US government restricts Anthropic Fable 5 and Mythos 5 over security breach

Strip away the national-security framing and the trigger is startlingly mundane. The government's concern was a method of 'jailbreaking' Fable 5 to bypass the safeguards that gate the underlying Mythos model's cybersecurity abilities, and Anthropic says that technique amounted to asking the model to read a codebase and fix its software flaws ^[1]. Amazon's researchers reportedly distilled the exploit down to a 'fix this code' prompt, which Jassy then escalated to the White House and Treasury ^[3]. The framing matters because the same capability looks like an attack from one chair and like routine work from another.

That split is exactly what the cybersecurity community seized on. Katie Moussouris, founder of Luta Security, argued the flagged behavior is core defensive security and cannot be 'fixed' away without crippling defense itself: 'Defenders need to be able to ask AI to fix the bugs in a file, explain why the fix matters, and write tests that confirm the patch works. That is not a guardrail bypass. It is the most valuable thing an AI model can do for defensive security' ^[4]. Anthropic, for its part, says the government supplied only verbal evidence and that its own review found the vulnerabilities to be minor, previously known, and reproducible with other publicly available models — disputing that 'the finding of a narrow potential jailbreak should be cause for recalling a commercial model deployed to hundreds of millions of people' ^[1]. The disagreement is not really about whether the jailbreak exists; it is about whether asking an AI to patch software should ever have been gated in the first place.

The jailbreak was the spark, but the kindling had been stacking up for weeks. Reporting describes an approved Mythos access list that ballooned from an initial 12 companies to dozens more, eventually a 111-organization roster — and then a further ~50 organizations that Anthropic added without prior approval, one reportedly a South Korean telecom suspected of China ties. The NSA was already pushing for emergency controls before Fable even launched ^[2]. Layered on top was a Pentagon contract fight: the Pentagon wanted the models usable for 'any lawful purpose' while Anthropic sought carve-outs barring autonomous weapons and domestic mass surveillance, after which the administration ordered agencies to stop using Anthropic models and labeled the company a 'supply chain risk' ^[2].

What makes the episode historic is the instrument. This is described as the first time the U.S. government has used export controls to halt access to a commercial AI model already widely deployed to the public ^[2]. And the mechanism's blast radius was total: because the directive covered foreign nationals inside the U.S. too, Anthropic concluded it had no choice but to disable the models for everyone, globally, including its own non-citizen employees ^[1]. The lesson enterprises took away is uncomfortable — a model you depend on can be switched off by a government letter received at 5:21pm and gone by 10pm, with no phased transition.

The most awkward fact in the saga is that the warning came from inside the cap table. Amazon has poured at least $13B into Anthropic since 2023, making it one of the company's largest backers — yet it was Amazon CEO Andy Jassy who raised the Fable jailbreak on a pre-scheduled White House call on an unrelated topic, then flagged it directly to Treasury Secretary Scott Bessent, after which Commerce Secretary Howard Lutnick issued the controls ^[3]. Jassy later stepped back from the restoration talks, leaving his own portfolio company exposed to a directive his warning helped produce ^[2].

The stakes for Anthropic are existential rather than incremental. The company recently closed a $65B funding round at a reported ~$965B valuation and has filed to go public; an open-ended export ban on its two flagship models lands as an existential threat to that story ^[2]. That is why a competitive read has gained traction: with OpenAI, Google, and SpaceX positioned to absorb displaced demand — and Sam Altman seated beside Trump at the G7 while staying conspicuously silent — commentators have openly asked whether the crackdown functions, intentionally or not, as a hit on Anthropic that benefits its rivals ^[2]. On Reddit, the response captured the mood: anger aimed squarely at the government rather than Anthropic, with a dominant theory that the move was a politically motivated effort to kneecap the company.

The most viral justification for the ban may also be its shakiest. The claim that Mythos 'broke into almost all' NSA classified systems 'not in weeks, but in hours' traces to secondhand testimony — Economist editor Shashank Joshi clarified he was quoting Senator Mark Warner relaying what the NSA chief told him, not reporting a confirmed event ^[6]. BitGo CEO Mike Belshe went further, flatly disputing the framing and saying the cited 'hack' was an authorized red-team test conducted on NSA's own networks rather than a real intrusion: 'I'm calling BS on this' ^[6]. In other words, the headline that helped sell an emergency directive describes a sanctioned security exercise, not a breach.

The lasting consequence may be the one the administration least intended. The sudden cutoff demonstrated the fragility of building on closed, vendor-controlled models, and reporting frames it as a significant accelerant for open-source and open-weight AI — with observers noting that open models could perform the same code-review task within days of the ban ^[7]. Meanwhile the cybersecurity letter's core worry stands: the directive 'has taken the best models away from defenders, created market uncertainty, and risked America's AI leadership without any real risk to justify it' ^[5], even as Chinese and rival models remain free to do identical work. If the goal was control, the likely outcome is the opposite — pushing capability toward weights no government letter can recall.