Two weeks after a US government directive withdrew Anthropic’s most capable models from all users — including the restricted group created specifically to handle them — neither model has returned to service. The episode is worth examining carefully, because the questions it raises extend well beyond one AI company’s product cycle.
The background begins in late March 2026, when two separate leaks — unpublished files and internal model code — revealed that Anthropic was developing a new model family internally codenamed Capybara. In April, Anthropic confirmed the existence of the project with an official Mythos Preview announcement. The model was notable for one capability in particular: autonomous vulnerability discovery. It identified long-standing flaws in widely deployed software with a fluency that, by Anthropic’s own account, exceeded any prior model. That capability is why Mythos Preview never went to general release. Instead, Anthropic formed Project Glasswing — a working group of organisations responsible for critical software infrastructure — and allocated token budgets for controlled testing. On 2 June, Glasswing expanded to 150 organisations across more than 15 countries.
One week later, on 9 June, Anthropic released Mythos 5 to Glasswing members and launched Fable 5 for general availability. These are not the same model. Mythos 5 is the full version. Fable 5 carries an internal classifier that intercepts two categories of query: those related to malicious cyberattacks — exploits, malware, offensive tooling — and those related to the construction or enhancement of pathogens. Anthropic’s public framing is deliberately broad on that second category; the operational intent is specifically pathogen design and augmentation. Intercepted queries are rerouted to Opus 4.8, with a visible notice to the user. A third restriction, applied less visibly, covered prompts that appeared to be extracting Fable 5’s capabilities to train another model. This redirect operated without a user-facing warning. Between 9 and 11 June, the AI community identified and challenged the practice. Anthropic responded by making all redirects explicit.
On 12 June, a US government directive prohibited non-US citizens from accessing Mythos 5 and Fable 5. The restriction applied to Anthropic’s own employees without US citizenship. The stated basis was a discovered jailbreak — a method for bypassing the classifier and drawing responses from Fable 5 rather than Opus 4.8. Anthropic publicly disputed the directive but complied. Rather than implement a rapid US-only access solution, both models were withdrawn entirely. Access has not been restored.
The precedent worth noting here is the US supercomputer export controls of the 1990s, which applied to machines exceeding a processing threshold expressed in MTOPS — millions of theoretical operations per second. Apple’s Power Mac G4, upon reaching 2,775 MTOPS in 1999, became subject to export restrictions and could not be sold to more than 50 countries. Steve Jobs positioned the classification as validation: a computer powerful enough for the government to treat it as a weapon. A modern smartphone now delivers hundreds of gigaflops. The control regime did not fail; the technology simply outpaced the threshold faster than anyone anticipated.
The Anthropic timeline carries a detail that is difficult to ignore. The company filed for its IPO on 1 June. Eight days later it released a model that the US government moved to export-control. Whether the sequence is strategic or coincidental, the outcome is structurally similar to the Jobs moment: a model launch certified by government restriction as a benchmark of capability. OpenAI filed for its own IPO within days.
Key message: The Fable 5 situation illustrates something with direct relevance for regulated organisations planning AI adoption: access to frontier AI capability is increasingly a matter of policy, not procurement. Export restrictions, tiered access programmes, and classifier-driven model routing are not theoretical governance considerations — they are operational realities affecting what AI models your organisation can use, who in your organisation can use them, and under what conditions access may be withdrawn.