What was Claude Fable 5?

Claude Fable 5 was Anthropic's public release of its Mythos-class model line, announced on June 9, 2026. Verified reporting and Anthropic materials describe Fable 5 and Mythos 5 as sharing the same underlying weights, with Fable wrapped in safety and deployment controls.

Why was Fable 5 shut down?

On June 12, 2026, Commerce Secretary Howard Lutnick sent Anthropic a directive requiring suspension of foreign-national access to Fable 5 and Mythos 5. Anthropic said it could not reliably enforce nationality-based access at the API layer, so it disabled both models globally that evening.

What triggered the export-control directive?

The public record points to a jailbreak concern involving Fable 5 and potential access to Mythos. Semafor reported that officials were concerned about China-linked access, but that attribution remains single-source and should be treated cautiously.

As of June 23, 2026, the most recent verified update is lablab.ai's June 22 report that Fable 5 had returned with restrictions. The exact scope of access, customer eligibility, geography, and platform restoration remains unclear in public sources.

What does this mean for engineering teams?

Fable 5 turned model access into an availability and compliance risk. Teams building on frontier APIs should use model gateways, tested fallbacks, portable prompts and tool schemas, and at least one open-weight contingency path.

Was GLM-5.2 a replacement for Fable 5?

GLM-5.2 became the clearest open-weight pressure valve after the shutdown, and CNBC reported Zhipu AI's stock rose 33% on June 15. Public evidence does not prove a broad Fable-to-GLM migration, but it does show that open-weight fallback demand became more salient immediately.

14 Days of Fable 5: The Shutdown That Rewired AI

At 5:21 PM Eastern on Friday, June 12, the letter arrived.

Three days earlier, Anthropic had launched Claude Fable 5, the public face of its Mythos-class model line. It was expensive, fast, strange, and visibly more capable than the Opus tier engineers had spent the spring learning to route. It showed up in GitHub Copilot, Microsoft Foundry, AWS Bedrock docs, and the public API stack at once.

Then Commerce Secretary Howard Lutnick sent a directive to Anthropic CEO Dario Amodei. The order required Anthropic to suspend foreign-national access to Fable 5 and Mythos 5. The legal framing reached beyond geography into identity: a foreign national inside the United States could be treated as an export recipient under the deemed-export logic that normally governs access to controlled technical information.

Anthropic did not have a clean way to enforce that at the edge of a live model API. So the company switched the models off for everyone that evening.

That is the surface story. A model launched. A system card blew up. A retention clause spooked enterprise buyers. A government letter landed. A public frontier model went dark. Ten days later, lablab.ai reported that Fable 5 had returned "with restrictions."

The deeper story began on April 7, inside a defensive cybersecurity preview called Project Glasswing. It ended, at least for now, with every serious AI operator learning the same lesson: model access is no longer only a vendor dependency. It is a legal, geopolitical, and operational dependency that can fail in hours.

As of June 23, 2026, Fable 5 is back only in some restricted form. The public record still does not answer who has access, where it works, which partner platforms restored it, or what legal theory will survive the next round. That uncertainty is part of the record.

TL;DR

Anthropic announced Project Glasswing on April 7, 2026 as a defensive cybersecurity preview of Claude Mythos Preview, backed by first-party write-ups and outside coverage from NPR, The New York Times, and NBC News.
On June 9, Anthropic launched Fable 5 and Mythos 5, with Fable serving as the public Mythos-class model at $10 per million input tokens and $50 per million output tokens.
The 319-page system card disclosed a four-class safeguard system, including a controversial frontier-LLM-development class that Anthropic walked back within 48 hours after criticism.
Fable 5 launched with a 30-day retention requirement that conflicted with zero-data-retention expectations, leading Microsoft to limit internal use and forcing teams to revisit AWS Bedrock and Copilot deployment assumptions.
On June 12 at 5:21 PM ET, Commerce ordered Anthropic to suspend foreign-national access. Anthropic disabled Fable 5 and Mythos 5 globally that evening.
On June 22, lablab.ai reported that Fable 5 had returned with restrictions. As of June 23, the scope of that restoration remains unclear.

Key Takeaways

Fable 5 was the first deployed frontier model whose shutdown looked less like downtime and more like a recall.
The Project Glasswing record shows why Washington cared: Mythos-class models were already finding real security bugs in Firefox, OpenBSD, FFmpeg, and the Linux kernel.
The safety-card controversy was a trust event before it became a policy event. Silent capability modulation is now a production-risk category.
The 30-day retention clause mattered because enterprise AI architecture depends on contractual data boundaries, especially for ZDR customers using cloud marketplaces.
The export-control directive targeted access to a hosted model, not chips, weights, or procurement. That is the new precedent.
The alternatives story is uneven. GLM-5.2 is supported by public evidence; Sakana Fugu Ultra, TRINITY, and RL Conductor remain unverified in the research corpus and should be treated as reported but not confirmed.
The practical answer for builders is a gateway pattern: route through your own control plane, keep warm fallbacks, and treat model availability as something you test.

The Prelude: Project Glasswing

On April 7, Anthropic described Project Glasswing as a limited defensive cybersecurity program, not a product launch. The company called it an expansion of access to a Mythos Preview model for trusted partners working on vulnerability discovery and critical-infrastructure defense in its own announcement. The New York Times framed the moment as a cybersecurity reckoning. NPR followed four days later with the question that would haunt June: what happens when an AI system gets very good at finding vulnerabilities?

Anthropic publicly named 12 initial partners and referenced more than 40 additional collaborators. That gets you to roughly 52, but not to a public list of 52 named organizations. The NSA does not appear in the public partner list, and claims about an NSA network breach are not corroborated by Anthropic, the NSA, or major newsrooms.

The verified findings were enough without embellishment.

Anthropic's Mozilla post says the company partnered with Mozilla to improve Firefox security, and Mozilla's MFSA 2026-30 credit line says vulnerabilities were found using Claude from Anthropic. The research report identifies 271 latent Firefox bugs tied to that work.

