Anthropic launched Claude Fable 5 and Claude Mythos 5 on June 9. Three days later, a US export order told the company to cut off every foreign user, and Anthropic said it could not filter by nationality in real time.
On June 9, Anthropic launched two AI models it called its most powerful ever. On June 12, the US government told the company to shut them down for anyone outside America, and Anthropic discovered it had no way to do that.
The directive arrived as a letter from Commerce Secretary Howard Lutnick to CEO Dario Amodei at 5:21 pm Eastern time on June 12, ordering Anthropic to suspend all access to Claude Fable 5 and Claude Mythos 5 by any foreign national, whether inside or outside the United States, including the company's own foreign-born engineers. Anthropic said the order covered any foreign national and could not be filtered by nationality in real time, so it disabled both models for every customer worldwide rather than risk a partial compliance failure. Access to every other Anthropic model continued, according to the company's statement on the directive.
The two models in question had been on the market for less than a week. Claude Fable 5 had gone to general availability on June 9, marketed as the company's first mythos-class model safe for broad commercial use. Claude Mythos 5, the more capable sibling, had stayed restricted to participants in a controlled-access program called Project Glasswing, a partnership with selected biology and frontier-research labs that began in April, according to Anthropic's launch post and news index. Both releases followed the standard sequence: a closed partner preview, a public launch, and then weeks of integration work by paying customers. That integration work was interrupted on a Friday afternoon, three days after the public launch.
The government's stated reason was national security. The directive cited a method for jailbreaking Fable 5, a technique that, in the Commerce Department's reading, exposed a capability that could be turned against US interests. Anthropic publicly disputed both the severity and the precedent. The company argued that the jailbreak method identifies only minor code vulnerabilities, that the same class of trick already works on rival systems including OpenAI's GPT-5.5, and that pulling Fable 5 was a disproportionate response. David Sacks, the White House's co-chair of the Council of Advisers on Science and Technology, said on X that the administration had Amodei on a choice between fixing the vulnerability or taking the model off the market, and that Amodei refused. Sacks framed the refusal as inconsistent with Anthropic's stated commitment to AI safety.
Behind the public dispute sits a separate, longer-running fight. The Pentagon under Pete Hegseth had previously designated Anthropic a Supply-Chain Risk to National Security, a blacklisting that Anthropic is suing to reverse, and President Trump had earlier ordered federal agencies to stop using Anthropic products. The June 12 directive is a different legal track from the supply-chain designation, but it lands inside the same political trajectory: an administration that has framed frontier AI as a national-security asset, and a company that has refused to allow its technology to be used for mass surveillance or fully autonomous weapons.
That is the part of the story the wire ledes have missed. The directive is being read as a moment of US assertiveness, a sign that Washington is willing to weaponize export controls the way it has for chips and semiconductor tooling. But the operational record from the four-day window tells a different story. Anthropic's compliance memo made a single admission that has not been widely unpacked: the company said it could not, technically, tell which user was American and which was not in real time, so it pulled the models for everyone. The directive ordered a nationality filter, and the underlying service could not implement one.
That gap matters. Export controls on hardware work because the controlled object is a physical thing, a lithography machine or a high-bandwidth-memory chip, that can be inspected, shipped, intercepted, and traced. AI models are software served over the internet. There is no shipping event to intercept and no clean technical seam at which a model server can ask a user, in a way the user cannot spoof, whether they are a US person at that moment. The closest existing techniques involve IP geolocation, payment-instrument checks, and corporate-customer verification at onboarding, none of which are robust against a determined foreign user, and none of which Anthropic had built into Fable 5 because the model was a generally available commercial product.
This is what the European and Canadian reactions, in their different registers, are pointing at. The European Commission's spokesperson, Thomas Regnier, said the new generation of highly capable models raises serious cybersecurity concerns but that contingency measures should not be discriminatory against partners, according to a June 13 Euronews roundup of allied responses. French politicians including Bruno Retailleau, Benjamin Haddad, Édouard Philippe, and Jordan Bardella, and British figures including Tom Tugendhat and Al Carns, used the moment to call for indigenous AI capacity. Geert Wilders, in the Netherlands, framed AI as a matter of national sovereignty. Finnish MEP Aura Salla put it in operational language: Europe cannot continue to increase its technical potential by relying on access that can be turned off by a foreign government overnight. Canadian Prime Minister Mark Carney, speaking in Ireland ahead of the G7 summit, framed the restrictions as a lesson in diversification and a risk of overreliance on a small number of American providers, as reported in an Artificial Intelligence News analysis that aggregates the principals' statements.
The timing is not accidental. The European Commission published its Technological Sovereignty Package, including a Cloud and AI Development Act, on June 3, nine days before the shutdown. The Anthropic episode is being treated inside European policymaking as a stress test of that framework: a worked example of what it looks like when a non-European company loses its ability to serve European users because of an order from a third government. It is also, incidentally, a stress test of a different kind for Washington. If the US wants to use export controls to keep the most capable American AI inside US-aligned jurisdictions, it needs a technical mechanism for doing so, and the Anthropic episode suggests the major US labs do not have one.
The remaining unknowns are the ones that should make any reader cautious. The Wall Street Journal reported, citing people familiar with the matter, that Amazon CEO Andy Jassy told Treasury Secretary Scott Bessent and other officials that Amazon researchers had used Fable 5 prompts to obtain information that could aid cyberattacks, a claim that, if true, would expand the national-security case beyond a jailbreak technique and into the model's actual offensive-use surface. Amazon is also one of Anthropic's largest investors, a conflict that has not been addressed in the public reporting. AI policy analyst Dean Ball, who briefly served in the Trump administration, called the order simply cartoonish in the same Artificial Intelligence News piece, citing the inconsistency with US chip-export policy toward China, a judgment worth weighing as commentary rather than as a neutral expert assessment. The underlying jailbreak claim is Anthropic's own framing of a method it says identifies minor code vulnerabilities, not an independent technical characterization. The directive's full text has not been published.
What is now in plain view, though, is the structural finding. A US administration asked a frontier AI company to implement a nationality-targeted kill switch on a generally available product, and the company said, in effect, that the switch does not exist at the granularity the directive required, so it pulled the model for everyone. The next time a Commerce secretary writes a similar letter, the answer is going to depend on whether someone has built that switch in the meantime, or whether the political question shifts from should we cut them off to can we, and if not, what that means for the sovereignty story Washington has been telling.