Nineteen days. That is how long it took from the moment the US government ordered Anthropic to take its two most capable AI models offline to the moment Commerce Secretary Howard Lutnick went on X to say his department had cleared them for return. The speed of the resolution masked the scale of what Anthropic conceded to get there.
On June 30, 2026, the Department of Commerce formally lifted the export controls it had imposed on Claude Fable 5 and Claude Mythos 5 on June 12. Fable 5 began restoring access globally on July 1, returning to Claude.ai, the Claude Platform, Claude Code, and Claude Cowork. Mythos 5, the more restricted version built for cybersecurity applications, remains on a shorter leash — available only to roughly 100 approved US organisations operating and defending critical infrastructure.
KEY DEVELOPMENTS
- The US Department of Commerce formally lifted export controls on Claude Fable 5 and Mythos 5 on June 30, 2026, after nearly three weeks of negotiations between Anthropic and the White House.
- Fable 5 began restoring access globally on July 1 across Claude.ai, Claude Platform, Claude Code, and Claude Cowork; Mythos 5 access remains limited to approximately 100 approved US critical infrastructure organisations.
- Commerce Secretary Howard Lutnick confirmed the approval on X, saying his department had spent two weeks working with Anthropic to “analyze and approve Fable 5 to ensure alignment across the US Government.”
- Anthropic agreed to proactively detect and report security risks, share threat intelligence with the government, give agencies early access to test future frontier models before release, and co-develop an industry-wide jailbreak severity scoring framework with Amazon, Microsoft, and Google.
What Happened
Anthropic announced the restoration in a post on X on June 30: “We’ve received notice that the Department of Commerce has lifted export controls on Claude Fable 5 and Mythos 5. We’ll begin restoring access tomorrow.” Lutnick’s own post on X followed within hours. In a letter to the company, which CNBC reported viewing, Lutnick said Anthropic no longer required an export licence for its products after the company agreed to three core commitments: proactively detect and address security risks associated with the models, work with the government on protocols for future model releases, and report any malicious activity found in or among the models. Fable 5 will be available within 50 percent of weekly usage limits through July 7 for Pro, Max, Team, and selected enterprise plan subscribers before returning to full availability, and will also be re-enabled on Amazon Web Services, Google Cloud, and Microsoft Foundry as soon as technically possible.
The Backstory: Why the Controls Were Imposed
The Jailbreak That Started It
The original suspension on June 12 was triggered by a jailbreak — a method for bypassing a model’s safety filters. Amazon researchers discovered a technique capable of prompting Fable 5 to flag software vulnerabilities and, in at least one case, produce code demonstrating how a flaw could be exploited. The original suspension of Fable 5, covered in our reporting on the Claude Fable 5 export control directive, noted that Amazon CEO Andy Jassy’s conversations with the White House reportedly helped drive the original order. Anthropic received the directive at 5:21pm ET on June 12 and was given approximately 90 minutes to comply. Unable to segment users by nationality in real time, the company took both models entirely offline for all customers on every platform.
What Made Mythos Different
The underlying model behind both Fable 5 and Mythos 5 is the same. The distinction is the inference-layer safeguard system: Fable 5 ships with enhanced, publicly accessible restrictions on cybersecurity and biotechnology tasks, while Mythos 5 carries fewer restrictions and is reserved for trusted partners through Project Glasswing, Anthropic’s vetting programme for high-stakes government and enterprise deployments. The same architecture that makes Mythos 5 useful for patching vulnerabilities in critical infrastructure also makes it potentially dangerous if accessed without controls — a tension Anthropic had acknowledged publicly at launch but which the jailbreak finding made acute.
What Anthropic Fixed During the Shutdown
Anthropic trained a new safety classifier specifically targeting the jailbreak technique identified in Amazon’s report. By June 30, the company said the classifier blocks that technique in more than 99 percent of attempts. Requests that trigger the classifier are rerouted to Opus 4.8, the prior-generation model, with the user notified of the switch. Anthropic also launched a HackerOne bug-bounty programme specifically for Fable 5 jailbreak reporting, opened a team to monitor jailbreak disclosures around the clock, and committed to deploying fixes within hours of confirming any new severe jailbreak. The underlying model was not retrained, which matters: Anthropic’s position throughout the episode, consistent with its original Fable 5 launch statement on safety architecture, is that perfect jailbreak resistance is not achievable in any production model, and that the correct defence is fast detection, fast containment, and monitoring — not the belief that a single training run can eliminate all future bypass attempts.
