Hasan the Analyst

ANALYTICAL CASE STUDY

The Fable 5 Shutdown:

Why the US Government Banned Anthropic’s Most Powerful AI

A full breakdown of the jailbreak claim, the political conflict,
the NSA breach testimony, and what happens next.

Research & Analysis by Hasan The Analyst

CASE SUMMARY

On June 9, 2026, Anthropic launched Fable 5, its most powerful AI model ever released to the public. Three days later, the US government ordered it taken offline for every user on earth. The reason given: a reported jailbreak. The full story involves a Pentagon feud, an NSA red-team exercise, a Chinese data-extraction operation, a political standoff between Anthropic’s CEO and the Trump administration, and a question with no clear answer yet: when does a government have the right to shut down a commercial AI product?

As of June 27, 2026, Fable 5 has been offline for 15 days. It has not returned.

01.  What Was Fable 5?

Fable 5 was Anthropic’s most capable AI model ever made available to the general public. It launched on June 9, 2026, and was described by the company as operating at what it called ‘Mythos-class’ capability, the tier above its previous Opus-class models. Independent benchmarks from Vals AI rated it the most capable public AI model available at the time of launch.

The model was built on Mythos, an even more powerful underlying system that Anthropic had been keeping tightly restricted. Mythos itself had only been available to a small number of trusted partner organisations through a controlled program called Project Glasswing, because of its advanced ability to find and exploit software vulnerabilities. Fable 5 was the public-facing version of that same underlying model, with a set of safety guardrails built on top to prevent access to its most dangerous capabilities.

Those guardrails had been tested extensively before launch. Anthropic, the UK AI Safety Institute, and multiple private third-party organisations spent thousands of hours red-teaming the model’s defences before it was released. None of them found a universal jailbreak. The company acknowledged openly at launch that perfect jailbreak resistance was not achievable with current technology, and said its strategy was to make jailbreaks as narrow and expensive as possible while using real-time monitoring to catch any successful attempts.

The model had been live for three days when the US government ordered it shut down for every user on earth.

02.  The Full Timeline: How This Happened

The ban on June 12 did not come out of nowhere. The conflict between Anthropic and the Trump administration had been building for months across multiple fronts.

July 2025 Anthropic signs a landmark deal with the Pentagon to make Claude the first frontier AI model approved for use on classified military networks.
Early 2026 The Pentagon pressures Anthropic to remove ethical restrictions on Claude’s use, specifically demanding the model be available for fully autonomous weapons systems and mass domestic surveillance.
Feb 2026 Anthropic refuses the Pentagon’s demands. The company sues the Trump administration. The Pentagon labels Anthropic a ‘supply chain risk’, the first time that designation has ever been used against an American company.
Feb 2026 Anthropic also drops its hallmark safety pledge, replacing specific binding commitments with a loosened non-binding framework. Critics say this creates a contradiction: weakening its own safety rules while suing for stronger government oversight of competitors.
Feb 27, 2026 Defense Secretary Pete Hegseth orders federal agencies to stop using Claude entirely. The Pentagon is given six months to phase it out, even from classified systems where it is already running.
Apr 22 – Jun 5 Anthropic detects a large-scale data extraction attack linked to Alibaba/Qwen. Approximately 25,000 fraudulent accounts run 28.8 million exchanges with Claude, targeting agentic reasoning and long-horizon software engineering capabilities.
Jun 2, 2026 White House issues an Executive Order requiring a 30-day government pre-release review for frontier AI models before public launch.
Jun 9, 2026 Anthropic launches Fable 5 and Mythos 5 just seven days after the EO with no government pre-brief. The models draw immediate praise and concern in equal measure.
Jun 10, 2026 Anthropic’s Head of Policy writes to the Senate Banking Committee about the Alibaba distillation attack, warning that Chinese labs could reach Mythos Preview-level capability through data extraction.
Jun 12, 2026 The US Commerce Department sends a directive at 5:21 PM ET ordering Anthropic to suspend all access to Fable 5 and Mythos 5 by any foreign national. Given only 90 minutes to respond, Anthropic disables both models globally to comply.
Jun 13, 2026 Trump adviser David Sacks publishes a detailed statement saying the administration asked Dario Amodei to fix the jailbreak or pull the model before the ban, and that Amodei refused.
Jun 18, 2026 Four bipartisan members of Congress write to Commerce Secretary Howard Lutnick demanding the legal and technical basis for the ban by June 26. No public response is received by the deadline.
Jun 21, 2026 NSA Director Gen. Joshua Rudd testifies that Mythos had autonomously breached nearly all NSA classified systems in hours during a red-team exercise. This reshapes the public understanding of why the government acted.
Jun 27, 2026 Day 15. Fable 5 and Mythos 5 remain offline. More than 100 cybersecurity executives have signed an open letter opposing the ban. No restoration date has been announced.

