A Commerce Department directive told the company to keep Claude Fable 5 and Mythos 5, its two most capable Claude models, away from any foreign national, anywhere. Unable to filter users by nationality in real time, Anthropic pulled both for every customer.
On June 12, 2026, three days after Anthropic launched its two newest Claude models, Fable 5 and Mythos 5, the company disabled both for every customer worldwide, including its own foreign-national employees. The trigger was a US Commerce Department export control directive, signed by Commerce Secretary Howard Lutnick and addressed to CEO Dario Amodei at 5:21 PM ET, that ordered the models kept away from any foreign national, inside or outside the United States (MarkTechPost timeline of the directive and shutdown).
Anthropic could not filter foreign nationals from US users in real time, so it shut the models down for everyone (Anthropic's directive response statement). All other Claude products, including Opus 4.8, Sonnet, and Haiku, remained online.
The letter cited national security authorities but, per Anthropic's own account, did not name a specific concern. The company says it has been told the action was triggered by another company that claimed it had jailbroken Mythos. Anthropic calls the jailbreak narrow, mostly a matter of reading a codebase and pointing out flaws, and says equivalent capabilities are already widely available on other public models, including GPT-5.5. The company is complying with the order while publicly disputing its rationale (Axios on the directive and the jailbreak claim).
That posture is the structural story. A US export control order, the kind of authority that usually governs cross-border technology transfers, was converted by enforcement reality into a remote kill switch for two commercially deployed frontier AI services. The controlling constraint was not the policy rationale. It was that Anthropic could not tell, in real time, whether a user sitting at a US IP address was a US person or a foreign national. Once that filter proved unbuildable on the spot, compliance meant a global shutdown, not a targeted one.
The new models had only been live since June 9, 2026. Fable 5 was the publicly available tier, listed at the API string claude-fable-5 with pricing of $10 per million input tokens and $50 per million output tokens, and built as a step above the existing Opus 4.8 with separate AI classifiers for cybersecurity, biology and chemistry, and distillation attacks. Mythos 5 was the more restricted tier, accessible only to Project Glasswing partners. Anthropic said flagged queries fall back to Opus 4.8 in fewer than 5 percent of sessions, that novel-attack data is retained for 30 days without being used for training, and that thousands of hours of red-teaming with the US government, UK AISI, and external partners had not surfaced a universal jailbreak. An external bug bounty logged more than 1,000 hours without finding one (Anthropic's Fable 5 and Mythos 5 launch post).
Customer reactions, all first-party and vendor-curated, give a sense of what was on the table before the shutdown. Stripe said Fable 5 compressed months of engineering into days on a 50 million line Ruby migration. Hebbia ranked Fable 5 at the top of its internal finance benchmark. Anthropic's own demo material included a web app rebuilt from screenshots and a vision-only harness that completed Pokémon FireRed. Mozilla said it had used Mythos-class models to resolve hundreds of vulnerabilities. Each of these is a partner testimonial rather than an independent audit, and reads as Anthropic's framing of capability, not a market-wide verdict.
The administration had already tried, before launch, to delay the June 9 release. Anthropic declined. The export control letter followed three days later (CNBC on the compliance timeline; NBC News on the suspension).
The unresolved question is whether a single contested jailbreak claim can ground a full recall of a frontier model that has already shipped. Anthropic has framed the risk in industry-wide terms: if a narrow, replicated vulnerability is treated as sufficient cause to revoke a model, the practical effect is that no frontier lab will ship a new top-tier system in any jurisdiction where a competitor can claim a bypass. The government has not, on the public record, identified the specific concern or the company whose claim triggered the action. Until it does, every AI vendor with foreign-national users or employees has to plan for the same compliance geometry: an export order, an inability to filter by nationality, and a global shutdown as the only defensible response (Bloomberg on Anthropic's foreign-access limits).