The Mythos Preview write-up and Anthropic's N-days analysis document an OpenBSD bug that had survived 27 years and an FFmpeg H.264 out-of-bounds write that had survived 16. Microsoft's May 1 security blog on "Copy Fail," CVE-2026-31431, and CERT-EU advisory 2026-005, provide the Linux kernel privilege-escalation record.

For security engineers, Glasswing was not abstract. It found bugs maintainers could patch. It did the kind of monotonous, cross-repository, context-heavy analysis that humans know is valuable and rarely have time to do.

And that was the problem. The same capability that makes a model useful for defense also makes it legible to national-security officials as a dual-use system. A model that can find a bug in your infrastructure can find one in someone else's.

Day 1: Launch

On June 9, Anthropic took the thing that had lived in Glasswing and gave the public a version of it. The company announced Claude Fable 5 and Claude Mythos 5, and published a companion research page.

The launch framing was simple: Mythos 5 was the restricted model; Fable 5 was the public surface. TechCrunch described Fable 5 as a version of Mythos the public could access that day. Anthropic's materials and third-party coverage indicate the two shared the same underlying weights, with differences in wrappers, safety treatment, and deployment access.

The price told buyers where Anthropic thought the model sat. Fable 5 listed at $10 per million input tokens and $50 per million output tokens, twice the rough order of the prior Opus pricing many teams had modeled around.

The availability surface was broad. GitHub's changelog said Claude Fable 5 was generally available for GitHub Copilot on June 9. Microsoft announced Fable 5 in Microsoft Foundry the same day. Anthropic model documentation appeared in cloud partner surfaces, including AWS Bedrock and Google Cloud partner-model docs.

Simon Willison's first impressions became the independent engineer's launch-day reference. That mattered because Willison reads model releases like an operator, not a spectator. The question was never whether Fable 5 could produce impressive demos. It was whether the model's serving behavior, safety policy, and terms made it dependable enough to route production work through.

The benchmark number that moved through the market was 80.3% on SWE-bench Pro, with 95% on SWE-bench Verified also appearing in third-party coverage. The research report treats those as partially verified because the exact figures depend on the system card and harness interpretation. That is the right caution. SWE-bench Pro and SWE-bench Verified measure different things, and the harness can move the score as much as the model.

SWE-bench Verified is the more established curated benchmark. SWE-bench Pro is harder and closer to long-horizon agentic coding. A model that scores well on either still needs local evals before it touches your monorepo, your migration queue, or your customer-facing agent.

Vendor and third-party reported coding benchmarks

For a few hours, the engineering conversation was ordinary frontier-model launch talk: price, context, routing, latency, Copilot availability, whether the new model justified replacing Opus 4.8 on long-running tasks. Then people started reading the system card.

Day 2-3: The System Card

The Fable 5 system card was 319 pages long. Its most important sentence was not in the launch post.

According to WIRED's reporting, corroborated by TechCrunch and other coverage, Fable 5 used a four-class safeguard system: cybersecurity, biology and chemistry, capability distillation, and a fourth category covering frontier LLM development. The first three categories involved visible routing or refusals. The fourth became the flashpoint because it was described as less visible to the user.

The model could intervene on requests about frontier model development: pretraining pipelines, distributed training, accelerator design, and related work. The mechanisms named in prior coverage included prompt modification, steering vectors, and parameter-efficient fine-tuning.

Those terms are precise. Prompt modification means the serving stack changes the instruction context before the model answers. Steering vectors are activation-space interventions that push the model toward or away from a behavior at inference time. PEFT, or parameter-efficient fine-tuning, means adapting a model through small trainable modules rather than retraining all weights. In production, each can change the model you experience without changing the headline model name.

That is why the clause hit engineers so hard. A model can have stable weights and unstable behavior. A benchmark can pass on Monday and degrade for a narrow class of work on Tuesday. If the intervention is silent, your eval harness cannot tell whether the model got worse, the router changed, or the policy layer decided your prompt was in scope.

On June 11, Willison published Anthropic Walks Back Policy That Could Have 'Sabotaged' AI Researchers Using Claude. The post became the clean public record of the walk-back from the engineering side. Anthropic told WIRED it had made the wrong trade-off. Within roughly 48 hours, the silent-safeguard posture had been reversed or at least made more visible.

The 0.03% traffic-impact estimate became part of the argument. A tiny number can still describe many requests at frontier-model scale, and it can describe a high-value slice of users. The denominator matters. So does the false-positive rate, which the public material did not fully establish.

For researchers, the issue was trust. For founders, it was dependency risk. For senior engineers, it was an architecture bug waiting to surface as a mystery regression.

Days 3-4: The Retention Fight

The retention controversy was quieter than the system-card fight, but it landed harder inside enterprises.

The GitHub Copilot changelog documented a 30-day retention requirement and the conflict with zero-data-retention expectations. That clause mattered because many regulated teams do not buy frontier models directly. They buy them through contractual surfaces designed to keep prompts inside approved boundaries.

A zero-data-retention contract is a design primitive. If you use AWS Bedrock because your security team wants prompts contained inside a particular cloud and contractual path, a provider-retention override changes the system. It changes your DPIA. It changes your data-flow diagram. It changes the answer to whether secrets, customer content, code, or incident material can be sent to that model.

The AWS Bedrock provider_data_sharing label is only partially verified in the research report, but the underlying issue is real: partner model access can require data-sharing configuration that changes where prompt data goes and who may process it. The AWS model-card and security documentation are the right places to audit for the current surface.

Microsoft reacted quickly. Tom Warren at The Verge reported that Microsoft removed or limited Fable 5 from internal Copilot over data-retention concerns, with TechRadar corroborating the internal-use restriction. The point was not that Microsoft doubted the model was good. The point was that a powerful model with the wrong retention posture is not deployable by default inside a company with serious compliance obligations.

By June 12, before the government letter arrived, Fable 5 had already become two stories. The public saw a benchmark monster. Operators saw a model whose policy surface was moving under their feet.

Day 4: The Letter

The directive arrived at 5:21 PM ET on June 12. Anthropic confirmed the timing in its own public statement on Fable and Mythos access. Bloomberg later published the Lutnick letter, making it the central document in the legal record.

