape applies to companies under US jurisdiction. It does not apply to DeepSeek, to Qwen, to Mistral’s Paris-hosted endpoints. If the Commerce Department’s standard becomes routine, the long-term effect is to push the most capable frontier deployments offshore, not to restrict them. Whether the administration considers that a feature or a bug is unclear from the public record.

Bottom Line

The rumor circulating in private chats today is substantially accurate: Commerce ordered Fable and Mythos restricted from foreign nationals over a jailbreak concern, Anthropic disabled both models worldwide rather than attempt a partial block, and the order extends to Anthropic's own non-US staff.

What the rumor leaves out is the live disagreement. Anthropic publicly maintains the cited technique is narrow and unremarkable. A separate, more aggressive jailbreak from an independent researcher is publicly documented and includes a leaked system prompt and exploit-generation guidance — and it is not clear which demonstration Commerce relied on.

This is genuinely a first. A US government directive has removed a commercial AI model from the market. Whatever resolution arrives in the next twenty-four to seventy-two hours will set the template for every future frontier release — both at Anthropic and at every competitor watching this case for what the new rules actually are.