On June 12, 2026 at 5:21pm ET, Anthropic received a letter from the US government that disabled the strongest commercially available AI model in the world for almost everyone on Earth. The statement the company published the same evening was six paragraphs long, but the legal mechanism it describes is older than the internet and stranger than most readers will recognize. The directive targets a category of person rather than a category of capability, which means the people who lose access depend on their passport, not their prompt. This long read unpacks what the order actually does, who actually loses access, and why the answer to "is Fable 5 only for Americans" is yes for citizens and no for permanent residents and the answer is mostly no for the thirteen Glasswing partners and the answer is "ask your lawyer" for green card holders, in roughly that order.
What the order says, in plain English
The Anthropic statement quotes the operative language: "the US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees." The phrase to notice is "by any foreign national," not "to any country" and not "of any capability." The order is a person-based restriction enforced through an export control mechanism, which is an unusual combination but not an unprecedented one.
The same paragraph then explains the practical effect: "the net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance." The company is not making a claim that the order requires disabling for everyone. It is saying that, given the architecture of the product and the cost of getting it wrong, disabling for everyone is the only path it is willing to take. That distinction is going to matter in a moment.
The statement also confirms that "access to all other Anthropic models will not be affected." Claude Opus 4.8, Claude Sonnet, Claude Haiku, Claude Code, Claude Cowork, Claude for Chrome, Claude for Slack, and the rest of the production surface continue to operate. The order is targeted at two specific model versions and does not extend to the rest of Anthropic's product line.
The "foreign national" concept, and why it is not the same as "non-citizen"
US export control law, codified primarily in the Export Administration Regulations (EAR) administered by the Bureau of Industry and Security (BIS) in the Department of Commerce, defines a "US person" as a citizen of the United States, a lawful permanent resident of the United States (a green card holder), a person who has been granted asylum in the United States, a person who has been admitted as a refugee to the United States, or a corporation or other entity organized under the laws of the United States or any US state or territory. Everything that is not a US person is, in the export control sense, a "foreign person" or "foreign national." The order language uses the latter term, which is the more common phrasing in national security directives.
The consequence of this definition is that a French citizen who has lived in San Francisco for twenty years on a green card is, for the purposes of this order, a US person. A French citizen who has lived in San Francisco for twenty years on an H-1B visa is, for the purposes of this order, a foreign national. Both of them are equally French, equally resident in California, and equally subject to US tax law, but the order treats them very differently.
This is the part of the directive that often gets lost in the "for US citizens only" shorthand. The order is, in practice, more permissive than the shorthand suggests for permanent residents and asylees, and significantly more restrictive than the shorthand suggests for US citizens abroad, who keep their access regardless of where they are physically located. A US citizen working remotely from Berlin, Tokyo, or Buenos Aires is still a US person for export control purposes, and the order does not require Anthropic to disable their access based on geography alone.
The legal gray area, which Anthropic's statement does not resolve and which the order itself does not address, is what to do about access by foreign nationals who are physically inside the United States. The order covers them ("any foreign national, whether inside or outside the United States"), but the practical mechanics of distinguishing them from US persons at the API edge is the reason Anthropic chose to disable for everyone. The point is not that the order is impossible to comply with on a per-user basis. The point is that the cost of being wrong is severe enough that the only defensible compliance posture is to remove the surface.
Why "disable for everyone" is a compliance choice, not a technical limit
The choice Anthropic made is the most interesting part of the order, because it tells you something about how the company expects export control law to apply to frontier models over the next several years. Three reasons stack up.
First, Fable 5 and Mythos 5 are served from a central API. There is no per-user model sharding that would let Anthropic serve a US-person-only version and a foreign-national-only version from the same model weights. The product architecture does not currently include a nationality attestation layer, and adding one would itself be a significant change to the product, not a switch to flip.
Second, the legal cost of a leak is asymmetric. Export control violations under the EAR carry civil penalties up to roughly $360,000 per violation or twice the value of the transaction, whichever is greater, and criminal penalties up to $1 million per violation and 20 years in prison for individuals. "Almost compliant" is not a defensible posture when the marginal cost of going from "almost compliant" to "fully compliant" is to disable the model for a few thousand additional users, including the customers who were going to use the model most aggressively.
