Who Should Decide Which AI Is Too Dangerous?
On June 9, 2026, Anthropic launched Claude Fable 5. Three days later, the US government made it disappear.
Not a slow rollback. Not a voluntary pause. A letter from Commerce Secretary Howard Lutnick to CEO Dario Amodei, received at 5:21pm ET on June 12, directing Anthropic to suspend all access to Fable 5 and its restricted sibling Mythos 5 for any foreign national, anywhere in the world, including Anthropic’s own employees. Anthropic couldn’t filter users by nationality in real time. So they shut it down for everyone.
Fable 5 was Anthropic’s first public release built on Mythos, its most capable and restricted model class, previously available only to a small group of government-vetted organizations through Project Glasswing. This is the first time the US government has used pre-deployment authority to pull a commercially deployed AI model from the market. The precedent is the story.
The Same Vulnerability, A Different Outcome
The stated reason for the shutdown was a jailbreak. A specific technique for bypassing Fable 5’s safeguards, identified by what David Sacks described as “a highly trusted partner trusted by both Anthropic and the US government.” Sacks, co-chair of the President’s Council of Advisors on Science and Technology, said the fix was straightforward: patch the vulnerability and Fable can go back online.
Anthropic’s response was that the jailbreak was narrow. Not a broad bypass of the model’s capabilities, but a specific technique that worked in limited circumstances. And then the detail that should stop anyone reading this: Anthropic said the same vulnerability existed in other publicly available models, including OpenAI’s GPT-5.5.
Those models weren’t touched.
One company gets a Commerce Secretary letter. A named competitor, with a documented version of the same vulnerability, keeps operating. That is not a safety standard being enforced. A safety standard applies to the hazard, not to the company. When the same hazard produces a shutdown for one firm and nothing for another, what’s being applied is discretion, and discretion wearing a safety justification is harder to challenge than discretion that admits what it is.
Anthropic has called for oversight that is, in their own words, transparent, fair, clear, and grounded in technical facts. What they got was an undisclosed national security concern, a letter with no specifics, and a deadline measured in hours.
The Backdrop Nobody Should Skip
This didn’t happen in a vacuum. In March 2026, the Department of Defense classified Anthropic as a “supply chain risk”, a designation Anthropic was contesting in court. The conflict reportedly centered on Anthropic’s refusal to make Claude available for mass domestic surveillance and fully autonomous weapons systems without restriction.
So when a narrow jailbreak becomes the basis for a global shutdown of a single company’s model three months later, the question of whether this is a genuine security measure or pressure on a company that said no is not paranoid. It’s the obvious question. And the public record cannot answer it, because there is no record. No published finding, no technical disclosure, no process anyone outside two organizations can see.
That opacity is the point. A legitimate safety action can survive being examined. This one is structured so it can’t be.
Is Anthropic a Sympathetic Victim Here?
Worth pausing on, because the answer isn’t clean.
Anthropic confidentially filed its IPO prospectus with the SEC on June 1, eight days before Fable 5 launched. A company heading for a public offering has every reason to look like the responsible adult in the room, and “we called for our own regulation” is a good line for investors nervous about a government crackdown. Some of the safety positioning is, undoubtedly, positioning.
But the record runs deeper than IPO season. Anthropic disclosed that Chinese state-sponsored hackers used Claude Code to run what they called the first documented large-scale cyberattack carried out without substantial human intervention. They didn’t have to. A researcher extracted what Claude itself called a “soul document” from the model weights, and rather than deny it, Anthropic’s character lead confirmed it was real. Dario Amodei has twice called for AI companies, his own included, to be taxed to fund support for workers AI displaces. Days before the shutdown, he published an essay calling for exactly the kind of government authority to block dangerous models that was then used against him.
You don’t have to find Anthropic noble to see the problem. The argument here doesn’t depend on Anthropic’s sincerity. It depends on whether the government followed a process anyone can inspect. It didn’t.
This Is the Dark Mirror of an Argument I’ve Made
I’ve written before that voluntary AI governance can’t handle what’s coming, that we need real oversight with mandatory reporting, audits, and enforced constraints, the way we regulate food safety rather than trusting processors to self-certify. I still believe that.
The Fable 5 episode is what that argument looks like when it goes wrong. Oversight arrived. It just arrived with no published standard, no technical basis anyone can review, no process to challenge, and a curiously selective target. This is the version of government authority that should worry the people who want government authority. Because it discredits the legitimate case for it.
Real oversight and arbitrary power both look like a letter from the Commerce Department. The difference is whether there’s a standard behind the letter, applied evenly, that the public can see. Strip that away and you don’t have governance. You have whoever holds the authority, using it, on whatever basis they choose, against whoever they choose.
What Compliance Buys You
Here’s the question that outlasts this particular shutdown. If the most safety-focused major lab can be pulled from the market on a narrow jailbreak that its competitors share, with no process and no published reason, what exactly does compliant behavior buy a company?
The honest answer right now is: not much. Transparency didn’t protect Anthropic. Disclosure didn’t. Calling for regulation didn’t. The next time a lab finds something alarming in its own model, the Fable 5 precedent is sitting there as a reason to keep quiet, because candor and cooperation were rewarded with a kill switch.
That’s the real cost, and it isn’t Anthropic’s to bear alone. It lands on everyone downstream who depends on these tools and has no say in any of this. Including the social-sector organizations building real work on top of models that can vanish by end of business on a Thursday.
The question of who gets to decide which AI is too dangerous doesn’t have a good answer yet. What this episode tells us is what the answer can’t be allowed to become: a letter, no standard, no process, no appeal, and a different rule depending on which company you are.
Anthralytic is a strategy and evaluation studio for mission-driven organizations. We work at the intersection of measurement, impact, and decision-making systems, including the ones nobody voted on.