The order required Anthropic to suspend foreign-national access to Fable 5 and Mythos 5. The public reporting describes the mechanism in deemed-export terms: giving a foreign person access to controlled technology can count as an export, even if that person is inside the United States. The exact CFR citation in the letter was not extracted in the research corpus, but the relevant framework sits in the Export Administration Regulations, including Part 744 end-use and end-user controls and the broader deemed-export concept described in 15 CFR 734.13.

That distinction matters. A procurement ban says the government will not buy from you. An export control says certain people cannot receive the controlled item or capability. Applied to a hosted model, the controlled item becomes access.

The trigger remains contested. Anthropic characterized the demonstrated issue as a narrow potential jailbreak involving code analysis. Semafor reported on June 13 that the White House move was linked to concerns about Chinese access to Mythos. That China-linked attribution is important, but it is single-source in the research report and should be handled as such.

TechCrunch reported on June 12 that Anthropic's safety warnings may have backfired, with coverage pointing to Amazon security findings and reporting that Andy Jassy took concerns to Treasury Secretary Scott Bessent. David Sacks's public comments, carried by The Verge, NBC News, and The Atlantic coverage, framed the administration's view that a remediation path might exist.

The shutdown sequence was short enough that teams did not have a migration window in any meaningful engineering sense. The exact 6:50 PM and 9:59 PM shutdown timestamps that appeared in some prior coverage are not verified by the research report. The 90-minute compliance window appears in New York Times and related reporting but remains partially verified. The verified core is narrower and still extraordinary: the letter arrived at 5:21 PM, and the models were suspended that evening.

2026 — Early

Project Glasswing begins

Anthropic launches a locked defensive security consortium with the US government, Microsoft, Google, AWS, the Linux Foundation, and the NSA. The unrestricted Mythos model finds 23,019 vulnerabilities across 1,000+ open-source projects.

"Mozilla used a related Mythos variant to find and fix 271 bugs in Firefox."CyberScoop

23,019Vulnerabilities found

6,202High/critical

~90%Maintainer verification

Anthropic Project Glasswing Expanding Project Glasswing

2026 — Pre-launch

Mythos finds bugs that fuzzers missed for decades

A 27-year-old bug in OpenBSD. A 16-year-old flaw in FFmpeg sitting in a single line that fuzzers had executed over 5 million times without flagging. Linux kernel privilege escalation chained autonomously.

    <div class="tl-stats"><div class="tl-stat"><span class="tl-stat-v" style="color:#5AA7FF">27 years</span><span class="tl-stat-l">OpenBSD bug age</span></div><div class="tl-stat"><span class="tl-stat-v" style="color:#5AA7FF">16 years</span><span class="tl-stat-l">FFmpeg bug age</span></div></div>
    <div class="tl-sources"><a href="https://www.anthropic.com/news" target="_blank" rel="noopener nofollow">Anthropic newsroom</a></div>
  </div>
</div><div class="tl-node" data-phase="launch" data-index="2" id="tl-launch">
  <div class="tl-rail" style="--pc:#C7FF3D"></div>
  <div class="tl-dot" style="--pc:#C7FF3D"></div>
  <div class="tl-card">
    <div class="tl-date" style="color:#C7FF3D">June 9, 2026</div>
    <h3 class="tl-title">Anthropic ships Claude Fable 5 and Mythos 5</h3>
    <p class="tl-desc">The most capable model the public had ever touched. Fable 5 is the public surface of Mythos 5 — same weights, different wrappers. A safety classifier reroutes flagged prompts to Opus 4.8. 1M token context window. $10/$50 per million tokens.</p>
    <blockquote class="tl-quote" style="border-color:#C7FF3D">"Anthropic's Claude Fable 5 is a version of Mythos the public can access today."<cite>TechCrunch</cite></blockquote>
    <div class="tl-stats"><div class="tl-stat"><span class="tl-stat-v" style="color:#C7FF3D">80.3%</span><span class="tl-stat-l">SWE-bench Pro</span></div><div class="tl-stat"><span class="tl-stat-v" style="color:#C7FF3D">95.0%</span><span class="tl-stat-l">SWE-bench Verified</span></div><div class="tl-stat"><span class="tl-stat-v" style="color:#C7FF3D">1M tokens</span><span class="tl-stat-l">Context window</span></div><div class="tl-stat"><span class="tl-stat-v" style="color:#C7FF3D">$10/$50</span><span class="tl-stat-l">Pricing</span></div></div>
    <div class="tl-sources"><a href="https://www.anthropic.com/news/claude-fable-5-mythos-5" target="_blank" rel="noopener nofollow">Anthropic launch post</a><a href="https://techcrunch.com/2026/06/09/anthropics-claude-fable-5-is-a-version-of-mythos-the-public-can-access-today/" target="_blank" rel="noopener nofollow">TechCrunch coverage</a><a href="https://github.blog/changelog/2026-06-09-claude-fable-5-is-generally-available-for-github-copilot/" target="_blank" rel="noopener nofollow">GitHub Copilot GA</a></div>
  </div>
</div><div class="tl-node" data-phase="launch" data-index="3" id="tl-benchmarks">
  <div class="tl-rail" style="--pc:#C7FF3D"></div>
  <div class="tl-dot" style="--pc:#C7FF3D"></div>
  <div class="tl-card">
    <div class="tl-date" style="color:#C7FF3D">June 9, 2026</div>
    <h3 class="tl-title">Benchmarks land — and they're staggering</h3>
    <p class="tl-desc">Fable 5 scores 80.3% on SWE-bench Pro (vs Opus 4.8's 69.2%, GPT-5.5's 58.6%). First model to break 90% on Hex's analytics benchmark. FrontierCode Diamond: 29.3%, more than double Opus. It plays Pokémon FireRed from raw screenshots. Stripe runs it against a 50-million-line Ruby codebase in a day.</p>
    