Third, disabling for everyone is reversible in a way that granular gating is not. The day the order is rescinded, Anthropic can flip the model back on for all users with no migration path required. A per-user gating system, once built, would be hard to roll back and easy to challenge from either side: foreign nationals would challenge the existence of the gate, and the US government would challenge the precision of its implementation.
The choice is not an admission of technical limitation. It is a compliance optimization that other US-hosted frontier model providers will be studying closely. If OpenAI, Google, or xAI received a comparable directive tomorrow, the same three pressures would push them to the same answer.
What the order does not do
The directive is also notable for what it leaves alone. It does not, despite the breathless framing in some early coverage, restrict Claude Code, Cursor, Aider, or any other developer tool that uses Claude as its default model. Those tools fall back to Opus 4.8, Sonnet, or Haiku, all of which are unaffected. The order is targeted at the two model versions, not at the ecosystem around them, and the practical impact on a typical TypeScript or JavaScript developer is minimal unless their tool had been silently routing to Fable 5 for the hardest long-horizon refactors.
The order also does not block Anthropic from training or releasing future model versions. The Mythos 6 announcement, if it materializes, is not directly affected. The order is a deployment suspension, not a development prohibition, and the company continues to work on its frontier model roadmap in the same way it did before the directive landed.
The order does not, finally, require any change to Anthropic's data retention policy for the affected models. The 30-day retention requirement that shipped with Fable 5 was part of the product, not a condition of the order, and it stops applying the moment the model is removed from the surface. This is a small but real privacy win for enterprise buyers who had flagged the 30-day retention as a procurement blocker.
The technical question: what is a "narrow, non-universal jailbreak"
The most consequential part of the order, and the part Anthropic is contesting most loudly, is the technical characterization. The order's stated concern is a "method of bypassing, or 'jailbreaking' Fable 5." Anthropic's reading of the underlying finding, which the government shared verbally rather than in writing, is that the technique is narrow: it does not generalize across prompts, it does not unlock broad cyber capabilities, and it requires the model to be asked to do something that is also possible with OpenAI's GPT-5.5 and other public models without any bypass at all.
The non-universal qualifier is the operative one. A universal jailbreak is a technique that works across a wide range of prompts and unlocks a wide range of capabilities, which is what the Fable launch post described as the threat model the company designed against. A non-universal jailbreak is a technique that works in narrow circumstances and unlocks narrow capabilities, which is the class of finding that the Fable launch post itself said was an expected outcome of operating a frontier model. The exact language from the launch post, quoted in Anthropic's statement, is that "perfect jailbreak resistance is not currently possible for any model provider" and that "every safeguard used in the industry is vulnerable to non-universal jailbreaks."
The technique Anthropic describes, in the same statement, is "essentially consists of asking the model to read a specific codebase and fix any software flaws." That is, the order is about a way of using the model that is functionally indistinguishable from the way a defender would use it to harden a system, and that is also a capability available without any jailbreak in other public models. The order is, in Anthropic's framing, pulling a model for being usable in the way it was designed to be usable, on the basis of a finding that the same use case is widely available elsewhere.
Anthropic is not contesting the government's legal authority to block a deployment. The company is contesting the technical characterization. The position is that pulling a commercial model for this class of finding sets a bar the entire industry cannot meet, because the Fable launch post itself said the bar was unmeetable. The position is also procedural: the company is asking for a "statutory process that is transparent, fair, clear, and grounded in technical facts" before the standard is applied industry-wide.
Project Glasswing, and the cost of pulling a model out from under a coalition
The part of the story that has gotten the least coverage is what the order does to Project Glasswing, the thirteen-company coalition that Anthropic announced on April 7 and that uses Mythos 5 as its working model. The thirteen partners are AWS, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, and the program was built around co-located red-teaming where engineers from multiple companies work the same model in the same sessions on the same vulnerability reports.