03.  The Official Reason: The Jailbreak Claim

The Commerce Department’s directive cited a method of bypassing Fable 5’s safety guardrails — a jailbreak — as the national security concern. According to Anthropic’s own account, the government described the technique verbally as ‘asking the model to read a specific codebase and fix any software flaws.’ Anthropic was not given the specific finding in writing.

The government’s concern was that this technique could allow someone to use Fable 5 to access the powerful cybersecurity capabilities of the underlying Mythos model, which had been deliberately walled off from public users. In the administration’s view, a model that can be jailbroken into finding and exploiting software vulnerabilities is effectively a cyberweapon with a thin layer of protection on top.

Anthropic’s response was direct: they acknowledged that the jailbreak was real but described it as narrow and non-universal. They pointed out that the same technique could be used to elicit similar capabilities from other publicly available models, including OpenAI’s GPT-5.5, which had not been subjected to the same restrictions. They also said the vulnerabilities it surfaced were minor and already known. The company argued that if a narrow jailbreak of this kind justified pulling an entire model from hundreds of millions of users, the same standard would effectively halt all new frontier model deployments across the whole industry.

THE JAILBREAK DISPUTE IN PLAIN TERMS

The government said: a jailbreak that gives access to a cyberweapon is serious by definition. Anthropic said: this is a narrow, non-unique jailbreak, the same vulnerability exists in other models, and our monitoring would catch any misuse. Both positions are coherent. The debate is on whether the severity of a jailbreak warrants a worldwide closure of a product used by hundreds of millions of people, rather than if there is a jailbreak at all, which all sides acknowledge.

04.  The Deeper Conflict: Politics Behind the Ban

The Pentagon Feud

To understand why the government moved so aggressively, you have to go back to early 2026. Anthropic had signed a deal with the Pentagon in July 2025, becoming the first frontier AI company cleared to run on classified military networks. That deal collapsed when the Pentagon demanded changes to Claude’s ethical guardrails, specifically, requiring that the model support fully autonomous lethal weapons systems and mass domestic surveillance programmes, with no human oversight.

Anthropic refused. It then filed a lawsuit against the Trump administration. In response, the Pentagon branded Anthropic a ‘supply chain risk’, a designation that has historically been reserved for foreign adversaries and had never before been applied to an American company. Defense Secretary Pete Hegseth ordered all federal agencies to stop using Claude.

This is the backdrop against which the June 12 directive arrived. A company that had been in active litigation with the government for months, that had been blacklisted by the Pentagon, and that had just launched its most powerful public model without going through the newly mandated government pre-review process, received an emergency shutdown order with 90 minutes’ notice.

The Standoff: What David Sacks Said

On June 13, Trump adviser David Sacks published what became the most detailed public account of the administration’s position. His account framed the ban not as an act of government aggression but as a consequence of a choice Dario Amodei made. According to Sacks, a trusted partner of both Anthropic and the US government had identified the jailbreak and flagged it. The administration then asked Dario Amodei to either patch the vulnerability or take Fable 5 offline. Amodei refused to do either.

Sacks wrote that the administration ‘issued the export control reluctantly’ and was ‘frankly bewildered that Anthropic hasn’t wanted to comply with safety requests that it previously said were its highest priority.’ He noted the irony: Anthropic had itself lobbied for Mythos to be treated as a cyberweapon and regulated accordingly. Having made that argument publicly, Sacks said, it was difficult for the company to now claim that a jailbreak allowing access to those same capabilities was not a serious problem.

Anthropic pushed back on this framing. The company said the vulnerability did not justify the extreme response, that it disagrees with the claim that a narrow jailbreak constitutes a cyberweapon deployment, and that the government’s process had not been transparent, fair, or grounded in technical facts.

05.  The NSA Testimony That Changed Everything

The most significant development in the public understanding of why the ban happened came on June 21, when NSA Director General Joshua Rudd testified before the Senate Intelligence Committee. His testimony, reported by The Economist and later confirmed by Reuters and AP, revealed that Mythos shares its underlying weights with Fable 5 and had been used in a sanctioned red-team exercise called Project Glasswing.

