The three-week freeze on Anthropic’s most capable models is over, and the terms of its ending matter more than the fact of it. The U.S. Department of Commerce has withdrawn the export controls imposed on Claude Fable 5 and Mythos 5, and the Bureau of Industry and Security now says no license is required to export, reexport, or transfer either model. Anthropic confirmed it received notice of the reversal and will begin restoring access on Wednesday, July 1. The episode leaves behind a precedent the security market should read closely: a demonstrated jailbreak of a frontier model’s guardrails was enough, on its own, to trigger a full national-security export action.
We’ve received notice that the Department of Commerce has lifted export controls on Claude Fable 5 and Mythos 5. We’ll begin restoring access tomorrow, and will share an update soon.
— Anthropic (@AnthropicAI) June 30, 2026
A Directive Built on a Jailbreak
The models went live on June 9. Three days later, on June 12, Commerce issued a directive citing national-security authorities. The trigger was not a hypothetical. A trusted partner — reported to be Amazon — had found a working jailbreak of Fable 5’s safety guardrails, and the government’s concern was that the model could be coerced into offensive cyber and biological uplift. Fable 5 is the public-facing member of the Mythos class, shipped with additional guardrails precisely because the underlying architecture is powerful enough that Anthropic has acknowledged it can assist real attacks. The jailbreak collapsed the distinction the guardrails were meant to hold.
The remedy was severe. Commerce ordered Anthropic to suspend all access by any foreign national, inside or outside the United States, including the company’s own foreign-national employees. Segmenting a global user base by nationality in real time is not something any platform can do cleanly, so Anthropic took both models entirely offline — Claude.ai, the API, Claude Code, and partner surfaces including AWS Bedrock. The control was written for a licensing regime; the operational reality was a hard shutdown.
The Path Back
Resolution came in stages rather than a single reversal. On June 26 the government cleared Anthropic to restore Mythos 5 for a set of approved U.S. organizations. Over the following two weeks Commerce and Anthropic worked through Fable 5’s risk profile until BIS concluded the diversion risk no longer justified the June 12 controls and withdrew them. Fable 5 returns to global users on the Claude platform, Claude.ai, and Claude Code starting Wednesday, and Anthropic is counting it for up to half of weekly usage limits through July 7 for Pro, Max, Team, and selected enterprise plans. Re-enablement on AWS, Google Cloud, and Microsoft Foundry is to follow as fast as the company can move.
Where the Cyber Risk Now Sits
The controls are gone, but the containment architecture that provoked them remains the more durable story. Fable 5 is barred from answering entire categories of prompts, including cybersecurity and biology, and routes those requests to a separate model, Opus 4.8, rather than answering directly. Mythos 5 — the ungated version — stays inside a narrow channel. Anthropic will keep expanding its availability through Glasswing, the company’s program that grants vetted organizations access to advanced models for defensive security testing, on a partner-by-partner basis coordinated with the government. The market takeaway is that frontier cyber capability is no longer being released; it is being metered, with the strongest tooling reserved for defenders operating under supervision.
The Strategic Frame
The standoff drew criticism because it arrived at an inconvenient moment. Chinese open-source models are closing the capability gap while undercutting on price, and every week a leading U.S. model spends offline is a week handed to developers trying to catch up. That argument, raised by executives and investors during the freeze, plainly weighed on the resolution. It also removes a bottleneck ahead of Anthropic’s expected fourth-quarter IPO, since a model line frozen by export control is not a clean asset to take public.
The controls lasted three weeks and were withdrawn without either side detailing what changed in Fable 5 to satisfy Commerce. What will outlast them is the lesson the freeze taught in real time: for a frontier model, the capability itself is now the control surface, and a single reproducible jailbreak is enough to move the entire question from the product roadmap to the national-security desk.
Leave a Reply