Three days of life: what the Fable 5 and Mythos 5 case tells us about the future of AI

Some weeks the tech industry moves at its usual pace. And some weeks an AI model is born on Tuesday and shut down on Friday. Anthropic's was the second kind.

On June 9, the company launched two models from its most powerful line, the Mythos class. One of them, Fable 5, was the first in that family released to the general public — a version with safety classifiers in front, designed to be usable without becoming a weapon. The other, Mythos 5, stayed restricted to selected partners of a cybersecurity program called Project Glasswing, which already gathered more than 150 organizations testing these capabilities inside their own environments.

Three days later, on Friday, at 5:21 PM New York time, a letter arrived. And both models went offline for everyone.

What the letter says

The sender was the United States Department of Commerce. The instrument was an export-control directive, justified by "national security authorities." The content: suspend any and all access to Fable 5 and Mythos 5 by any foreign national — inside or outside the US, including Anthropic's own foreign employees.

The letter did not detail what, exactly, the technical concern was.

Here lies the case's first operational irony. An AI platform served via API and chat products has no way to filter nationality in real time, request by request. Either you block foreigners — and you don't know who is a foreigner at the instant of the call — or you block no one. Faced with this practical impossibility, Anthropic did the only thing that guaranteed compliance: it shut down both models for the entire planet.

It is worth noting what was not affected, because that is what keeps the service standing: the other models remain normal. The company itself pointed to Opus 4.8 as the immediate migration path for anyone who depended on Fable 5 in production. The Fable API string started returning an error. For anyone with a pipeline running on top of it, it was like changing the engine with the car still moving.

The technical fight: a "jailbreak" at the center of it all

The reason for the intervention, according to Anthropic's own understanding, is the claim that there is a jailbreak method capable of breaking through Fable 5's safety classifiers — in theory, unlocking dangerous capabilities, especially in the area of software vulnerability discovery.

The company's public response was firm and, at the same time, careful. It said it had reviewed a demonstration of the technique and that, in practice, it only exposed a handful of already-known, low-severity vulnerabilities — vulnerabilities that other publicly available models also find, without needing any bypass.

Anthropic's position, in short: we disagree, but we comply. They argue that pulling a commercial model used by hundreds of millions of people because of a narrow, low-impact jailbreak is disproportionate — and that, if this became the industry's default criterion, no frontier model from any company would ever be released again. Because the uncomfortable truth, which they stated from launch, is that perfect resistance to jailbreaks does not exist today for any provider.

For those inside the field, two architecture details help explain the security design. External tests confirmed that Anthropic positions classifiers in front of the model and, on sensitive inputs, falls back to Opus 4.8 — something that, according to the company, happens in fewer than 5% of sessions. And there is a 30-day data-retention requirement for all Mythos-class model traffic, precisely to detect abuse patterns that do not appear in a single interaction. It is not a minor detail: it is an explicit choice to trade a bit of privacy for the ability to audit misuse.

Why this is bigger than a model

If the story were just "model goes offline over a security bug," it wouldn't be worth five minutes of your attention. What makes the case relevant is what it exposes about the ground frontier AI is standing on.

First, the precedent. It was a rare regulatory action — a government using export control to remove from the market, within hours, a software product already deployed globally. The discussion stops being "is AI too capable?" and becomes "who decides, by what criteria and with what due process, what may or may not stay standing?" Anthropic itself had been arguing that the government should be able to block unsafe deployments — but within a transparent, fair statutory process anchored in technical facts. Its criticism of the episode is precisely that none of that happened.

Second, the context. This was not the first friction between Anthropic and the American government, and it lands at a sensitive moment: a few days earlier, the company had confidentially filed its IPO paperwork, at a valuation in the range of US$ 350 billion. Regulatory risk and national security, which used to be a footnote, now enter the calculation of any investor looking at the stock.

Third, the backdrop that gives weight to the government's concern. The preview version of these models, back in April, had already shaken the cybersecurity world with its ability to find and exploit flaws at a superhuman pace. Not by chance, banks and even the Treasury Secretary sat down with the company in that period, and institutions like JPMorgan joined the testing program. When a model is good enough to become a matter for the National Treasury, it is also good enough to become a matter of national security. The two things go together.

Where we are now

As I write this, the outcome is open. Anthropic sent senior technical people to Washington to negotiate with the White House, and reports indicate both sides want to resolve it quickly. The company calls it all a misunderstanding and says it is working to restore access as soon as possible — with no date. The most likely scenario, according to those following it, is a conditional return: extra safeguards, or access released only to verified users, within days to weeks. But "likely" is not "guaranteed."

What remains

For those who operate infrastructure and systems, the practical lesson is old and always new: dependence on a single frontier provider is operational risk, not just commercial. A model can vanish for a reason that has nothing to do with your engineering — it can be a letter from a ministry on a Friday afternoon. Having a tested fallback path stopped being diligence and became a requirement.

And for the industry as a whole, the case is a warning that we have entered a new phase. The question is no longer just technical. It is about governance, about who holds the key, and about how to balance capability — which grows fast — with safeguards, which grow slowly. A model that lived three days may have taught more about that balance than many a report that took years.