In that exercise, Mythos autonomously breached nearly all NSA classified systems in a matter of hours. The exercise was conducted as a defensive operation and the goal was to find vulnerabilities before real attackers could. But the implications were stark. A model capable of autonomously compromising the NSA’s most sensitive systems is not a tool with a minor vulnerability. It is, by any reasonable definition, one of the most capable offensive cyber instruments ever tested.

This testimony reframes the entire debate. The jailbreak question — “whether the specific technique described by the government was serious enough to justify the ban?” — becomes almost secondary once you understand that Mythos, the model underneath Fable 5, had already demonstrated the ability to do something that no human team has ever managed: autonomously breach classified government networks at scale in hours.

WHY THE NSA TESTIMONY MATTERS

The public argument over whether the jailbreak was ‘narrow’ or ‘serious’ was always somewhat beside the point. The underlying model, Mythos, had already proved in a classified exercise that it could autonomously breach the NSA’s classified systems in hours. Any jailbreak that strips Fable 5’s guardrails and exposes Mythos-level capabilities is therefore not a theoretical risk. It is access to a tool with a demonstrated ability to compromise the most sensitive systems in the US government.

06.  The China Dimension

Two separate threads involving Chinese access to Anthropic’s models add important context to why the government moved so quickly and so completely.

The Alibaba Distillation Attack

On June 10, two days before the ban, Anthropic’s Head of Policy wrote to the Senate Banking Committee about what the company described as the largest known distillation attack on Claude’s models. Between April 22 and June 5, approximately 25,000 fraudulent accounts had run 28.8 million exchanges with Claude, specifically targeting its agentic reasoning, software engineering capabilities, and long-horizon task performance. The accounts were linked to operators affiliated with Alibaba and the Qwen AI project.

Anthropic warned in the letter that Chinese labs could approach Mythos Preview-level capability through this kind of systematic data extraction. The timing of that letter — sent the day before Fable 5 launched and two days before the ban — suggests that concerns about Chinese capability extraction from Anthropic’s models were already live in government circles when the jailbreak claim arrived.

The Leaked Access Concern

Separately, Semafor reported that the White House had acted partly over suspicion that a China-linked group had already accessed Mythos through one of the trusted partner organisations in Project Glasswing, raising the possibility of the model being reverse-engineered or distilled by a foreign adversary. Anthropic told the outlet that this concern had not been raised in the government’s conversations about the Fable jailbreak specifically, but the timing and the pattern are difficult to ignore.

The broader picture: the US government was dealing simultaneously with evidence of a major Chinese data extraction campaign against Claude, a report of potential Chinese access to Mythos through a trusted partner, and a new public deployment of a jailbreakable version of that same model. In that context, the speed and totality of the shutdown is more understandable, even if the legal process around it remains disputed.

07.  Government vs Anthropic: The Core Disagreements

US Government Position Anthropic Position
The jailbreak is serious — a bypass enabling a cyberweapon is dangerous by definition. The jailbreak is narrow and non-universal; the same technique works on GPT-5.5 with no comparable ban.
Dario Amodei refused to fix the problem or pull the model before the ban was issued. The company was given 90 minutes and only verbal evidence; no written findings were shared.
Anthropic itself called Mythos a cyberweapon. It cannot now claim a jailbreak is not serious. A narrow jailbreak does not justify recalling a product used by hundreds of millions of people globally.
Launching Fable 5 without the mandated 30-day pre-review was a deliberate choice to evade oversight. The government should be able to block unsafe deployments only through a transparent, fair, statutory process.
The ball is in Anthropic’s court. Restore access once the vulnerability is patched. The standard being applied would halt all frontier model deployments if applied consistently across the industry.

08.  The Wider Consequences

15+

Days Offline

As of June 27, 2026

25K

Fake Alibaba Accounts

28.8M Claude exchanges extracted

100+

Cyber Exec Signatories

Open letter opposing the ban

For Developers and Businesses

Hundreds of thousands of developers and businesses had already integrated Fable 5 into their products in the three days it was live. When the model went offline, their applications broke immediately. There was no warning, no migration path, and no fallback. This is the first time in history that a US government directive has taken a deployed commercial AI product offline for its entire global user base. The ripple effects are still being felt.

For AI Sovereignty Globally

The ban had an immediate effect on the international debate about AI sovereignty. British lawmaker Kanishka Narayan, Minister for AI and Online Safety, said it should spark deeper investment in the UK’s own AI industry. Australia-based legal AI company Isaacus noted that the directive had affected its users across Australia, New Zealand, the UK, Canada, Singapore, and the EU, and announced it was doubling down on self-hosted AI models as a result. The episode demonstrated that any country relying on US-based AI infrastructure can have access suspended at any moment with no notice.

