US AI export controls

Anthropic's 19-Day Shutdown Produced the First Frontier AI Export Control Settlement — and Defined the Terms for Every Lab That Follows

The Commerce Department's first AI model export control resolved via safety classifiers, pre-release government access, and a bug bounty — a compliance template others will face.

Fable 5 Shutdown: By the Numbers People of Internet Research · US 19 days Shutdown Duration Global access suspended June 12–30… >99% Jailbreak Blocked New safety classifier blocks repor… ~200 Glasswing Orgs Vetted critical infrastructure def… 10,000+ Flaws Found High/critical severity flaws surfa… peopleofinternet.com

Key Takeaways

On June 12, 2026, at 5:21pm ET, Anthropic received an export control directive from the U.S. Department of Commerce that halted its two frontier cybersecurity AI models — Fable 5 and Mythos 5 — for all users worldwide. The shutdown lasted nineteen days. On June 30, controls were lifted after Anthropic agreed to a set of conditions that, in aggregate, represent something more significant than any individual concession: a negotiated compliance template for how frontier AI models with national security implications are expected to be deployed going forward.

The Security Case Was Real

Before debating proportionality, the underlying concern deserves a fair hearing. On June 22, 2026, the Five Eyes intelligence alliance — CISA and NSA for the United States, plus counterparts from the UK, Australia, Canada, and New Zealand — issued a joint advisory warning that frontier AI models will "fundamentally transform both offensive and defensive cyber capabilities." The timeline, they warned, is "not years, it is months."

The specific trigger for the Fable 5 action was a jailbreak technique identified by Amazon researchers that could bypass the model's cybersecurity safeguards and assist in identifying software vulnerabilities. The Commerce Department invoked Section 4817(b)(1) of the Export Control Reform Act of 2018, which authorizes interim controls on "emerging and foundational technologies essential to national security," and issued Commerce Secretary Howard Lutnick's Informed Letter requiring export licenses before any access, worldwide. The Five Eyes advisory had specifically named Fable 5 among the models of immediate concern. The government's case was not invented.

A Novel and Legally Uncertain Expansion of Authority

The legal theory underlying the directive is unprecedented, and its durability is uncertain. By treating remote API access to an AI model as an "export" under the Export Administration Regulations, Commerce departed from its own prior advisory opinions from 2009, 2011, and 2014, each of which concluded that remote-access cloud transactions do not constitute technology transfers subject to the EAR.

A detailed analysis by CSIS found that the EAR's Section 744.22(b) — the "military-intelligence end user" provision also cited — only permits worldwide license requirements in narrow circumstances that do not straightforwardly cover cybersecurity-capable AI models accessed by civilians globally. CSIS further noted that the jailbreak vulnerability "is not restricted to Fable and is inherent to all modern language models," raising the concern that treating such vulnerabilities as export-controllable events would set "an impossible bar" that no commercially deployed model could clear.

If those critiques are right, Commerce would have faced a difficult legal fight had Anthropic chosen to contest the directive. Instead, the company chose negotiation — a pragmatic decision that produced a workable outcome but leaves the underlying statutory questions unresolved for future administrations and companies.

What Anthropic Agreed To

The settlement covers five areas. First, Anthropic retrained its safety classifier to block the jailbreak technique in more than 99% of cases, with a candid acknowledgment that this increases false positives for some legitimate coding requests. Second, the company committed to expanded pre-release government access for model evaluation before future launches. Third, it launched a HackerOne bug bounty program specifically for cybersecurity jailbreak submissions. Fourth, Anthropic agreed to rapid disclosure of significant security vulnerabilities and dedicated staff and compute resources to joint government research. Fifth, the company is working with Amazon, Microsoft, and Google to develop an industry-wide framework for grading jailbreak severity across four dimensions: capability gains over existing tools, task breadth, weaponization ease, and discoverability.

Taken together, these commitments move frontier AI governance away from a binary on/off model toward something more granular: a continuous relationship between the developer and government security authorities, structured around disclosure obligations, technical safeguards, and joint research.

Project Glasswing Points the Way

The treatment of Mythos 5 — Anthropic's more powerful cybersecurity model — offers a complementary lesson. Controls were fully lifted as of June 30, but access remains restricted to vetted U.S. organizations through Project Glasswing, Anthropic's controlled-access program for critical infrastructure defenders.

Glasswing now encompasses roughly 200 organizations including Amazon, Microsoft, Google, Cisco, CrowdStrike, and the Linux Foundation, covering sectors including power, water, healthcare, and communications. Initial partners collectively discovered more than 10,000 high- or critical-severity security flaws in under two months. For most of these organizations, Anthropic estimates that a major attack could affect more than 100 million people.

The tiered model Glasswing represents — full public availability for broadly capable models, vetted access for the most powerful versions — is more proportionate than either blanket publication or blanket restriction. It does not force a single government agency to make a binary call on whether a model is too dangerous for the world. It distributes that judgment across a structured vetting process with defined security obligations.

What This Precedent Should and Should Not Mean

The Fable 5 episode is the first known instance of the U.S. government using export control authority to withdraw an AI model from public access. Its resolution is a qualified success: the controls were temporary, the agreements are concrete, and the specific vulnerability has been addressed.

What it should not become is a default playbook for every security edge case in a frontier model. Export controls applied globally because a model class shares a common jailbreak vulnerability would effectively cap civilian AI at a security threshold that no large language model currently meets. That would be disproportionate.

The better reading is narrower: when a specific, documented vulnerability provides meaningful uplift for offensive cyber operations, structured government engagement is warranted — and the engagement should yield a compliance package, not an open-ended shutdown. The Fable 5 settlement meets that standard.

What neither the administration nor Anthropic has resolved is the statutory foundation. Congress has not defined remote API access as an export transaction. BIS has not issued regulations implementing ECRA's emerging technology authority. Prior advisory opinions still assume the opposite. The next frontier lab to receive an Informed Letter may not choose negotiation — and the courts will then decide what the law actually says.

Until that clarity arrives, the Fable 5 settlement functions as de facto policy: a compliance framework that other frontier labs will face, without the legal durability that would make it stick.

Sources & Citations

  1. Anthropic: Fable & Mythos Access Statement
  2. 50 U.S.C. § 4817 — Export Control Reform Act
  3. CSIS: Commerce Restricted Anthropic Models — What Comes Next
  4. The Record: US Lifts Export Controls on Anthropic Cyber Models
  5. CyberScoop: Five Eyes Alliance on AI Hacking Models
  6. Anthropic: Expanding Project Glasswing