The White House Is Asking Anthropic for the Impossible

A government can stop a risky AI model from reaching foreign users. But perfect jailbreak resistance is not a compliance standard any lab can reliably meet, and that is the direction officials now appear to be pressing on Anthropic's Fable 5.

A quick look at the record makes Washington's position easy to defend. Anthropic released Fable 5 to the public on June 9 while keeping Mythos 5 limited to vetted cyber defenders, then received a Commerce Department directive at 5:21 p.m. ET on June 12 that covered foreign nationals inside and outside the U.S., including Anthropic's own noncitizen employees, the company said. It echoes the first-access problem The Implicator previously identified around Mythos, where safety review and government access were already beginning to overlap before Fable shipped.

The stronger case for the order comes from Anthropic's own spring messaging. The company described Mythos-class models as able to find and chain software vulnerabilities at a level that, in its telling, required restricted access. TechCrunch reported that Anthropic initially gave Mythos access to about 50 companies and later expanded that to about 150 organizations in 15 countries. The BBC quoted Queen Mary University London's Gina Neff saying the U.K. AI Security Institute found the model could exploit defenses and systems 73% of the time.

If the government could show that a public model built on the same base system exposed restricted Mythos-level cyber capability to foreign users, it would have a real national security interest in pausing access first and arguing later. Anthropic said the disclosed potential jailbreaks provided "no Mythos-specific uplift," a claim that cuts against the premise. David Sacks put the administration's view in blunter terms, saying a trusted partner found a jailbreak and that Anthropic declined to fix it or pull the model. "The ball is in Anthropic's court," he wrote, according to several accounts of his post.

The problem is that the fix Washington appears to want is not a product patch. Anthropic said no tester had found a universal jailbreak after thousands of hours of red-teaming by the company, the U.S. government, the U.K. AISI, private testers and internal teams. The technique described to the company was narrower, Anthropic said, and involved asking the model "to read a specific codebase and fix any software flaws." That is an operational detail that matters because finding flaws is also what defenders ask these systems to do.

Katie Moussouris, the Luta Security founder Anthropic asked to review the Amazon research, made that point in the cyber community's clearest language. The reported method involved asking Fable to "fix this code" after the model refused a security-review request. She wrote that the behavior "cannot meaningfully be fixed, and any attempt would only weaken the model for defense," Fortune reported. "Defenders need to be able to ask AI to fix bugs in a file, explain why the fix matters, and write tests that confirm the patch works," she wrote.

Business Insider, citing a White House official, reported one reason officials did not back down: Amazon's findings had been run past the National Security Agency, and officials felt they had "proof." Amazon also had a defined relationship to both sides of the dispute. It is Anthropic's largest investor and a major cloud partner; reporting differs on whether its testing was self-initiated or done in response to an administration request for feedback.

Anthropic's 30-day retention rule for Fable conversations points to the other side of the argument: a model of control in which the company researches and mitigates jailbreaks after release while officials press for guardrails that cannot be circumvented before Fable returns. Cornell's Ayham Boucher put the engineering point more plainly to CNET: "all models can be jailbroken." Samir Jain of the Center for Democracy and Technology added the legal one, arguing that any regulation still needs a clear rule-of-law process when models generate speech.

The practical standard should be disclosure, testing, logging and narrow mitigation, not perfect resistance. A narrow code-fixing bypass might justify a pause if officials can show it reveals Mythos-level attack planning. Anthropic said the disclosed potential jailbreaks provided "no Mythos-specific uplift," and Fortune said the jailbreak, as described by Moussouris, did not unlock Mythos's most potent capabilities. That record does not justify treating perfect jailbreak resistance as the return-to-market standard for public models.

That makes Fable 5 less a clean win for either side than a warning about the standard Washington is choosing. Washington proved it can enforce a shutdown within hours; it has not shown that any lab can prove, as a condition of release or rerelease, that its guardrails cannot be circumvented.

Anthropic Shutdown Shows Washington’s New Test for AI Launches

Anthropic said a Commerce Department order arrived at 5:21 p.m. ET on June 12 and required it to suspend access to Fable 5 and Mythos 5 for foreign nationals, including some of its own employees. By m

The Implicator

A Friday Letter From Washington Took Anthropic's Two Best Models Offline

San Francisco | Monday, June 15, 2026 A single Commerce Department letter took Anthropic's two strongest models offline worldwide on Friday, the first time Washington has switched off a generally av

The Implicator

The Anthropic Shutdown Confirmed Europe's Fear of Depending on US Tech

Anthropic disabled its two most capable artificial-intelligence models, Fable 5 and Mythos 5, for every customer worldwide late on June 12, after the US Commerce Department ordered the company to bloc

The Implicator

Marcus Schuler

San Francisco

Editor-in-Chief and founder of Implicator.ai. Former ARD correspondent and senior broadcast journalist with 10+ years covering tech. Writes daily briefings on policy and market developments. Based in San Francisco. E-mail: editor@implicator.ai