Reactions
The episode has been read differently by different audiences. Within the AI industry, a recurring concern during the suspension was that restricting Anthropic’s models handed time to Chinese open-source developers who face no equivalent export controls on their own frontier work. Several technology executives and investors raised this point publicly, arguing that the crackdown weakened the US’s competitive position in AI precisely because it created a gap that Chinese alternatives could fill without any corresponding restriction on their own development or export.
A second reading, more sympathetic to the government’s position, frames the episode as a necessary demonstration that export controls can be applied to frontier AI models when warranted, establishing a precedent that did not clearly exist before. Abraham, an AI policy researcher quoted by Al Jazeera, summarised the forward-looking concern: “The biggest question now is: What precedent does this set for the industry? Does the US government need to approve every frontier model release?” The answer is not yet established, but the episode has made clear that the government has the appetite to act and a mechanism for doing so quickly.
The Dispute: Who Triggered the Order
One element that remains contested is the role Amazon played in initiating the suspension. Multiple reports, including from The Wall Street Journal, said Amazon researchers’ findings and conversations involving CEO Andy Jassy helped drive the original Commerce Department order. AWS is simultaneously Anthropic’s largest cloud partner and a direct competitor in enterprise AI. The company has its own models, its own Bedrock deployment platform, and — as of June 30 — its own Forward Deployed Engineering unit designed to embed AWS engineers inside the same enterprise accounts that Fable 5 was serving. Neither Anthropic nor Amazon has publicly confirmed the full sequence of events that led from the jailbreak discovery to the export control directive.
What Happens Next
The commitments Anthropic made to secure the restoration are structurally significant beyond this particular episode. Giving the US government early access to test future frontier models before public release, if applied consistently, would transform frontier AI model launches from unilateral company events into partially government-reviewed ones — a change with implications not just for Anthropic but for the industry’s entire model release cadence. The jailbreak severity scoring framework being developed jointly with Amazon, Microsoft, and Google could become the first cross-industry technical standard for evaluating AI security risk, defining what level of jailbreak exposure is acceptable in a publicly deployed model and what level requires action. Whether those commitments hold, and how they are interpreted in practice, will likely define the regulatory context for the next generation of frontier model launches.
The precedent question is already touching other labs. OpenAI previewed GPT-5.6 to a government-approved group rather than the public before its wider rollout, citing the same dual-use concern: a model capable enough to help security teams patch vulnerabilities is also capable enough to help attackers find them. What began as a specific episode tied to a specific jailbreak in a specific Anthropic model is settling into something that looks more like a new norm for how the US government intends to engage with frontier AI releases — not through mandatory pre-clearance, but through a combination of voluntary commitments, rapid-response export controls, and a capability-evaluation infrastructure that is still being built in real time.
Why It Matters
The episode closes with Anthropic in a stronger position than it was on June 12, but a structurally different one from June 9, when Fable 5 launched. The company has a working model back online, a new safety infrastructure in place, and a formal government relationship that includes earlier access to frontier releases and a shared threat intelligence channel. What it has given up is the ability to treat a frontier model launch as a purely commercial event. The government now has an established mechanism — export controls — and a willingness to use it quickly, giving Washington an effective veto over the global availability of any Anthropic model it determines presents a national security risk.
For Anthropic’s business, that creates a new category of launch risk that did not exist before June 12. Every future frontier release must now be evaluated not just against technical benchmarks and commercial readiness but against the question of how the government will react to its cybersecurity capabilities. That evaluation will presumably happen internally at Anthropic before release, through the new pre-release review process with agencies, and potentially again through the jailbreak severity scoring framework being developed with Amazon, Microsoft, and Google. The AI safety and AI regulatory landscapes have, in the space of nineteen days, grown considerably more entangled.