U.S. Suspends Export Control, Anthropic Re-Enables Fable 5 After 19 Days in the Dark

Commerce Department retreated this Wednesday and Anthropic reactivated the model with a new classifier against the jailbreak pointed out by Amazon researchers. Mythos 5 remains confined to about 100 American organizations.
Anthropic re-enabled Claude Fable 5 for users worldwide on Wednesday, July 1, a day after the U.S. Department of Commerce suspended export controls that had taken down the model on June 12. There were 19 days without the company’s frontier product available outside the sphere approved by the White House, a period during which agencies, banks, and consultancies outside the U.S. had to revert to Claude Opus 4.8 or migrate workloads to GPT-5.5 and Gemini 3.5 Flash.
Commerce Secretary Howard Lutnick stated in a note that he worked with Anthropic over two weeks "to analyze and approve Fable 5, ensuring alignment with the U.S. government and reinforcing U.S. leadership in AI." In the letter signed by Lutnick, Anthropic no longer needed an export license in exchange for three commitments: proactively detecting and mitigating security risks in the models, cooperating with the government on technical standards for future models, and reporting malicious activity to the authorities.
The Amazon Report That Became a Decree
The freeze had been triggered by a report from Amazon researchers describing a prompt injection technique capable of making Fable 5 identify software vulnerabilities and, in a specific case, generate proof-of-concept code. The document reached Lutnick's office and became the basis for the June 12 decree, which suspended access to the model "for any foreigner, inside or outside the U.S., including foreign employees of Anthropic itself."
Anthropic contests the reading that the finding represented a new offensive capability. Internal tests cited in the company's statement show that Opus 4.8, GPT-5.5, and Kimi K2.7 can identify the same vulnerabilities when faced with the same prompt, and that all tested models can reproduce the demonstration of exploitation of that specific vulnerability. According to Anthropic's own calculations, the exclusivity window of the "Fable 5 risk" was zero.
The fix the company proposed to the government was a dedicated classifier for that jailbreak pattern, trained to deny the request in approximately 99% of cases during internal tests. Anthropic acknowledges that the narrower focus increases the false positive rate in legitimate cybersecurity and programming queries. Researchers from the Center for AI Standards and Innovation (CAISI), a technical entity of the Commerce Department, tested both versions of the filter and classified the safeguards as "extraordinarily strong."
Mythos 5 in a Closed Club, Fable 5 Rationed
Fable 5 returns to Claude Platform, Claude.ai, and Claude Code for Pro, Max, Team plans, and some enterprise accounts. The quota until July 7 is 50% of the weekly limit for the most capable model, an explicit rationing to contain the peak of pent-up demand. Availability in AWS Bedrock, Google Cloud Vertex, and Microsoft Foundry will be announced "as soon as possible," according to the company.
Mythos 5, the frontier version of the line, has not returned to the open market. It remains restricted to approximately 100 American organizations within Glasswing, the partner program Anthropic uses for confidential access: federal agencies, defense contractors, and a block of Fortune 500 companies focused on cyber defense. Non-American employees within these organizations have also been granted access, creating a geographical exception within the exception. The U.S. government has not signaled a timeline for broader access.
The Effect on Global Buyers
For clients outside the U.S., the episode leaves two figures for the next contract negotiation. First, during the 19 days Fable 5 was offline, the availability curve dropped for all users of Claude Platform without geographic exception, which affected the office that Anthropic opened in Seoul on June 17 and the joint ventures with TCS and DXC announced on June 11 for regulated sectors. Indian consultancies with projects in Korean and European banks had to re-architect pipelines in the week following the decree.
Second, Anthropic now needs to notify Washington about "malicious activity." The clause does not describe a procedure, but creates a channel where interactions of global clients in sensitive sectors may come under scrutiny by the Department of Commerce before the client is notified. For European banks under DORA, for consultancies with federal contracts in the UK and Germany, and for outsourcing operations in India with American clients, the risk line for AI vendors now includes a jurisdiction that was not considered in the traditional vendor lock-in risk. It is a silent cost that only becomes apparent when the model is taken offline, as this quarter has just shown.