Fable 5 duró 3 días. Una carta a las 5:21 p. m. lo apagó todo

Key Takeaways

• Washington recalled a live AI model: On June 12, 2026, the US government issued an export control directive that forced Anthropic to disable Claude Fable 5 and Claude Mythos 5 for every customer, three days after launch.
• The trigger is disputed: Anthropic says the government’s evidence is a single “narrow, non-universal” jailbreak that amounts to asking the model to read a codebase and fix its bugs, a capability it says other public models already have.
• The timing is brutal: Two days before the directive, Anthropic published a policy framework arguing the government should have legal authority to block dangerous AI deployments. It got the power it asked for, minus the due process it asked for.
• The real stakes are architectural: Fable 5 and Mythos 5 are the same underlying model separated by a safety wrapper. A credible jailbreak claim against Fable is a claim that anyone can reach what Anthropic calls the strongest cybersecurity model in the world.

A Letter at 5:21pm

At 5:21pm Eastern Time (ET) on June 12, a letter arrived at Anthropic. By the end of the evening, the artificial intelligence (AI) model whose capabilities Anthropic says “exceed those of any model” it has ever made generally available was gone, switched off for every customer on Earth.

The letter was an export control directive from the US government, issued under national security authorities. It ordered the suspension of all access to Claude Fable 5 and Claude Mythos 5 by “any foreign national, whether inside or outside the United States, including foreign national Anthropic employees.” The company says the order’s net effect forced it to “abruptly disable Fable 5 and Mythos 5” for all customers. It is not hard to see why: no public AI service checks passports at the prompt window. Access to every other Anthropic model remains live.

Fable 5 launched on June 9. It survived three days.

Governments have banned apps within their borders, sanctioned chipmakers, and restricted semiconductor exports. But an order that makes a company switch off its own flagship worldwide, one Anthropic says was deployed to “hundreds of millions of people,” is a genuinely new instrument of state power. And the company on the receiving end is the same one that spent the last four months in open conflict with the Trump administration, and the last two days arguing that governments should have a version of this exact power.

What the Directive Actually Does

Start with the mechanism, which is stranger than the headlines suggest. This was not a court order or a recall under consumer protection law. The blocking authority Anthropic itself has proposed would go, in the company’s words, “beyond what exists in current law or in existing proposals in Congress,” meaning no AI-specific recall statute was available to use. What the government reached for instead was an export control directive, the legal family of tools normally used to stop chips, weapons designs, and encryption from reaching foreign adversaries.

The scoping is what makes it a de facto total shutdown. By barring access for any foreign national anywhere, including inside the United States and inside Anthropic itself, the directive made compliance-by-filtering practically impossible. Anthropic says the letter “did not provide specific details of its national security concern.” The company states it has received only “verbal evidence” of the problem the government believes it found.

That matters for what comes next. A formal rulemaking can be litigated line by line. A directive justified verbally, with nothing published, leaves its target arguing against a claim it cannot fully see. You do not have to take Anthropic’s side in this fight to notice that the process is the opposite of transparent.

The Jailbreak That Allegedly Justified It

According to Anthropic, the government believes it has become aware of a method of bypassing, or “jailbreaking,” Fable 5’s safety systems. Jailbreaking means crafting prompts that get a model to do things its safeguards are supposed to refuse.

Anthropic’s description of the technique is where the story tilts toward the absurd. The company says the claimed jailbreak “essentially consists of asking the model to read a specific codebase and fix any software flaws.” That is not an exotic attack. It is a description of routine defensive security work, the kind performed daily by every corporate security team on the planet. Anthropic says it reviewed a demonstration and a report it believes underlies the directive, and found the technique surfaced “a small number of previously known, minor vulnerabilities” that other public models, “including OpenAI’s GPT-5.5,” can also find without any bypass at all. No comparable order against any rival model has been made public.

Two caveats deserve equal weight. First, this is entirely Anthropic’s characterization. The directive is not public, the report is not public, and the government may be acting on evidence Anthropic has not seen or will not describe. Second, public jailbreak claims against Fable 5 did exist before the directive. Days after launch, the well-known AI red-teamer Pliny the Liberator publicly said his team bypassed Fable 5’s safety classifiers, posting screenshots he says show the model producing material it should refuse, including working software-exploit code. TechTimes reported those claims on June 12 without drawing any connection to government action, and no public evidence links them to the directive.

