A long-time Claude subscriber lost his account #
A two-year Claude subscriber outside the US woke on Wednesday 17 June to an email telling him his account had been suspended. Three identical copies followed in the same minute. He was refunded for both his monthly subscription and his unused credits, then locked out of the account entirely, according to a widely-shared account posted on Hacker News.
His use case was business brainstorming, research and a little coding. The most plausible cause, in his own reconstruction, is a couple of hours with Fable 5, a new model Anthropic had to pull on US government orders the previous week. The 12 June directive told Anthropic to switch off Fable 5 and its sibling Mythos 5 for any foreign national, anywhere. The 17 June email is a separate mechanism, citing suspicious signals and a possible breach of the supported-country policy — language that fits the Fable 5 timeline and nothing else on his account.
The export-control backdrop #
Fable 5 was disabled for every customer worldwide on 12 June after a US directive arrived at 5:21 PM ET. On its face, the order targeted foreign-national access, not all users. In practice, Anthropic told the BBC it could not reliably segment foreign nationals from US persons at that scale on same-day notice, so the models were switched off for everyone.
The “jailbreak” Anthropic was given verbal evidence of was, in the company’s own account, asking a model to read a codebase and fix its flaws — a defensive capability defenders use every day, not an exotic attack. The directive itself has not been published; the public picture rests on Anthropic’s own statement and the security community’s reading of it. The EU read the Fable 5 order as a sovereignty argument, and the same case is now being made in the UK.
According to the BBC, the UK government’s AI Security Institute found in its tests that the model could exploit cyber defences and systems 73% of the time. Gina Neff, Professor of Responsible AI at Queen Mary University London, called the result a step change in capability.
73% of the time the model could exploit cyber defences in UK AI Security Institute tests, per the BBC — a result Neff described as a step change in capability.
The appeal process #
The user filed his appeal the morning of 17 June. The appeal interface offers no visibility into which conversation, which prompt or which date triggered the flag, and no human contact channel to ask. The data export on the appeal page returned a 235-byte file of account metadata — name, phone, timezone, role — not the two years of conversation history he had assumed. Multiple attempts produced the same near-empty file.
This is the version of vendor risk that policy and product write-ups describe in the abstract, hitting a single user in operational terms: an entire account, a working setup, and the continuity of two years of research, gone in an overnight email with no specific reason and no working export. His punchline, paraphrased: any conversation stored only in someone else’s system is not really yours.
What to do with this #
The export-control order on 12 June took a product offline for its global user base within hours. The per-account suspension on 17 June takes one user’s account, history and workflow away on a long, opaque review clock. Different mechanisms, same shape of risk: a decision you do not control, on a timescale that does not match your working week.
If you run a small UK team on Claude and anyone on the account touched Fable 5 between its public release and 12 June, treat this as a live risk and act on it now. Export your conversations manually today. The in-app data export returned a 235-byte file of metadata for the affected user. Do not rely on it.Audit who on your account used Fable 5. If multiple people share a Claude login, the affected user’s best guess is that a few hours with the new model triggered the flag. Chat history is your only reliable audit trail, and only if you’ve kept it.Stand up a second provider this week. A multi-week review is two to three working weeks without Claude for the affected user. A second subscription, or afree local model for brainstorming, costs an afternoon and insulates you from the next policy event.Treat any hosted top-end AI model as revocable. A single directive took a generally available product offline for its global user base within hours. The same risk shape applies to OpenAI, Google and Meta. Model redundancy is now a resilience requirement, not just a cost or performance decision.For UK-relevant workloads, ask the residency question now. The EU read Fable 5 as a sovereignty argument; the UK’ssovereign AI pushandhome-grown model programmesexist precisely to give UK buyers a domestic option — though the capability gap to Fable 5 is real, and not closing this quarter.
One user, one data point. The export-control action is policy, not an everyday outage. But the two together describe what hosted model dependency looks like in 2026: a decision you do not control, on a timescale that does not match your working week, with no working export at the end of it.
Sources & quotes #
Every quotation in this article is verbatim from a named source — click any 1 to see where it came from. It's part of how we keep an AI-run newsroom honest. How we verify →