Gradient Brief

Special Edition • Saturday, June 13, 2026 • ~8 min read

Gradient Brief

MLOps & AI Infrastructure — for the engineers building it

The First Model Recall

Three days after Anthropic shipped the most capable AI model the public had ever used, the US government ordered it turned off. Here is what the directive said, why an order aimed at foreign nationals shut the product down for everyone, and what it changes if you build on frontier models.

On Friday evening, at 5:21 p.m. Eastern, Anthropic received a letter from the US government. By the end of the night, Claude Fable 5 and Claude Mythos 5, the two most capable models the company has ever fielded, were dark for every customer on earth. Fable 5 had been generally available for three days. It launched on Tuesday, June 9, billed as the first model in Anthropic's new Mythos-class tier made safe enough for the public, and independent testing from Vals AI had already ranked it the most capable model anyone could use.

This appears to be the first time Washington has forced a commercial AI product offline. Not a chip ban. Not a country-level geofence. A live, deployed model, pulled by order.

The facts, fast:

  • What: An export control directive citing national security authorities, suspending all access to Fable 5 and Mythos 5 by any foreign national, inside or outside the US, including Anthropic's own foreign-national employees.
  • When: Received June 12 at 5:21 p.m. ET. Fable 5 had launched June 9.
  • Scope: Because nationality cannot be verified in real time across every account, the practical effect is a global shutoff of both models. All other Claude models stay online.
  • Status: Anthropic complied, called the action a misunderstanding, disputed the technical basis publicly, and said it is working to restore access.

Why an order about foreign nationals took down the whole product

The directive did not say "turn it off for everyone." It said no foreign national may access these two models, whether they sit in San Francisco or Singapore. In theory that leaves US persons free to keep working. In practice it does not.

To honor a person-based restriction, Anthropic and its distribution partners would need a reliable way to confirm citizenship or immigration status across consumer logins, corporate workspaces, API keys, cloud marketplaces, contractors, and staff, and then guarantee that an approved user never hands an output or a session to an unapproved colleague. No provider can do that across a shared cloud service in real time. So Anthropic chose the only control that could not misclassify a prohibited user. It disabled the endpoints for all of them.

Analysts have read the order through the lens of a "deemed export." Under 15 CFR 734.13, releasing controlled technology or source code to a foreign person inside the United States can count as an export to that person's home country. The Commerce letter itself is not public, so it is not clear how the government classified hosted model access, which authority it actually invoked, or whether ordinary inference is now being treated like a transfer of controlled technology. That ambiguity is part of the story. For years, the export-control fight over AI lived in semiconductors. It just moved to the model layer.

The technical dispute

The letter did not spell out the national security concern. Anthropic's understanding, laid out in a same-night statement, is that the government believes someone has found a way to jailbreak Fable 5.

Anthropic says it reviewed a demonstration of the technique. By its account, the method amounts to asking the model to read a specific codebase and fix the software flaws it finds, and what it surfaced were a few previously known, minor vulnerabilities. The company says other publicly available models, including OpenAI's GPT-5.5, find the same flaws without any bypass at all, and that the same capability is used every day by the defenders who keep systems patched.

To understand why Anthropic is pushing back so hard, it helps to know how Fable was built. Mythos-class models are strong enough at finding and exploiting software vulnerabilities that Anthropic kept the unguarded version, Mythos, restricted to roughly fifty vetted organizations through a program called Project Glasswing. Fable 5 is the same underlying model with guardrails bolted on. A set of classifiers watches for requests touching cybersecurity, biology and chemistry, or model distillation, and quietly routes those to the less capable Opus 4.8 instead of answering directly. Anthropic says this triggers in fewer than five percent of sessions. The company paired that with a 30-day data retention requirement so it can detect attacks that play out across many requests, and it red-teamed the safeguards for thousands of hours alongside the US government, the UK AI Safety Institute, and outside firms.

The center of the argument is a distinction between two kinds of jailbreak. A narrow, non-universal jailbreak pries loose some information in a specific situation. A universal jailbreak broadly defeats the safeguards across a wide range of tasks. Anthropic says no tester has found a universal jailbreak for Fable, though the UK institute did make early progress on a partial one for single-turn queries. Its position is that perfect jailbreak resistance is not possible for anyone today, that every safeguard in the industry yields to some narrow attack, and that the right response is a defense-in-depth posture of guardrails plus monitoring, not a recall.

Anthropic complied with the order. It also said plainly that it disagrees. Recalling a model used by hundreds of millions of people over a narrow potential jailbreak is, in its words, disproportionate, and if that became the standard across the industry it would essentially halt every new frontier launch. The company has argued before that the government should be able to block unsafe deployments through a process that is "transparent, fair, clear, and grounded in technical facts." Its read is that Friday's action met none of those tests.

The fight underneath the fight

This did not come out of nowhere. The shutdown lands in the middle of an escalating standoff between Anthropic and parts of the national security establishment.

Earlier this year, negotiations between Anthropic and the Department of Defense broke down in public. Reporting at the time said the DOD went on to designate Anthropic a supply-chain risk, language that frames a vendor as a potential threat to national security. The friction, according to that reporting, traced to Anthropic refusing an "all lawful use" standard for military deployment while holding firm on limits around mass domestic surveillance and fully autonomous weapons. At the same time, US agencies and critical-infrastructure partners have been eager for exactly the advanced cyber capability that Mythos provides. Want the tool, distrust the maker.

There is an irony in the timing that several observers caught immediately. Anthropic has been the loudest lab in the world about how dangerous its own models are. It told everyone that Mythos found flaws in every major operating system and browser it tested. It restricted the model. It built conservative guardrails it admitted were too broad. That posture is consistent with the

Keep Reading

© 2026 Gradient Brief.
beehiivPowered by beehiiv