News · 2026-06-25
The US government just banned Anthropic's most powerful AI model
Anthropic's most capable model has been switched off for everyone on Earth for almost two weeks, and not by Anthropic's choice. The US government ordered it dark. It is the first time Washington has reached past the hardware and export-controlled an AI model itself, and the story behind it is stranger than the headlines suggest.
Start with what the two models actually are, because the names confuse people. On June 9, Anthropic released Fable 5 and Mythos 5, and underneath they are the same model. Fable is the public version, carrying safety classifiers that quietly hand off the most dangerous cybersecurity, biology, and chemistry requests to a weaker model instead. Mythos is that exact same model with those guardrails removed, offered only to a small set of vetted partners, around 150 to 200 of them including Apple, NVIDIA, Samsung, and the US government, through a controlled program Anthropic calls Project Glasswing. The only thing separating the two names is the safety layer.
Then, three days after launch, Commerce shut it down. On June 12 the department ordered Anthropic to cut off all foreign-national access to both models worldwide, including its own foreign-national employees. Anthropic said it had no realistic way to enforce that by nationality, so it took the only option it had and disabled Fable 5 and Mythos 5 globally. They are still offline today. This is genuinely new ground: the US has controlled the export of chips for years, but never the model running on them, and export-control lawyers quoted by Reuters openly question whether Commerce even has the legal authority to do this for software accessed over the internet.
The reason for the ban traces to one event, and the version going viral online is wrong. During a sanctioned NSA red-team exercise on June 11, a test the agency ran against its own classified networks, Mythos found vulnerabilities across nearly all of those systems in a matter of hours. That result was described in testimony to a senator and leaked to the press as the AI breaking into almost all of the government's classified systems. What is circulating now, that an Anthropic AI hacked the NSA, is false. It was an authorized internal security test, the model identified weaknesses rather than exploiting them, and the journalist whose report went viral publicly walked back the literal reading, saying it would be a mistake to read it that way. The day after the test, the ban came down.
Why it matters: strip away the spy-thriller framing and this is a precedent-setting fight about who controls access to frontier AI. For the first time, a government has treated a model the way it treats a weapon system, and the company that built it is arguing, in public and in letters signed by 80 to 100 cybersecurity leaders including former Facebook security chief Alex Stamos, that the same capability exists in competitors' models and that the cure is worse than the disease. Anthropic and Commerce have been negotiating nearly every day since, and prediction markets put the odds of a US-first restoration before July 1 at roughly even. Nothing has been announced, and both models are still dark. However this particular case resolves, it is now the template for the next one.
Two notes on what is and isn't nailed down. The clean facts here, the shared model, the June 9 launch, the June 12 suspension, and the sanctioned-test correction, come straight from Anthropic's own statements and on-the-record reporting. Some of the spicier details making the rounds, that Amazon flagged the capability to the White House and that Anthropic engineers are embedded inside the NSA for offensive operations, trace to Wired and the Financial Times and have not been officially confirmed. They are credible but unconfirmed, and worth holding at arm's length until they are.