Notes by Hamza
Posted on
Technology

What Happened When the US Government Banned Claude Mythos

Author
What Happened When the US Government Banned Claude Mythos

On June 12, 2026, Anthropic disabled its most advanced AI models for every user worldwide. No warning. No phase-out period. Claude Mythos 5 and Fable 5 simply stopped working.

The US government had issued an export control directive citing national security authorities. Within hours, hundreds of millions of users lost access to AI capabilities they'd integrated into daily workflows. The trigger, according to Bloomberg, was a report from Amazon's security team about a jailbreak that could bypass Fable 5's safeguards.

Two weeks later, the government partially reversed course—but only for about 100 US institutions. Everyone else, including all international customers, remained locked out. Europe wasn't just excluded from the restoration. European officials weren't consulted before the ban either.

This wasn't a company choosing to limit a product release. This was a government unilaterally deciding who gets access to frontier AI technology—and the precedent it sets should concern anyone who cares about how powerful tools get distributed.

The Jailbreak That Triggered a Government Intervention

Fable 5 and Mythos 5 share identical underlying model weights. The difference is safeguards. Fable 5 includes three classifier-based safety layers: a cybersecurity block, a biology-and-chemistry block, and a distillation block. When a query trips one of those classifiers, the system routes the request to the less capable Claude Opus 4.8 instead.

Mythos 5 removes those classifiers for vetted partners who need unrestricted capability for security research. The assumption was that Fable 5's safeguards would prevent general users from weaponizing the model's cybersecurity skills.

Then Amazon's security team found a way around them. Details remain classified, but Anthropic described it as "verbal evidence of a potential narrow, non-universal jailbreak." Translation: someone discovered a prompt pattern that could trick Fable 5 into bypassing its own safety restrictions.

The White House didn't wait to assess how exploitable the jailbreak was or how widely it might spread. They pulled the model globally and immediately.

Anthropic's public response was measured but pointed: "We disagree that the finding of a narrow potential jailbreak should be cause for recalling a commercial model deployed to hundreds of millions of people."

How Project Glasswing Became a Government-Approved Access List

Anthropic had launched Project Glasswing in April 2026 as a consortium for using Mythos to find and fix software vulnerabilities. The initial group included about 40 companies: Microsoft, Apple, Google, AWS, the Linux Foundation, Cisco, Nvidia, Broadcom.

By June, that had expanded to over 150 partners across more than 15 countries, including industries like power, water, healthcare, and communications. The goal was to harden critical infrastructure before attackers with similar AI capabilities could exploit it.

When the export control directive hit, Project Glasswing transformed from a security initiative into an access control mechanism. The government essentially said: if you were already in Glasswing, you can get Mythos 5 back—if you're a US institution.

About 100 organizations made the cut. Many are Fortune 500 companies. All are US-based or operating US critical infrastructure. Commerce Secretary Howard Lutnick's letter specified that an export license would no longer be required for these "trusted partners," but licensing restrictions would remain in place for everyone else.

European banks that had participated in Glasswing? Locked out. International research institutions? Locked out. Individual developers who'd paid for API access? Still stuck on Claude Opus 4.8.

What Transparency Looks Like When Government Picks Winners

Here's what we know about how the approved list was created: almost nothing.

John Coleman, legislative counsel for the Foundation for Individual Rights and Expression, put it bluntly: "No one knows how these companies are picked and why everyone else is excluded. This is putting too much power in the hands of the government. There's little transparency and it raises questions about the rule of law."

Even Sam Altman, whose company faces similar restrictions with GPT-5.6, voiced concerns. He wrote on X: "Extensive safety testing is not a bad idea. I just don't like the idea of the government picking the customers."

The Commerce Department hasn't published criteria for approval. There's no public application process. No appeals mechanism. Companies either received a letter granting access or they didn't.

This matters because it creates a two-tier system where access to cutting-edge AI becomes a competitive advantage determined by government selection rather than market forces. If your competitor gets Mythos access and you don't, they can find vulnerabilities in their products faster, ship more secure software, and potentially discover flaws in your products before you do.