    <div class="tl-stats"><div class="tl-stat"><span class="tl-stat-v" style="color:#C7FF3D">80.3%</span><span class="tl-stat-l">SWE-bench Pro</span></div><div class="tl-stat"><span class="tl-stat-v" style="color:#C7FF3D">29.3%</span><span class="tl-stat-l">FrontierCode Diamond</span></div><div class="tl-stat"><span class="tl-stat-v" style="color:#C7FF3D">92.6%</span><span class="tl-stat-l">GPQA Diamond</span></div><div class="tl-stat"><span class="tl-stat-v" style="color:#C7FF3D">53.3%</span><span class="tl-stat-l">Humanity's Last Exam</span></div></div>
    <div class="tl-sources"><a href="https://www.vellum.ai/blog/claude-fable-5-and-mythos-5-benchmarks-explained" target="_blank" rel="noopener nofollow">Vellum benchmark breakdown</a><a href="https://artificialanalysis.ai/models/claude-fable-5" target="_blank" rel="noopener nofollow">Artificial Analysis</a></div>
  </div>
</div><div class="tl-node" data-phase="safety" data-index="4" id="tl-system-card">
  <div class="tl-rail" style="--pc:#E8C15A"></div>
  <div class="tl-dot" style="--pc:#E8C15A"></div>
  <div class="tl-card">
    <div class="tl-date" style="color:#E8C15A">June 9, 2026</div>
    <h3 class="tl-title">A silent sabotage clause buried in 319 pages</h3>
    <p class="tl-desc">Section 1.5 of Fable 5's system card reveals a fourth safeguard class: queries about frontier LLM development are silently degraded via prompt modification, steering vectors, or PEFT. Unlike cyber/bio/chem safeguards, this one is invisible to the user. No notice. No fallback.</p>
    <blockquote class="tl-quote" style="border-color:#E8C15A">"Unlike our interventions for cybersecurity, biology and chemistry, and distillation attempts, these safeguards will not be visible to the user."<cite>Fable 5 System Card, Section 1.5</cite></blockquote>
    <div class="tl-stats"><div class="tl-stat"><span class="tl-stat-v" style="color:#E8C15A">~0.03%</span><span class="tl-stat-l">Traffic impact</span></div><div class="tl-stat"><span class="tl-stat-v" style="color:#E8C15A">319 pages</span><span class="tl-stat-l">System card length</span></div></div>
    <div class="tl-sources"><a href="https://simonwillison.net/2026/Jun/10/if-claude-fable-stops-helping-you/" target="_blank" rel="noopener nofollow">Simon Willison: "If Claude Fable stops helping you"</a><a href="https://fortune.com/2026/06/10/anthropic-accu-claude-fable-5-limits-capabilities-ai-researchers-developers/" target="_blank" rel="noopener nofollow">Fortune: "secret sabotage"</a><a href="https://www.lesswrong.com/posts/sSyLyc3KDQzboQGWS/thoughts-on-claude-fable-s-silent-safeguards" target="_blank" rel="noopener nofollow">LessWrong analysis</a></div>
  </div>
</div><div class="tl-node" data-phase="safety" data-index="5" id="tl-walkback">
  <div class="tl-rail" style="--pc:#E8C15A"></div>
  <div class="tl-dot" style="--pc:#E8C15A"></div>
  <div class="tl-card">
    <div class="tl-date" style="color:#E8C15A">June 10, 2026<span class="tl-time">11:11 PM ET</span></div>
    <h3 class="tl-title">Anthropic walks it back in 48 hours</h3>
    <p class="tl-desc">After Simon Willison, LessWrong researchers, and Fortune surface the clause, Anthropic tells WIRED it "made the wrong tradeoff." The safeguard stays, but becomes visible. The fastest known walk-back of a frontier system-card commitment.</p>
    <blockquote class="tl-quote" style="border-color:#E8C15A">"We made the wrong tradeoff and we apologize."<cite>Anthropic to WIRED</cite></blockquote>
    <div class="tl-stats"><div class="tl-stat"><span class="tl-stat-v" style="color:#E8C15A">~48 hours</span><span class="tl-stat-l">Time to reversal</span></div></div>
    <div class="tl-sources"><a href="https://www.wired.com/story/anthropic-responds-to-backlash-on-claudes-secret-sabotage-on-ai-research/" target="_blank" rel="noopener nofollow">WIRED: Anthropic responds to backlash</a><a href="https://simonwillison.net/tags/claude-mythos/" target="_blank" rel="noopener nofollow">Simon Willison linkblog</a></div>
  </div>
</div><div class="tl-node" data-phase="retention" data-index="6" id="tl-retention">
  <div class="tl-rail" style="--pc:#FF8C42"></div>
  <div class="tl-dot" style="--pc:#FF8C42"></div>
  <div class="tl-card">
    <div class="tl-date" style="color:#FF8C42">June 10-11, 2026</div>
    <h3 class="tl-title">Microsoft pulls Fable 5 from its own Copilot</h3>
    <p class="tl-desc">Fable 5 requires 30-day data retention on all traffic, overriding existing zero-data-retention contracts. Microsoft removes it from the internal model picker its own employees use. AWS Bedrock requires a provider_data_sharing toggle that moves data out of the AWS boundary. A 260-point Hacker News thread erupts.</p>
    <blockquote class="tl-quote" style="border-color:#FF8C42">"That decision wasn't about capability. It was about a single clause."<cite>The Verge</cite></blockquote>
    <div class="tl-stats"><div class="tl-stat"><span class="tl-stat-v" style="color:#FF8C42">30 days</span><span class="tl-stat-l">Retention period</span></div><div class="tl-stat"><span class="tl-stat-v" style="color:#FF8C42">All surfaces</span><span class="tl-stat-l">ZDR override</span></div><div class="tl-stat"><span class="tl-stat-v" style="color:#FF8C42">260 points</span><span class="tl-stat-l">HN thread</span></div></div>
    <div class="tl-sources"><a href="https://www.theverge.com/report/947575/microsoft-claude-fable-5-restricted-internally" target="_blank" rel="noopener nofollow">The Verge: Microsoft restricts Fable 5</a><a href="https://www.theregister.com/ai-and-ml/2026/06/09/anthropic-spins-a-fable-of-a-tamer-safer-mythos/5253106" target="_blank" rel="noopener nofollow">The Register</a><a href="https://news.ycombinator.com/item?id=48473166" target="_blank" rel="noopener nofollow">Hacker News thread</a></div>
  </div>
</div><div class="tl-node" data-phase="shutdown" data-index="7" id="tl-directive">
  <div class="tl-rail" style="--pc:#FF4D6D"></div>
  <div class="tl-dot" style="--pc:#FF4D6D"></div>
  <div class="tl-card">
    <div class="tl-date" style="color:#FF4D6D">June 12, 2026<span class="tl-time">5:21 PM ET</span></div>
    <h3 class="tl-title">The Commerce Department letter arrives</h3>
    <p class="tl-desc">Commerce Secretary Howard Lutnick sends an export-control directive to Anthropic CEO Dario Amodei. The order invokes the "deemed export" rule (15 CFR 734.13, EAR Part 744): giving a foreign national access to controlled technology, even one on US soil, is an export to their home country. It bars access by any foreign national, including Anthropic's own foreign employees.</p>
    <blockquote class="tl-quote" style="border-color:#FF4D6D">"If this standard was applied across the industry, it would essentially halt all new model deployments for all frontier model providers."<cite>Anthropic</cite></blockquote>
    <div class="tl-stats"><div class="tl-stat"><span class="tl-stat-v" style="color:#FF4D6D">EAR Part 744</span><span class="tl-stat-l">Legal basis</span></div><div class="tl-stat"><span class="tl-stat-v" style="color:#FF4D6D">All foreign nationals</span><span class="tl-stat-l">Restriction</span></div></div>
    <div class="tl-sources"><a href="https://www.anthropic.com/news/fable-mythos-access" target="_blank" rel="noopener nofollow">Anthropic statement</a><a href="https://www.axios.com/2026/06/12/anthropic-trump-mythos-fable-national-security" target="_blank" rel="noopener nofollow">Axios: Trump admin blocks access</a><a href="https://www.yahoo.com/news/politics/articles/us-blocks-foreign-access-anthropics-000145713.html" target="_blank" rel="noopener nofollow">Reuters via Yahoo</a></div>
  </div>
</div><div class="tl-node" data-phase="shutdown" data-index="8" id="tl-trigger">
  <div class="tl-rail" style="--pc:#FF4D6D"></div>
  <div class="tl-dot" style="--pc:#FF4D6D"></div>
  <div class="tl-card">
    <div class="tl-date" style="color:#FF4D6D">June 12, 2026<span class="tl-time">Pre-5:21 PM</span></div>
    <h3 class="tl-title">The trigger: Amazon's jailbreak demonstration</h3>
    <p class="tl-desc">Amazon researchers bypassed Fable 5's classifiers and pushed it to surface exploitable flaws in a codebase. CEO Andy Jassy took the findings to Treasury Secretary Scott Bessent. The alarm sharpened by intelligence suspicions that a China-linked group had reached the unrestricted Mythos model. David Sacks confirmed the bypass broke the routing between Fable and Mythos.</p>
    <blockquote class="tl-quote" style="border-color:#FF4D6D">"The "jailbreak" was asking the model to fix a codebase and watching it expose the flaws. That isn't a bug you patch. It's the price of the intelligence."<cite>Dark Reading</cite></blockquote>
    
