The US government just pulled Claude Mythos offline globally. Three days after Anthropic launched it.

Five days ago I published a piece about Claude Fable 5 with three predictions. The headline one: that the free access window for Pro, Max, Team, and Enterprise subscribers would extend past 22 June.

It didn't extend. The US government pulled the model nine days before the free window was even due to close.

I'll own that plainly. The prediction was wrong. The reason it was wrong is one of the stranger sentences I've had to write in twenty years of covering this industry: a US federal export control directive pulled Claude Fable 5 and Mythos 5 offline globally on 12 June 2026, citing a jailbreak dispute, with a 90-minute compliance window. That's not a thing anyone was modelling for. "Government forcibly grounds the world's best AI model three days after launch" is not a scenario I had in my range of outcomes. It's still wrong, though. I'd rather explain it accurately than dress it up as something more insightful than it was.

Full disclosure, because the usual one-liner isn't adequate here: this blog runs on Claude API calls. This is our sixth consecutive Anthropic-centred article. We've made public predictions about Fable 5 that are now in serious doubt. And Webcoda is an Anthropic enterprise customer whose operational continuity depends on these models working. We're now reporting on a story where Anthropic is the sympathetic victim of government overreach. I'm trying to be fair. You should know the full shape of why that's harder than it sounds.

I also promised to run Fable 5 against real work before the free window closed and publish what we found. That's not possible anymore. When the model comes back, we'll do the test we said we'd do and write up the results honestly.

Here's the honest account of what actually happened.

What Actually Happened

Fable 5 and Mythos 5 launched on 9 June. Free access for paying subscribers ran through 22 June. Then, the Monday after launch, Dario Amodei published a paper called "Policy on the AI Exponential."

It's a carefully argued piece. Worth reading properly rather than through the social media lens it's about to get. The core argument: governments should have the authority to block or reverse frontier model releases that fail independent safety testing. Amodei used the FAA analogy specifically. An independent body, real enforcement power, the authority to actually ground something if it's unsafe. He's been making versions of this argument for years.

Forty-eight hours later, the US government grounded his aircraft.

On 12 June at 5:21pm ET, an export control directive landed at Anthropic's offices. The directive cited national security authorities and ordered Anthropic to suspend all access to Fable 5 and Mythos 5 by any foreign national. Which, since you can't reliably determine who is a foreign national on a cloud AI platform, meant the practical effect was pulling both models for every customer on every surface worldwide.

Simon Willison was monitoring the API in real time. He tracked the exact moment access failed: approximately 6:59pm PT on 12 June. His reaction on his blog was succinct: "Well this is nuts."

The 90-minute compliance window, incidentally, took about 4.5 hours to actually execute. Which tells you something about how hard it is to implement a global model shutdown when you've never had to do it before. I suspect nobody at Anthropic had a laminated procedure for this one.

Both models went offline. Claude.ai, the API, Bedrock, everything. Opus 4.8, Sonnet 4.6, and Haiku 4.5 were untouched and remain fully operational today.

As of 15 June, the site someone immediately registered, isfable5back.com, reads: No.

Anthropic published their official statement at anthropic.com/news/fable-mythos-access. A few quotes worth reading directly rather than paraphrased:

"The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance."

The directive letter "did not provide specific details of its national security concern."

On the jailbreak itself: "Anthropic reviewed a demonstration of this specific technique being used to identify a small number of previously known, minor vulnerabilities. These vulnerabilities all appear relatively simple, and Anthropic has found that other publicly-available models are able to discover them as well without requiring a bypass."

And on what it means if this standard holds: "If this standard was applied across the industry, we believe it would essentially halt all new model deployments for all frontier model providers."

The Dario paper thing. I know I've already mentioned it. But I've reread it a few times now and I still can't quite believe the sequence. He published a detailed, credible case for why governments should have the power to ground unsafe AI. He used the FAA analogy specifically, carefully, as the centrepiece of the argument. The US government read the brief, agreed with the principle, and applied it to him. Two days later. If someone pitched that as a screenplay beat you'd call it too on-the-nose.

The Dispute

The government's version comes primarily from David Sacks, Trump's AI and crypto adviser, who posted the administration's account on X.

David Sacks

@DavidSacks

I’ve had a number of conversations with folks inside and outside government about the current situation with Anthropic, and here is what I believe to be true:

— As we know, Anthropic publicly released its Mythos class models earlier this week under the commercial name Fable.

25.1K

13 June 2026

The core of Sacks' account: a trusted partner identified a jailbreak technique and reported it to Anthropic before any directive arrived. Dario Amodei was personally informed. His response was that it was "not a serious risk." He declined to fix the jailbreak. He also declined to voluntarily pull the model. Sacks' framing: "Anthropic prioritized the continued offering of the consumer model over safety."