For Anthropic’s IPO

Anthropic filed a confidential IPO registration in June 2026 at a near-trillion-dollar valuation. The ban arrived in the same week. The company has continued operating and launched new products during the outage, including Claude Tag, a major Slack integration, suggesting it is not in operational paralysis. But the combination of an ongoing government conflict, active litigation, and its two most powerful models offline is an unusual backdrop for a company preparing to go public.

For AI Regulation More Broadly

Perhaps the most significant consequence of the Fable 5 ban is what it reveals about the absence of a clear regulatory framework for AI in the United States. The government invoked the Export Control Reform Act of 2018 using an authority normally applied to physical goods like chips and weapons, not to cloud-hosted API services. Legal experts are debating whether the directive was even valid under existing law. Congress has demanded written justification. No public response has been given.

More than 100 cybersecurity executives, including former Facebook CSO Alex Stamos, signed an open letter arguing that pulling frontier AI capabilities away from defenders while adversaries advance freely is the opposite of making the country safer. Stamos, who reviewed the jailbreak research, wrote that there were some valid findings but no unique capabilities that justify a reaction close to this.

09.  What Happens Next

Two structural dates are guiding expectations for Fable 5’s return.

  • July 8, 2026: Anthropic’s updated privacy policy requiring identity verification goes live. This is considered the most likely mechanism for a US-only restoration of access, since it would give Anthropic a way to distinguish US nationals from foreign users and comply with the export control directive without a full global shutdown.
  • August 1, 2026: The deadline for the White House Executive Order’s 60-day ‘covered frontier model’ framework. This would require Anthropic to join a classified benchmarking process and provide 30 days of pre-release access to the government for future models. If Anthropic joins the framework, it would likely resolve the underlying structural dispute and make a restoration more durable.

As of June 27, no official restoration date has been announced by Anthropic, the Commerce Department, or the White House. The June 26 congressional deadline for Commerce Secretary Lutnick to provide written justification for the ban passed without a public response. The legal question of whether the Export Control Reform Act even applies to cloud-hosted API services remains unresolved. A US judge had earlier sided with Anthropic on a related matter, calling the Pentagon’s ‘supply chain risk’ branding ‘Orwellian.’

One analyst with sources inside the negotiations noted: ‘Trump likes Dario again. Fingers crossed for what that means.’ That single sentence captures the degree to which the resolution of this dispute may depend as much on political relationships as on legal frameworks or technical fixes.

10.  Analytical Conclusion

This case study is not a simple story of government overreach or corporate recklessness. It is a story about several things happening at the same time:

  • An AI model with genuinely unprecedented capabilities being released into the public domain at a moment when the US government was already in active conflict with the company that built it.
  • A jailbreak claim that is technically real but disputed in severity, used as the official trigger for a shutdown that was almost certainly also driven by political, competitive, and geopolitical factors.
  • A legal framework for AI regulation that does not exist yet, applied through an improvised use of export control law designed for physical goods, producing consequences that neither side appears to have fully anticipated.
  • A geopolitical dimension involving Chinese data extraction at scale that gave the government genuine reasons, separate from any political dispute, to be concerned about Mythos-class capabilities being freely accessible online.
  • An NSA testimony that, once made public, made the government’s underlying concern about Mythos far more credible than the jailbreak debate had suggested.

The most important single finding of this analysis is this: both sides in this dispute are making coherent arguments, and both are missing something important. The government is right that a model capable of autonomously breaching NSA systems deserves more than 90 minutes of notice before being made globally accessible via API. Anthropic is right that no transparent, fair, legally grounded process exists for making that call, and that applying the standard used against Fable 5 consistently would make it impossible to deploy any frontier AI model anywhere.

The Fable 5 shutdown is the first major collision between frontier AI capability and national security law in history. It will not be the last. Furthermore, there is currently no framework in place to handle that clash — one that safeguards legitimate national security objectives without turning into a weapon of political or competitive warfare.

ABOUT THIS RESEARCH

This analytical case study was produced by Hasan The Analyst, a data analytics and business intelligence practice founded by Zarin Hasan (M.S. Statistics, Certified Data Scientist). It draws on primary sources including Anthropic’s official statement, CNN, Fortune, TIME, Tom’s Hardware, Snyk, ExplainX, TechTimes, Memeburn, Capacity, and congressional correspondence, all sourced between June 9 and June 27, 2026. It is written to inform and analyse, not to advocate for either side.

This report is analytical and educational. Nothing here constitutes legal or investment advice.