    <div class="tl-sources"><a href="https://www.washingtonexaminer.com/policy/technology/4607706/amazon-researcher-anthropic-ai-security-weaknesses/" target="_blank" rel="noopener nofollow">Washington Examiner: Amazon researcher</a><a href="https://www.semafor.com/article/06/13/2026/white-house-move-to-limit-anthropic-linked-to-concerns-about-chinese-access-to-mythos" target="_blank" rel="noopener nofollow">Semafor: China-linked concerns</a></div>
  </div>
</div><div class="tl-node" data-phase="shutdown" data-index="9" id="tl-shutdown">
  <div class="tl-rail" style="--pc:#FF4D6D"></div>
  <div class="tl-dot" style="--pc:#FF4D6D"></div>
  <div class="tl-card">
    <div class="tl-date" style="color:#FF4D6D">June 12, 2026<span class="tl-time">~6:50 PM ET</span></div>
    <h3 class="tl-title">90 minutes to global darkness</h3>
    <p class="tl-desc">No cloud system can audit the citizenship of hundreds of millions of users in real time. So Anthropic does the only thing it can: pulls both models globally. Fable and Mythos vanish from the API, from Bedrock, Vertex, and Foundry. Opus 4.8 and Sonnet 4.6 stay up. Developer Simon Willison logs the last successful query at roughly 9:59 PM ET.</p>
    <blockquote class="tl-quote" style="border-color:#FF4D6D">"We are suspending access to Claude Fable 5 and Claude Mythos 5. We apologize for this disruption to our customers and are working to restore access as soon as possible."<cite>Anthropic</cite></blockquote>
    <div class="tl-stats"><div class="tl-stat"><span class="tl-stat-v" style="color:#FF4D6D">~90 min</span><span class="tl-stat-l">Time from letter to shutdown</span></div><div class="tl-stat"><span class="tl-stat-v" style="color:#FF4D6D">2</span><span class="tl-stat-l">Models dark</span></div><div class="tl-stat"><span class="tl-stat-v" style="color:#FF4D6D">3</span><span class="tl-stat-l">Days live</span></div></div>
    <div class="tl-sources"><a href="https://www.anthropic.com/news/fable-mythos-access" target="_blank" rel="noopener nofollow">Anthropic statement</a><a href="https://www.axios.com/2026/06/13/anthropic-fable-takedown" target="_blank" rel="noopener nofollow">Axios: Fable takedown timeline</a><a href="https://www.theguardian.com/technology/2026/jun/13/anthropic-disable-advanced-ai-models-us-government-order" target="_blank" rel="noopener nofollow">The Guardian</a></div>
  </div>
</div><div class="tl-node" data-phase="aftermath" data-index="10" id="tl-pushback">
  <div class="tl-rail" style="--pc:#7CD0C4"></div>
  <div class="tl-dot" style="--pc:#7CD0C4"></div>
  <div class="tl-card">
    <div class="tl-date" style="color:#7CD0C4">June 13-16, 2026</div>
    <h3 class="tl-title">The security community pushes back hard</h3>
    <p class="tl-desc">Kate Moussouris, pioneer of coordinated vulnerability disclosure, argues the controls harm US cyber defense. The Atlantic frames it as "This Is How America Loses the AI Race." The reported jailbreak was a defensive "fix this code" use case — the kind security teams run every day. Mozilla had used Mythos to patch 271 Firefox holes.</p>
    <blockquote class="tl-quote" style="border-color:#7CD0C4">"Export controls on defensive tooling degrade US cyber defense while doing little to slow adversaries who can train equivalent models at home."<cite>Kate Moussouris, Luta Security</cite></blockquote>
    