If that account is accurate, the government's decision looks substantially more defensible than a cold 90-minute shutdown suggests.

Then there's the Amazon angle. This is the part of the story I had to reread twice, not because it's complicated, but because of what it means.

According to Fortune (14 June), Amazon CEO Andy Jassy contacted senior Trump administration officials on 12 June with a separate report from Amazon researchers. They found they could use specific prompts to extract restricted cybersecurity information from Mythos-class models. Amazon confirmed the contact. Their spokesperson described it as "not uncommon for governments to seek our counsel on potential security risks."

Amazon is Anthropic's largest investor. They run Anthropic's models on Bedrock. On the same day the government issued its directive, they warned the White House about their own portfolio company's flagship product. I don't have a tidy way to frame that and I'm not going to try. It's just an extraordinary fact sitting inside an already extraordinary news cycle.

There's also a disputed angle worth naming clearly. Semafor reported that government officials briefed journalists about a China-linked group that had accessed Mythos. The reporting was careful about what was unclear: which organisation, how they gained access, and how the White House learned of it. Anthropic's statement says the White House didn't raise Chinese access in their conversations around the Fable jailbreak. I'm flagging it as disputed because both characterisations can't be fully correct, and neither side has provided documentation. Don't treat it as established fact.

Anthropic's version of the pre-directive events: they received verbal evidence of a narrow, non-universal jailbreak. No comprehensive technical documentation. The vulnerability is real but minor. And GPT-5.5 can do the equivalent without any bypass at all.

That last claim is Anthropic's own, from their official statement, and I can't independently verify it. The government may have assessed the comparison and decided it doesn't hold at whatever capability level they're actually worried about. What I can say is that the claim circulated widely through the developer community and the government hasn't publicly rebutted it. One developer summarised the reaction: "They said someone found a way to trick the AI into doing illegal activities. That same trick works on GPT and other AIs too." Not a sophisticated legal argument. Possibly not accurate at the granularity that matters for national security assessments. But it's where a lot of practitioners landed.

The jailbreak exists. Nobody's contesting that. The fight is about proportionality. And here's the thing that makes it genuinely hard to call: Anthropic's strongest argument is GPT-5.5 equivalence. If the same technique works on a competitor's model without any bypass, and that model wasn't touched, then the action targeted Anthropic specifically rather than the capability generally. That's a significant problem for the stated rationale of the directive.

Sacks' strongest argument is simpler: Amodei was told, called it not serious, and declined to act. In a world where Anthropic has spent years arguing that the AI industry needs external governance with real enforcement power, declining to fix a government-reported jailbreak in your own flagship model is not an easy position to defend publicly, whatever you think of the underlying technical dispute.

The mechanism that resolved this is what I keep coming back to. A directive with no public technical documentation, no opportunity for independent review, a 90-minute window, applied to one firm while leaving equivalent capability at another firm untouched. One developer on X put it more dramatically than I would, but not entirely without basis: "You don't live in a democracy. You live under a permissioned intelligence regime." Overstated. Not entirely wrong.

What the Precedent Actually Is

R Street Institute's Mark Dalton published an analysis on 14 June that he titled, without apparent embarrassment, "The Fable Fiasco: A Bad Idea Applied Badly." Worth reading properly.

His central problem with the directive: enforcing nationality-based restrictions on cloud AI is practically impossible. VPNs exist. API wrappers exist. The moment you try to enforce "no foreign nationals" on a cloud service, you've got security theatre rather than security. ITAR and KYC requirements don't translate cleanly to cloud AI access in any way that's currently enforceable. So even if the underlying concern is legitimate, the mechanism chosen to address it doesn't actually address it.

And then the GPT-5.5 thing. If the jailbreak represents an unacceptable national security risk, and the same capability is available without any jailbreak on a competitor's model that wasn't touched, then the directive didn't address the risk. It addressed Anthropic. Those are different things, and the difference matters. Export controls as a consistent policy applied to capabilities is one thing. Export controls as a political instrument applied to specific firms is another, and it's a problem regardless of which side of the underlying dispute you find more credible.

I do want to be careful not to flatten the government's position, because the underlying question isn't an absurd one. Whether a commercial model can be deployed with capabilities that state adversaries can exploit is a legitimate national security question. The problem isn't that anyone asked it. It's that the answer arrived as a shutdown with a letter that "did not provide specific details of its national security concern," applied to one company while a competitor with equivalent capability continued operating without interruption.

On the IPO: Anthropic filed on 1 June at a $965 billion valuation, October 2026 NASDAQ listing target. Pre-IPO instruments moved after the shutdown. Prestocks tokens fell 9.11% in 24 hours. Hyperliquid's vntl:ANTHROPIC futures dropped somewhere in the 3-3.7% range (thinly-traded instruments, not reliable price discovery, but CoinDesk's read is accurate). The October roadshow now needs to price regulatory and national security risk as a line item. That's new for an AI company's prospectus in a way it wasn't a fortnight ago.