Anthropic’s counterpoint is process, not denial. The company says that in the weeks before launch it red-teamed Fable’s safeguards with the US government, the United Kingdom’s AI Security Institute (UK AISI), and private third parties for “thousands of hours in total,” and that “no testers have yet been able to find a universal jailbreak.” It also concedes, notably, that perfect jailbreak resistance probably does not exist for any provider, which is why it pairs safeguards with monitoring and a 30-day data retention requirement designed to detect and study attacks.

One Model, Two Names

To understand why a jailbreak claim against Fable 5 triggers national security machinery, you need the architecture. Fable 5 and Mythos 5 are not siblings. They are the same underlying model wearing different clothes.

Fable 5 is the public version. It ships with safety classifiers that detect requests related to cybersecurity, biology and chemistry, or model distillation, and hand those responses to the next model down, Claude Opus 4.8, informing the user when it happens. Anthropic says these safeguards were tuned conservatively and trigger “in less than 5% of sessions” on average. Run the arithmetic on that ceiling and the scale becomes vivid: for every million sessions, up to 50,000 could hit the reroute. Anthropic flagged that trade-off at launch, and its suspension statement concedes the safeguards are strong enough that “many users have complained that they are overly broad.”

Mythos 5 is the same model “with the safeguards lifted in some areas,” released only to a small group of cyberdefenders and infrastructure providers through Project Glasswing, a controlled-access program run in collaboration with the US government. Anthropic calls it the model with “the strongest cybersecurity capabilities of any model in the world.”

That design is the whole ballgame. The gap between Fable and Mythos is not capability. It is a classifier. So when someone claims to have jailbroken Fable 5, what they are really claiming is that the public can reach Mythos-grade offensive cyber capability without Project Glasswing’s vetting. If true, that collapses the entire two-tier safety architecture. Anthropic’s defense is that the disclosed jailbreaks are “either entirely benign responses or are minor findings that provide no Mythos-specific uplift.” The government, apparently, was not reassured.

Anthropic Asked for This Power Two Days Earlier

Here is the part that will be taught in policy courses. On June 10, two days before the directive arrived, Anthropic published a policy framework arguing that the US government should have new legal powers over frontier AI. The proposal is explicit: when a model poses catastrophic risk, “the government should have the legal authority to block or deter its deployment,” backed by civil penalties tied to global annual revenue. The framework would apply to models trained on more than 10²⁵ floating-point operations (FLOPs, the raw count of arithmetic steps used in training) and built by companies earning more than $500 million in AI-related revenue or spending more than $1 billion on AI research and development. Those thresholds are drawn to capture exactly the class of model Fable 5 belongs to.

The same essay warned about the failure mode. Anthropic wrote that policymakers “must also avoid overly broad or heavy-handed regulatory power” and proposed concrete safeguards to prevent the blocking authority from being misused.

Two days later, the government blocked Anthropic’s deployment. Not through the statutory process the company proposed, with independent evaluators, published testing, and procedural protections, but through an export control letter with verbally delivered evidence. Anthropic’s statement threads this needle with visible discomfort: the company restates that the government should be able to block unsafe deployments “as part of a statutory process that is transparent, fair, clear, and grounded in technical facts,” and then lands the punch: “This action does not adhere to those principles.”

To be precise about what this is not: there is no public evidence the directive was a response to Anthropic’s essay, and reading it as deliberate punishment requires assumptions nobody can currently support. The boring explanation is that a government already at war with this company received a jailbreak report about a brand-new frontier model and reached for the bluntest tool in the drawer. But the juxtaposition stands on the verified dates alone. Anthropic asked for a kill switch with due process on Wednesday. On Friday it learned the government already had one, and that due process was optional.

Four Months of Open War

None of this happened in a vacuum. The directive is the latest round in a conflict this site has tracked since February, when the company refused to allow Claude to be used for mass surveillance of Americans or to guide autonomous weapons and the Department of Defense responded by declaring Anthropic a supply chain risk to national security, alongside a government-wide ban.