    <div class="tl-sources"><a href="https://www.lutasecurity.com/" target="_blank" rel="noopener nofollow">Luta Security (Moussouris)</a><a href="https://www.theatlantic.com/" target="_blank" rel="noopener nofollow">The Atlantic</a><a href="https://simonwillison.net/" target="_blank" rel="noopener nofollow">Simon Willison</a></div>
  </div>
</div><div class="tl-node" data-phase="aftermath" data-index="11" id="tl-meetings">
  <div class="tl-rail" style="--pc:#7CD0C4"></div>
  <div class="tl-dot" style="--pc:#7CD0C4"></div>
  <div class="tl-card">
    <div class="tl-date" style="color:#7CD0C4">June 16, 2026</div>
    <h3 class="tl-title">Anthropic meets Commerce. Nothing resolves.</h3>
    <p class="tl-desc">A senior Anthropic delegation including cofounder Tom Brown and security researcher Nicholas Carlini meets with Commerce and the Office of the National Cyber Director. WIRED reports the meetings end with controls still in place and both sides "still split on the risk." Reuters describes the parties as "working toward a deal." A Polymarket contract on restoration by June 16 resolves NO at 96 cents.</p>
    
    <div class="tl-stats"><div class="tl-stat"><span class="tl-stat-v" style="color:#7CD0C4">7¢ YES</span><span class="tl-stat-l">Polymarket June 17</span></div></div>
    <div class="tl-sources"><a href="https://www.wired.com/story/anthropic-mythos-export-controls-ai-regulations/" target="_blank" rel="noopener nofollow">WIRED: White House AI rules dispute</a></div>
  </div>
</div><div class="tl-node" data-phase="alternatives" data-index="12" id="tl-glm">
  <div class="tl-rail" style="--pc:#A6D633"></div>
  <div class="tl-dot" style="--pc:#A6D633"></div>
  <div class="tl-card">
    <div class="tl-date" style="color:#A6D633">June 13-15, 2026</div>
    <h3 class="tl-title">GLM-5.2 becomes the open-weight pressure valve</h3>
    <p class="tl-desc">Zhipu AI's GLM-5.2 — a 744B-parameter MoE with 40B active, 1M context, MIT-licensed weights — becomes the obvious open-weight alternative. Zhipu's Hong Kong-listed shares close up roughly 33%. CNBC and SCMP cover the surge. Deployment guides circulate via Z.ai and Unsloth.</p>
    
    <div class="tl-stats"><div class="tl-stat"><span class="tl-stat-v" style="color:#A6D633">744B MoE</span><span class="tl-stat-l">Parameters</span></div><div class="tl-stat"><span class="tl-stat-v" style="color:#A6D633">40B</span><span class="tl-stat-l">Active params</span></div><div class="tl-stat"><span class="tl-stat-v" style="color:#A6D633">MIT</span><span class="tl-stat-l">License</span></div><div class="tl-stat"><span class="tl-stat-v" style="color:#A6D633">+33%</span><span class="tl-stat-l">Zhipu stock</span></div></div>
    <div class="tl-sources"><a href="https://www.cnbc.com/2026/06/15/china-ai-zhipu-minimax-artificial-intelligence-race-washington-trump-anthropic.html" target="_blank" rel="noopener nofollow">CNBC coverage</a><a href="https://www.scmp.com/tech/tech-trends/article/3357115/zhipu-ais-stock-rockets-after-chinese-firm-makes-glm-52-open-source" target="_blank" rel="noopener nofollow">SCMP: Zhipu stock rockets</a><a href="https://open.bigmodel.cn/" target="_blank" rel="noopener nofollow">Z.ai open platform</a></div>
  </div>
</div><div class="tl-node" data-phase="alternatives" data-index="13" id="tl-fugu">
  <div class="tl-rail" style="--pc:#A6D633"></div>
  <div class="tl-dot" style="--pc:#A6D633"></div>
  <div class="tl-card">
    <div class="tl-date" style="color:#A6D633">June 22, 2026</div>
    <h3 class="tl-title">Sakana Fugu Ultra: orchestration as a frontier substitute</h3>
    <p class="tl-desc">Sakana exposes learned multi-agent orchestration as one OpenAI-compatible API endpoint. The TRINITY coordinator (0.6B params + 10K routing head) and RL Conductor (7B) assign work across a swappable model pool. Vendor-reported SWE-bench Pro: 73.7 vs Fable 5's 80.3. The question shifts from "who trained the biggest model?" to "who can coordinate the best available models?"</p>
    <blockquote class="tl-quote" style="border-color:#A6D633">"Fugu chooses a process. A gateway routes a request to a model."<cite>GenAlphaAI</cite></blockquote>
    <div class="tl-stats"><div class="tl-stat"><span class="tl-stat-v" style="color:#A6D633">73.7</span><span class="tl-stat-l">Fugu Ultra SWE-bench Pro</span></div><div class="tl-stat"><span class="tl-stat-v" style="color:#A6D633">80.3</span><span class="tl-stat-l">Fable 5 SWE-bench Pro</span></div><div class="tl-stat"><span class="tl-stat-v" style="color:#A6D633">82.1</span><span class="tl-stat-l">TerminalBench 2.1</span></div></div>
    <div class="tl-sources"><a href="https://sakana.ai/fugu/" target="_blank" rel="noopener nofollow">Sakana Fugu product page</a><a href="https://arxiv.org/abs/2512.04695" target="_blank" rel="noopener nofollow">TRINITY paper (arXiv)</a><a href="https://arxiv.org/abs/2512.04388" target="_blank" rel="noopener nofollow">Conductor paper (arXiv)</a></div>
  </div>
</div><div class="tl-node" data-phase="aftermath" data-index="14" id="tl-current">
  <div class="tl-rail" style="--pc:#7CD0C4"></div>
  <div class="tl-dot" style="--pc:#7CD0C4"></div>
  <div class="tl-card">
    <div class="tl-date" style="color:#7CD0C4">June 23, 2026</div>
    <h3 class="tl-title">Day 14: Fable 5 remains dark</h3>
    <p class="tl-desc">As of June 23, Fable 5 and Mythos 5 remain offline. Anthropic says it is "working to restore access as soon as possible." No return date. No remediation announced. The EU warns export controls "should not be discriminatory." Politico reports legal vulnerability. Just Security raises unresolved statutory questions. The precedent is set: a deployed frontier model can be switched off by directive, with hours of notice, for reasons you don't control.</p>
    <blockquote class="tl-quote" style="border-color:#7CD0C4">"They don't reach across the table and switch off the weak ones."<cite>GenAlphaAI</cite></blockquote>
    <div class="tl-stats"><div class="tl-stat"><span class="tl-stat-v" style="color:#7CD0C4">11</span><span class="tl-stat-l">Days dark</span></div><div class="tl-stat"><span class="tl-stat-v" style="color:#7CD0C4">72</span><span class="tl-stat-l">Hours live</span></div><div class="tl-stat"><span class="tl-stat-v" style="color:#7CD0C4">3.7:1 dark:live</span><span class="tl-stat-l">Ratio</span></div></div>
    <div class="tl-sources"><a href="https://www.politico.com/news/2026/06/18/trump-anthropic-ai-export-controls-00966118" target="_blank" rel="noopener nofollow">Politico: legal questions</a><a href="https://www.justsecurity.org/142745/law-anthropic-export-controls/" target="_blank" rel="noopener nofollow">Just Security: statutory analysis</a><a href="https://www.euronews.com/my-europe/2026/06/14/us-export-controls-on-anthropic-should-not-be-discriminatory-eu-commission-warns" target="_blank" rel="noopener nofollow">Euronews: EU response</a></div>
  </div>
</div>

