U.S. Orders Anthropic to Halt Fable 5 and Mythos 5 Access for Foreign Users

Anthropic announced on Friday that it will abruptly disable its most advanced AI models, Claude Fable 5 and Mythos 5, for all users after the U.S. government issued an export control directive ordering the company to suspend access for foreign nationals—both inside and outside U.S. borders. The order, delivered at 5:21 p.m. ET, cited national security concerns tied to what regulators described as a newly demonstrated jailbreak technique capable of bypassing Fable 5's built-in safeguards. Anthropic stated it believes the action stems from a "misunderstanding" and is working to restore access as quickly as possible, while confirming that access to other models in its lineup will remain unaffected.

The directive arrives just days after the launch of Claude Fable 5 and its counterpart Mythos 5, which shares the same underlying architecture but strips certain guardrails—particularly in cybersecurity domains. Anthropic described Mythos 5 as possessing the "strongest cybersecurity capabilities of any model in the world," and noted it remains available to a vetted cohort of cyber defenders and critical infrastructure operators. In a statement, the company said its internal review of the flagged bypass technique found it could only identify "a small number of previously known, minor vulnerabilities" that other publicly available models can also discover without requiring a jailbreak. The incident underscores how even tightly controlled frontier models remain susceptible to adversarial prompting, a concern any organization relying on AI-assisted workflows should monitor—a quick browser fingerprint test can help identify whether your own AI tooling environment is leaking identifiable signals to model providers.

Last week, Anthropic's Red Team revealed that Mythos-class models can convert newly disclosed software vulnerabilities into working exploits in hours or even minutes, effectively turning N-days into N-hours. "A lone operator can now turn a month's worth of patches into working exploits in a single afternoon—for a few thousand dollars and with no specialized expertise," the team reported, warning that traditional monthly patching cadences and multi-week staged rollouts may no longer provide adequate defense windows. This compression of the exploit development timeline places enormous pressure on vulnerability management programs, where timely patching and continuous monitoring of exposed services—verifiable through an SSL/TLS checker or port scanner—are now more critical than ever.

Anthropic emphasized that its safety classifiers are designed to block harmful single-turn requests related to cyber attack planning, exploit development, and defense evasion, and that Mythos-class models give attackers a significant strategic advantage if misused. The episode marks one of the first times the U.S. government has used export control authority to force a domestic AI lab to restrict access to a frontier model based on jailbreak risk rather than export-controlled training data or compute thresholds. As regulators, AI labs, and security teams grapple with the implications, security professionals should audit their own exposure surfaces using a comprehensive privacy checkup to ensure that AI-augmented workflows do not inadvertently expand their attack surface.