This is the first time a US federal directive has forced a deployed frontier model off the market. Whatever you think of the justification in this specific case, the mechanism has been used now. That changes the risk calculus for every frontier lab with US operations, which is most of them.

What We Got Wrong

The free window prediction was wrong. I said it would extend past 22 June. It was cut nine days short by government action. Wrong for a reason nobody could have anticipated, which is a real category of wrong. But still wrong.

In our last article we also predicted that Fable 5 would replace Opus 4.8 as our primary Claude Code model by mid-July. It can't do that if it doesn't exist. That one's now at risk, with the mid-July deadline still standing. If the model returns and delivers before then, the prediction survives. If not, it's missed.

And we promised a hands-on test before the free window closed. That's blocked until the model comes back.

New prediction, with a 15 July check date:

Fable 5 and Mythos 5 will be reinstated by 15 July 2026.

Here's the case. The technical dispute is narrow and resolvable. Anthropic has described the vulnerability as minor and has indicated it can be addressed. The GPT-5.5 equivalence argument is strong enough that if Anthropic can demonstrate it with documentation, it significantly undermines the proportionality basis for the directive. The IPO creates pressure on both sides: Anthropic needs the model back before the October roadshow, and the government has limited political upside in maintaining a shutdown of the world's best public AI model on grounds that demonstrably apply to a competitor they left untouched. And the Dario paper precedent, interestingly, cuts both ways: if the government is going to invoke Amodei's own framework, that framework also includes independent review, not just unilateral shutdown.

One scenario where this prediction fails entirely: if the Semafor reporting about Chinese access to Mythos is accurate and the government has classified intelligence to support it, the directive may rest on a foundation Anthropic can't see or rebut. In that case, "narrow and resolvable" is the wrong frame. I'm giving that scenario low weight because Anthropic disputed it specifically and because the government hasn't formally asserted it. But a prediction that ignores the tail risk it can't access isn't a real prediction. I'm naming it so you know the shape of what I don't know.

Check date: 15 July.

Related Article11 min read

Anthropic just released Claude Mythos to the public. Except they didn't.

Everyone spent six months waiting for Claude Mythos, and prediction markets priced its launch at 93%. What Anthropic actually shipped is Claude Fable...

Read full article

Related Article11 min read

Anthropic filed a $965 billion IPO. The same week, the Pentagon said it still can't be trusted.

Anthropic is filing an IPO valued at $965 billion while simultaneously being designated a Pentagon supply chain risk. The same week they filed, the...

Read full article

The Practical Answer Right Now

If you'd started evaluating Fable 5, or were planning to shift production work onto it before the 22 June window closed: go back to Opus 4.8 or whatever you were on before. Building a workflow dependency on a model that may or may not exist next week is exactly the sort of thing that looks obvious in hindsight. Opus 4.8 is still the same model it was a week ago. Nothing about it got worse because its successor got pulled.

We'll run the hands-on comparison we promised the moment Fable 5 comes back.

The bigger thing this week has exposed is something I hadn't thought about carefully enough before. Capability and availability aren't the same thing, and I'd been treating them as if they were. Fable 5 may be the most capable public AI model ever shipped. It was also offline three days after launch, for reasons that had nothing to do with how it performed. The gap between "what a model can do" and "whether you can actually use it" just got a lot wider, and anyone building production systems on frontier models needs to price that gap in a way they probably haven't been.

Sitting with all of this this week has been genuinely odd. Not because it's catastrophic, but because it just wasn't in the range of things I expected to be writing. Twenty years in this industry and the sentence "government grounds the world's best AI model three days after launch" still reads like a draft that got through by mistake. It didn't, though. It's the actual story.

We'll be here on 15 July either way.

Key Takeaways

What happened:

• Fable 5 and Mythos 5 launched 9 June, pulled offline 12 June by US export control directive
• a 90-minute compliance window; both models offline globally for all users
• Anthropic's three other models (Opus 4.8, Sonnet, Haiku) unaffected

The dispute:

• Government: Amodei was warned about the jailbreak, called it not serious, refused to fix or pull voluntarily
• Anthropic: narrow, non-universal technique, no comprehensive technical documentation provided, GPT-5.5 does the equivalent without any bypass
• Amazon (Anthropic's largest investor) separately warned the White House about its own portfolio company's model
• China-access angle exists in government briefings; Anthropic disputes it was raised in their conversations

The precedent:

• First time a US federal directive has forced a deployed frontier model off the market
• GPT-5.5 untouched despite equivalent capability: enforcement targeted one firm, not the capability
• IPO roadshow now needs to price regulatory/national security risk as a line item

---