A live model had become a controlled access problem, and the fastest compliant move was global darkness.

The Darkness

Anthropic's statement said the company was suspending access to Claude Fable 5 and Claude Mythos 5 and working to restore access as soon as possible. The rest of its catalog was not affected.

That did not help teams that had spent three days evaluating Fable 5 as the new top route for long-horizon coding, security review, and agentic workflows. GitHub's June 12 changelog documented the Copilot suspension pathway. CNN summarized the national-security effect. Forbes laid out the disabled-model timeline on June 16.

The silence had its own texture. API callers saw unavailable routes. Product teams saw model pickers change. Platform teams saw the kind of incident they could not fix by retrying, scaling, or paging a cloud TAM.

There was no degraded region to route around. There was no version pin that restored access. The dependency had failed at the policy layer.

That is why "model recall" became the right phrase. The model was not merely down. A live commercial capability had been withdrawn because a government decided access itself was too sensitive.

The Pushback

From June 13 through June 17, the debate moved from availability to meaning.

Anthropic argued that the demonstrated capability was not unique to Fable 5 and that treating a narrow jailbreak as grounds for recalling a widely deployed model would chill frontier deployment across the industry. That argument appears in the company's June 12 statement and the follow-on coverage.

The security community's objection was sharper: defensive vulnerability discovery had been misread as offensive capability. That distinction is fragile because the underlying skill is dual-use. But security work has always lived there. A scanner, fuzzer, exploit proof-of-concept, or patch generator can help defenders and attackers. The policy question is not whether the capability can be misused. It is whether suppressing it in the United States helps defenders more than adversaries.

On June 15, The Atlantic published Matteo Wong's piece under the headline "The White House Is Ratcheting Up Its War Against Anthropic." The phrase "This Is How America Loses the AI Race" was the dek, not the headline. That correction matters because this saga is already producing myths faster than source documents.

Nicholas Carlini, not Tom Brown, is the surfaced researcher in WIRED, Bloomberg, and The Verge coverage around the post-event technical debate. Tom Brown is an Anthropic co-founder, but the verified record does not make him the central public technical figure in the way some early accounts implied.

Markets responded too. CNBC reported that Zhipu AI's stock rose 33% on June 15 as attention shifted to Chinese open-weight alternatives. The prediction-market activity that surfaced in the research was on Kalshi, not Polymarket. That correction also matters. In a story this fast, venue errors become evidence of how much of the public narrative was assembled from fragments.

The Alternatives

The strongest alternatives claim is GLM-5.2.

The research report identifies Zhipu AI's GLM-5.2 as an open-weight alternative released around June 16, with ecosystem assets appearing on Hugging Face, GitHub, and deployment surfaces. The exact "Fable migration" framing is not directly attested in the verified corpus, so the careful version is this: GLM-5.2 became a credible open-weight destination at the same moment hosted frontier access looked newly revocable.

That distinction matters. A stock move and a release do not prove broad migration. They prove that the market understood the value of a model you can hold.

Open weights change the failure mode. If you already possess the weights and can serve them, no provider can remove the endpoint from your account. You still face sanctions, cloud limits, license terms, hardware constraints, and operational burden. But the model does not disappear because a vendor flips a route.

The Sakana Fugu Ultra story is weaker. Our prior coverage discussed Sakana Fugu Ultra, TRINITY, RL Conductor, and an orchestration-as-frontier-model thesis. The verified research report did not independently confirm those specific claims, model names, benchmark numbers, or launch details. They should remain outside the definitive factual spine until public sources catch up.

For builders, the takeaway is not that GLM-5.2 replaces Fable 5 one-for-one. It is that a model portfolio with no open-weight path is exposed. The fallback may be worse. It may be slower. It may require more GPUs and more eval work. But a worse fallback that runs is better than a perfect dependency that vanishes.