The order does not remove the institutional access the program grants. The thirteen partners are all US-headquartered entities, and as such they are US persons under the export control definition. Their access to the model, at the corporate level, continues. What changes is who, within those institutions, can actually use it. Every foreign national on a Glasswing engineer's team, and there are many of them at companies with the global headcount of Microsoft, Google, AWS, Apple, or JPMorganChase, loses their seat. For a coalition built on co-located red-teaming, that is a meaningful operational cut even though the membership list is unchanged.
The order also does not, for now, affect the broader Mythos Preview access pathway that some Glasswing participants had been using for the three months between Mythos Preview's release and Fable 5's launch. That surface continues to operate, and the work that was being done on it before June 9 continues in the same form. The affected surface is specifically the Fable 5 and Mythos 5 model versions, not the wider Mythos product family.
The export control mechanism, in one paragraph
The legal authority the order relies on is the same authority that governs the export of dual-use software, encryption technology, and certain categories of artificial intelligence. The Export Administration Regulations (EAR) cover items subject to the Export Control Reform Act of 2018, including software and technology that can be transmitted electronically. A "release" of controlled technology to a foreign national located anywhere in the world, including inside the United States, is treated as an export to that person's country of nationality under what is called the "de minimis" rule. The order is invoking this framework to require Anthropic to ensure that Fable 5 and Mythos 5 are not released to any foreign national, regardless of where that person is sitting when they make the API call.
The interesting legal question, which the order does not resolve and which is likely to be litigated if the suspension is extended, is whether a US-hosted API call that returns model output to a foreign national counts as a release of controlled technology in the first place. The EAR was written before the cloud existed, and the application of its framework to API-based AI services is genuinely novel. The Fable directive will be studied by every other major jurisdiction as a test case for how export control law applies to frontier model deployments, and the answer will shape how OpenAI, Google, xAI, Mistral, and every other provider with a US-hosted API surface plans their own compliance posture.
What Anthropic is asking for, and what happens next
The dispute is mostly procedural. Anthropic's position, carefully stated, is that the government should have the ability to block unsafe deployments but that the blocking should happen "as part of a statutory process that is transparent, fair, clear, and grounded in technical facts." The company is not arguing that the order is unconstitutional or that the government lacks the legal authority to issue it. It is arguing that the order should have followed a process, and that the technical finding on which the order is based is not, on the company's own review, the kind of finding that justifies the action taken.
The next 24 hours, which the statement flagged as a window for more detail, will be the first signal of where the dispute goes. Three paths are open. First, the government and Anthropic could negotiate a narrower directive that targets a specific capability or a specific user category rather than a class of person, which would let Anthropic bring the model back online for the bulk of its customer base. Second, the order could be extended or modified, with the dispute moving into the courts or into a regulatory process. Third, the order could simply lapse, with the suspension continuing in practice but without a formal extension, leaving the model in a state of indefinite limbo.
The most likely outcome, based on how similar disputes have played out in other regulated industries, is some combination of the first and the third. A negotiated narrowing is faster and cheaper for both sides than a court fight, and an indefinite limbo is the default state for any regulatory action that neither party has an incentive to resolve quickly. The clock is, in a real sense, in the hands of the US government, and the next 24 hours will tell us whether the clock is short or long.
What to watch
For the next week, the most important signals are: whether Anthropic publishes the additional technical details it has promised; whether the order is contested in court or in a regulatory forum; whether other US-hosted frontier model providers receive comparable directives; whether the EU, UK, or China issues a response or a reciprocal action; and whether Glasswing partners make any public statement about the operational impact on their teams. The story is not over, and the next 24 hours are the first window in which the trajectory will become clear.
For a typical TypeScript or JavaScript developer, the practical impact is, for now, the same as it was before the deep dive. Claude Code, Cursor, Aider, Continue, Cline, and the other coding surfaces are unaffected. The strongest Claude models, Fable 5 and Mythos 5, are gone for the duration of the suspension. The mid-tier Claude surface is the safe fallback. The 30-day data retention policy is no longer in effect for the affected models. And the frontier model industry is, for the first time, learning in real time what it looks like when the export control regime catches up with the cloud.
