U.S. order forces Anthropic to suspend Fable 5, Mythos 5

NextGov reports that the Trump administration issued an export control directive suspending access to Anthropic’s Fable 5 and Mythos 5 by any foreign national, including foreign nationals inside the United States and foreign national employees of the company. Anthropic’s response is broader: it says compliance effectively requires disabling both models for all customers while it works through the order. Other Anthropic models are not affected.

The operational problem is not abstract AI policy. Mythos 5 was being offered through Project Glasswing, a limited trusted-access program for cyber defenders and critical infrastructure operators, and Anthropic has described it as a powerful vulnerability-detection model with obvious dual-use risk. That is exactly the kind of tool defense-industrial-base contractors, government security teams and managed service providers would want for scanning code and finding flaws. It is also exactly the kind of tool export-control officials worry can help adversaries do the same work offensively.

The government’s stated concern, according to the article, appears to be a reported jailbreak. NextGov says Axios reported that Commerce acted after another company claimed it had jailbroken Mythos. Anthropic pushed back, saying the government had provided only verbal evidence of a “potential narrow, non-universal jailbreak” involving asking the model to read a specific codebase and fix software flaws. Anthropic also said the capability described in the report is widely available from other models, including OpenAI’s GPT-5.5, and is used every day by defenders.

That is where this becomes a procurement problem. If the standard is “a model can help identify and repair vulnerabilities,” then a specialized cyber model is always going to make regulators nervous and defenders interested. If the standard is a specific jailbreak, then the public record needs enough consistency for buyers to know which tools can survive an award, a pilot or an authority-to-operate package. The order restricts Anthropic’s models while, on the facts reported, leaving GPT-5.5 Cyber outside the directive. Maybe Commerce has facts the public does not. But the market cannot build compliance plans around facts it cannot see.

The timing makes the gap worse. Earlier this month, NextGov reported that the administration’s cybersecurity-focused AI executive order encouraged developers of advanced AI to give the federal government and certain critical infrastructure operators 30 days of pre-release access, while avoiding a formal licensing or preclearance regime, https://www.nextgov.com/artificial-intelligence/2026/06/trump-signs-ai-executive-order-after-postponement-last-month/413912/. NextGov also reported this week that agency technology leaders were frustrated by a lack of White House guidance on how to access and implement Mythos, https://www.nextgov.com/artificial-intelligence/2026/06/lack-white-house-guidance-has-complicated-agency-mythos-adoption-people-familiar-say/414093/?oref=ng-homepage-river. Now the model those agencies were trying to understand is unavailable.

For practitioners, the Monday answer is inventory and contingency planning. Do not treat access to a frontier cyber model as a stable control dependency unless the contract, export-control posture and fallback tooling can survive a government order. That is not an argument against using these systems. It is the lesson from the first hard enforcement signal: dual-use AI procurement now carries regulatory availability risk, and that risk belongs in the vendor file before the pilot becomes the plan.