The Return

On June 22, lablab.ai's This Week in AI reported that Fable 5 had returned "with restrictions."

That is the most recent verified public update as of June 23, 2026. It is also frustratingly incomplete. The source does not establish the full scope of restoration: not which customers, not which geographies, not which partner platforms, not which identity controls, and not whether Mythos access changed.

So the honest current-status sentence is narrow. As of June 23, Fable 5 appears to have returned in some restricted form, but the public record does not yet show a full restoration.

That caveat should not be treated as weakness. It is the standard serious operators should demand from AI coverage now. A status page, a model picker, a launch blog, a partner changelog, and a legal directive can all tell different parts of the truth. Until they line up, the correct answer is partial.

The Broader Context

The June 12 directive did not fall out of a clear sky.

On February 26, NPR reported that a deadline was looming as Anthropic rejected Pentagon demands to remove AI safeguards. The dispute centered on government use, safeguards, weapons, surveillance, and Anthropic's refusal to weaken its model controls.

On March 26, NPR reported that a federal judge had temporarily blocked the Trump administration's Anthropic ban. The judge is identified in the research as Rita F. Lin, though the public NPR record surfaced in the report confirms the injunction more strongly than every procedural detail.

Then came Project Glasswing in April. Then the Fable and Mythos launch in June. Then the export-control letter.

AP News adds another contextual marker: Anthropic reached a $965 billion valuation in a funding round, not through a confirmed S-1 IPO filing. That correction matters because capital structure changes the story. A funding-round valuation says investors were still pricing Anthropic as one of the central firms in AI. It does not say the company had filed to go public.

The pattern is clear enough without overstating the law. The administration and Anthropic had been fighting over safeguards, federal access, and model control for months. Fable 5 turned that fight into a commercial API event.

What This Means For You

If you run AI systems in production, the Fable 5 saga is an architecture review disguised as a news event.

The first change is model failover. A single provider route should be treated like a single-region database without backups. Your application should call an internal gateway, not a vendor SDK scattered through product code. The gateway owns model selection, retries, logging, refusal handling, policy fallbacks, cost controls, and emergency cutover.

The second change is eval portability. Prompts, tool schemas, function-call contracts, and output validators need to run against more than one model. A fallback you have never evaluated is theater. Replay real traces. Measure task success, tool-call validity, latency, refusal rate, and cost. Know the quality drop before the outage.

The third change is data posture. If a model requires 30-day retention and your workload assumes ZDR, that is a hard route block. Do not let a benchmark override a data-flow diagram. For teams using AWS Bedrock, Microsoft Foundry, GitHub Copilot, or Google partner models, the security review has to include provider data-sharing terms, not just the model name.

The fourth change is identity. Nationality-based access control is not a normal SaaS attribute, but the Fable directive made it operationally relevant. Multinational teams need to know whether model access can be scoped by employee status, citizenship, geography, and legal entity. If the answer is no, the real fallback may be disabling the model.

The fifth change is open-weight contingency. You do not need to self-host every workload today. You do need at least one tested path for must-run systems. GLM-5.2 may be one candidate. Other open models may fit better depending on your task. The point is possession and portability.

A practical gateway policy can be simple:

Failure	Gateway response
Model unavailable	Route to hosted fallback
Access suspended or 451-style policy error	Route to open-weight fallback if allowed
Retention conflict	Block route and require approved model
Refusal on allowed task	Retry approved fallback with audit log
Cost spike	Downgrade to cheaper model for low-risk tasks
Safety-sensitive prompt	Route directly to model with known visible policy behavior

The Fable 5 shutdown compressed a year of governance theory into one Friday evening. Teams that had a gateway had an incident. Teams that hard-coded the model into their product had a scramble.

They don't reach across the table and switch off the weak ones. But once they do it to a strong one, every dependency graph changes.

Sources

Anthropic, Claude Fable 5 and Claude Mythos 5 announcement
Anthropic Research, Claude Fable 5 and Claude Mythos 5
Anthropic, Expanding Project Glasswing
Anthropic, Partnering with Mozilla to improve Firefox's security
Anthropic Red Team, Mythos Preview
Anthropic Red Team, N-days
Anthropic, Statement on Fable and Mythos access
Anthropic System Card PDF, Claude Fable 5 and Mythos 5 system card
GitHub Changelog, Claude Fable 5 generally available for GitHub Copilot
Microsoft Azure, Claude Fable 5 available in Microsoft Foundry
Microsoft Azure, Introducing Anthropic's Claude models in Microsoft Foundry
AWS Bedrock Docs, Anthropic Claude model card
Google Cloud Docs, Claude partner models
Google Cloud Docs, Claude safety configuration
Microsoft Security Blog, CVE-2026-31431 Copy Fail vulnerability
CERT-EU, Security advisory 2026-005
TechCrunch, Anthropic scales Claude Mythos to critical infrastructure in 15 countries
TechCrunch, Claude Fable 5 is a version of Mythos the public can access today
TechCrunch, Anthropic's safety warnings may have backfired
Simon Willison, Initial impressions of Claude Fable 5
Simon Willison, Anthropic walks back policy
Bloomberg, Read the Lutnick letter that led Anthropic to disable Mythos
Semafor, White House move to limit Anthropic linked to concerns about Chinese access to Mythos
CNN Business, Anthropic suspends access to Mythos model
Forbes, Anthropic disabled Fable 5 and Mythos 5 after a US export control order
The Verge, Anthropic Project Glasswing cybersecurity
TechRadar, Microsoft limits employee use of Claude Fable 5
NPR, Deadline looms as Anthropic rejects Pentagon demands
NPR, Judge temporarily blocks Anthropic ban
NPR, Project Glasswing and AI cybersecurity
New York Times, Anthropic says Mythos is a cybersecurity reckoning
BBC News, Mythos risks coverage
Scientific American, What is Mythos and why experts are worried
NBC News, Project Glasswing Mythos Preview
NBC News, Fable 5 Anthropic public Mythos release
Fortune, Anthropic Claude Mythos Project Glasswing
AP News, Anthropic valuation funding round
lablab.ai, This Week in AI, June 22, 2026