That's not hypothetical. Mozilla found 271 vulnerabilities in Firefox using Mythos in two weeks. How long would manual security audits have taken to find the same issues? Months, probably. Maybe years for some of them.

Why Europe Got Shut Out Entirely

The geopolitical signal was impossible to miss. The initial export control specifically blocked "any foreign national, whether inside or outside the United States, including foreign national Anthropic employees."

That last part is telling. Anthropic couldn't even let its own international employees access the models they'd helped build.

When access was partially restored, the approved list included zero international institutions. European Central Bank president Christine Lagarde publicly praised Anthropic for limiting access to Mythos back in April. By June, European banks were consulting authorities about being locked out entirely.

Germany's banks said they were seeking guidance from cyber experts. The Bank of England said AI risk testing had intensified. But none of them got access to the tool that could actually help them test.

The European response? Mistral AI began developing its own model with similar capabilities. If you can't access American AI technology, build your own. The irony is that this probably accelerates exactly the kind of capability proliferation the export controls were meant to prevent.

The Anthropic-US Government Relationship Was Already Tense

This wasn't the first friction between Anthropic and the Trump administration. The company had refused to allow the US military to use its AI models for domestic surveillance and fully autonomous weapons systems. The government responded by putting Anthropic on a national security blacklist.

That's the context for understanding the June export control. This wasn't just about a technical vulnerability in Fable 5. It was part of an ongoing negotiation about who controls access to frontier AI capabilities and under what conditions.

Anthropic and the government held daily negotiations over the two weeks between the ban and the partial restoration. Commerce Secretary Lutnick's letter acknowledged "significant progress" in addressing "risks associated with the Covered Models," but didn't specify what safeguards had actually been implemented.

We still don't know what changed technically between June 12 and June 26. Did Anthropic patch the jailbreak? Add new classifiers? Implement runtime monitoring? The government hasn't said, and Anthropic hasn't provided details.

The Voluntary Framework That Became Mandatory Oversight

In early June, Trump signed an executive order establishing what was described as a "voluntary framework" for AI developers to offer frontier models to the US government for review up to 30 days before releasing them to trusted partners.

Voluntary is doing a lot of work in that sentence. When the government can unilaterally disable your product for hundreds of millions of users, how voluntary is the framework really?

OpenAI found out. They delayed the full public launch of GPT-5.6 "at the U.S. government's request," limiting access to a small group of vetted partners whose details were shared with authorities. That's the same pattern: voluntary submission to pre-release review that looks a lot like mandatory gatekeeping.

Kate Koren, an analyst at the Center for Strategic and International Studies and former Commerce Department official, called the arrangement "a practical interim step, but leaves unresolved the larger issue of how companies can widely release updated models."

She added a warning: "The longer there isn't a system in place that will allow U.S. companies to widely release new models, the more likely it is that China will be able to catch up."

That's the real tension. Export controls might slow China's access to American AI in the short term, but they also slow American companies' ability to iterate and improve. Meanwhile, Chinese labs continue developing their own models without similar restrictions.

What Comes Next for Fable 5 and International Access

As of late June 2026, Fable 5 remains suspended for all general users. The government is reportedly moving toward allowing Anthropic to release it again, but there's no timeline.

For individual subscribers, API developers, and all international customers, access is still limited to Claude Opus 4.8, Sonnet 4.6, and Haiku 4.5. Those are capable models, but they're not Mythos-class. The gap in capability is significant, especially for security research and complex software engineering tasks.

Anthropic had confidentially filed for an IPO before the export control hit. The delay affects their business directly—Mythos-class models were expected to support revenue before going public and help pay for compute commitments. Investors don't love uncertainty about whether your flagship product can actually be sold.

The bigger question is whether this becomes the template for frontier AI governance. If every major model release requires government pre-approval and restricted distribution, we've moved from a commercial technology market to something that looks more like classified weapons systems.

Maybe that's appropriate given the capabilities involved. Mythos can find zero-day vulnerabilities that human researchers missed for decades. In the wrong hands, that's a weapon. But in the right hands, it's a defensive tool that could harden critical infrastructure faster than attackers can exploit it.

The challenge is figuring out who decides which hands are "right"—and whether those decisions get made transparently or behind closed doors.