Key Takeaways
- Anthropic received a U.S. government order at 5:21 p.m. ET to suspend access to its most advanced models—Claude Fable 5 and Mythos 5—for all foreign nationals, citing national‑security concerns.
- The order stems from a reported “narrow, non‑universal jailbreak” technique that allegedly allows users to bypass safeguards and exploit the model’s cybersecurity capabilities.
- Anthropic maintains that the reported jailbreak is not universal, that similar capabilities exist in other publicly available models, and that its safeguards remain substantially stronger than those of prior models.
- While Fable 5 and Mythos 5 are disabled for foreign users, access to other Claude models remains unaffected, and Mythos 5 remains available to a vetted group of cyber‑defenders and critical‑infrastructure operators.
- The company argues that the statutory process for such restrictions should be transparent, fact‑based, and fair, and it is working to restore access as soon as possible.
- Anthropic has previously faced scrutiny from the U.S. Department of Defense, which labeled it a “supply chain risk,” prompting two lawsuits to contest that designation.
Background and Government Order
On Friday, Anthropic announced that it would “abruptly disable” its most advanced AI models—Claude Fable 5 and Mythos 5—for all users after receiving an order from the U.S. government. The directive, issued at 5:21 p.m. ET, instructed the company to suspend access to these models for foreign nationals, whether located inside or outside the United States. Anthropic said it believed the order was based on a misunderstanding and that it is actively working to restore access as soon as possible. The company emphasized that the restriction applies only to Fable 5 and Mythos 5; all other Claude models remain fully available to users worldwide.
Reason Cited: National‑Security Concerns
The government’s order cites national‑security concerns, specifically alleging that Anthropic’s models possess a method that could be used to bypass safety guardrails—a technique commonly referred to as a “jailbreak.” According to Anthropic’s statement, the government believes it has become aware of a way to jailbreak Fable 5, thereby potentially enabling malicious actors to exploit the model’s capabilities for harmful purposes, such as cyber‑attack planning or vulnerability exploitation. The order reflects a precautionary stance aimed at preventing the dissemination of powerful AI tools that could be weaponized by foreign adversaries.
Anthropic’s Response and Claim of Misunderstanding
Anthropic responded promptly, asserting that it views the government’s action as stemming from a misunderstanding of the model’s actual capabilities. The company said it had reviewed the evidence provided by the authorities and concluded that the alleged jailbreak does not represent a universal or easily replicable threat. Anthropic emphasized its commitment to cooperating with the government while also advocating for a restoration of access, arguing that the blanket suspension is disproportionate to the demonstrated risk.
Details of the Alleged Jailbreak Technique
The specific technique referenced by the government involves asking the model to read a particular codebase and identify or fix any software flaws. Anthropic described this as a “narrow, non‑universal jailbreak” that is effective only in very limited contexts and requires considerable effort to adapt to new situations. The company noted that it validated the reported capability and found that the level of performance demonstrated is already achievable with other publicly available models, including OpenAI’s GPT‑5.5, and is routinely used by legitimate defenders to improve software security.
Safety Guardrails and Classifier Systems
Anthropic reiterated that its models are protected by robust safety classifiers designed to detect and block misuse, including jailbreak attempts. These classifiers are particularly focused on preventing harmful single‑turn requests related to cyber‑attack planning, exploit development, or defense evasion. The company highlighted that Mythos‑class models, while possessing strong cybersecurity abilities, are still subject to these safeguards, which prohibit the model from responding to queries that could facilitate malicious activity.
Mythos 5’s Cybersecurity Capabilities
Mythos 5 was introduced as a counterpart to Fable 5, with safeguards lifted in certain areas to enhance its cybersecurity prowess. Anthropic described Mythos 5 as having “the strongest cybersecurity capabilities of any model in the world,” capable of turning newly disclosed software vulnerabilities into working exploits within hours—or even minutes—rather than the weeks typically required by human analysts. This ability to compress “N‑days” into “N‑hours” suggests that frontier models could dramatically accelerate the weaponization of publicly known flaws, a point underscored by Anthropic’s Red Team, which warned that a lone operator could convert a month’s worth of patches into working exploits in a single afternoon for a few thousand dollars and without specialized expertise.
Impact on Users and Model Substitution
As a result of the suspension, queries related to cybersecurity topics that would normally be handled by Fable 5 are now redirected to Claude Opus 4.8, Anthropic’s next‑capable model. This substitution ensures that users continue to receive assistance on non‑sensitive topics while the restricted models remain inaccessible to foreign nationals. Access to Mythos 5 remains limited to a vetted group of cyber defenders and critical‑infrastructure operators who have undergone stringent vetting processes, allowing them to leverage the model’s advanced capabilities under controlled conditions.
Effectiveness of Anthropic’s Safeguards
Anthropic claimed that internal and third‑party red‑team exercises have found its safeguards to be “substantially more effective than those of any previously deployed model.” The company argued that while no model can achieve “perfect jailbreak resistance,” its current defenses significantly raise the bar for successful bypass attempts. It also noted that the industry‑wide susceptibility to non‑universal jailbreaks means that any safeguard can be circumvented in limited contexts, but such exploits generally require substantial effort and are not readily scalable.
Call for Transparent, Fact‑Based Process
In its statement, Anthropic urged the government to ensure that any restriction on AI models follows a transparent, fair, and technically grounded process. The company argued that the discovery of a narrow, potential jailbreak should not alone justify the recall of a widely deployed commercial model. Instead, decisions should be based on clear evidence, open dialogue, and a balanced assessment of risks versus benefits, aligning with established statutory procedures for export controls and national‑security assessments.
Prior Tensions with the Department of Defense
The current situation adds to a history of friction between Anthropic and U.S. defense agencies. Earlier this year, the Department of Defense labeled Anthropic a “supply chain risk” after the company sought to establish clear boundaries regarding the military use of its technology. In response, Anthropic filed two lawsuits to contest that designation, seeking to protect its commercial interests and prevent what it views as an overbroad stigmatization of its AI offerings. The latest export‑control order appears to be another manifestation of the ongoing scrutiny surrounding the dual‑use potential of advanced AI systems.