The real-world record of that fight is public. In early March, Nextgov reported that federal agencies had begun shedding Anthropic contracts following President Trump’s call for agencies to halt operations with Anthropic products, with Treasury confirming it would stop using Anthropic technology and the State Department and the Department of Health and Human Services (HHS) moving to phase the company’s tools out of their workflows. Then the courts stepped in. On March 26, 2026, the US District Court for the Northern District of California issued a preliminary injunction pausing the government’s implementation of the President’s directive, and by April 3 the General Services Administration (GSA) announced it was “restoring Anthropic technology to the status quo in effect prior to February 27, 2026.”

Anthropic, in other words, was winning the contracts fight in court. The export control directive opens a second front the injunction does not cover, aimed not at government purchases of Claude but at Anthropic’s commercial flagship itself. Whether that is coincidence or strategy is exactly the question the administration has not answered; it has published nothing.

The Data

The verified timeline compresses into one brutal week:

Date (2026)	Event
June 9	Fable 5 and Mythos 5 launch; Anthropic says Fable’s capabilities exceed any model it has made generally available
June 10	Anthropic publishes its framework asking for government authority to block dangerous AI deployments
June 12 (by day)	TechTimes reports public jailbreak claims by red-teamer Pliny the Liberator
June 12, 5:21pm ET	Export control directive arrives; Anthropic disables both models

The economics of what just went dark are equally concrete. Fable 5 and Mythos 5 were priced at $10 per million input tokens and $50 per million output tokens, which Anthropic says is “less than half the price of Claude Mythos Preview,” the invitation-only predecessor. That single sentence lets you bound what frontier cyber capability cost before last week:

$$P_{\text{MythosPreview}} > 2 \times P_{\text{Fable5}} \;\Rightarrow\; P_{\text{MythosPreview}} > 20 \text{ (input)} \;/\; 100 \text{ (output)}$$

in dollars per million tokens. The launch cut the price of the world’s strongest cybersecurity model by more than half and opened it, in wrapped form, to anyone with a Claude account. Three days later, the wrapper itself became a national security question.

What Breaks Next

The precedent is the story now, and it cuts in every direction.

For frontier labs, the deployment calculus just changed. Anthropic’s own warning is the sharpest version: if a “narrow potential jailbreak” is grounds for recall, that standard “would essentially halt all new model deployments for all frontier model providers.” Every lab counsel in San Francisco read that letter tonight and started drafting contingency plans for a 5:21pm letter of their own.

For enterprises, the lesson is uglier. Companies that moved production workloads onto Fable 5 lost a vendor-recommended model overnight, through no fault of the vendor’s uptime. Expect model-suspension clauses in enterprise AI contracts, more multi-model architectures, and a quiet premium on models that have survived in market for years rather than days. Anthropic says it is treating the situation as “a misunderstanding” and working to restore access, with more technical details promised within 24 hours of its statement. Until then, every other Anthropic model remains available.

For the policy fight, the irony will calcify into argument. Advocates of statutory AI oversight, Anthropic among them, now have a live demonstration of what blocking power looks like without the guardrails they proposed: no published evidence, no independent evaluation, no clear path to appeal. Opponents of any government role will use the same episode as proof the power cannot be trusted at all. Both sides are arguing from the same three days.

The Bottom Line

Strip away the brand names and the week looks like this: a company shipped a frontier AI model, asked the government to regulate models like it through a transparent legal process, and was then shut down by an opaque one, on evidence nobody outside a small circle has seen, for a capability it says competing models already offer.

The government may know something the public does not. That is genuinely possible, and the classified-evidence scenario is the strongest case for the directive. But a state power that recalls commercial technology on unpublished evidence, delivered verbally, with no statutory framework behind it, is not a safety regime. It is discretion. And discretion exercised against a company the administration has spent four months publicly punishing deserves exactly zero benefit of the doubt until the evidence is on the table. The path out is the one almost everyone in this story already claims to want: put the kill switch in law, with published evidence and independent review, so the next 5:21pm letter has to show its work.