# The Day the US Government Shut Down the Most Powerful AI > Source: > Published: 2026-06-13 16:34:29+00:00 [Back to Blog](/blog) # The Day the US Government Shut Down the World's Most Powerful AI Published by Pentesty · AI Security · Regulation ## What Happened on June 12, 2026 Imagine launching the most advanced artificial intelligence model in the world and, three days later, receiving a call from the government telling you to pull the plug on everything. That is exactly what happened to Anthropic on Friday, June 12, 2026. At 5:21 PM ET, the U.S. Department of Commerce sent a letter to Anthropic CEO Dario Amodei ordering the immediate suspension of access to **Claude Fable 5** and **Mythos 5** for all foreign nationals, whether inside or outside the United States. Since the company had no practical way to verify every user's nationality in real time, Anthropic made the most drastic call available: it disabled both models for everyone, worldwide. ## What Were Fable 5 and Mythos 5? To understand the weight of this decision, you need to know what these models actually were. **Mythos 5** is described as the AI model with the most advanced offensive cybersecurity capabilities ever developed. It was restricted to a small, vetted group of government partners and critical infrastructure defenders precisely because it could turn newly discovered software vulnerabilities into working exploits within hours. Work that previously took a senior penetration tester weeks could be compressed into a fraction of that time. **Fable 5** was the public version of that same model, wearing a safety vest. Its responses on cybersecurity and biology topics were filtered by a set of independent classifiers designed to block offensive requests. In practice, Fable 5 was Mythos on a leash: powerful, capable, but supposedly controlled. ## The Jailbreak That Triggered Everything Within hours of Fable 5's public launch, a researcher known online as **Pliny the Liberator** posted on social media claiming to have "liberated" the model. The method required no code exploitation, no reverse engineering, no software vulnerabilities — just carefully crafted prompts. The documented techniques included: **Unicode and Cyrillic character substitution**— confusing pattern-based classifiers by replacing standard characters with visually identical lookalikes.** Long-context reference threading**— embedding malicious intent across extended conversations rather than in a single prompt, making it harder for classifiers to detect the overall objective.**Information decomposition and reassembly**— breaking sensitive requests into innocent-looking subtopics and reassembling the output on the attacker's end.** Narrative and fictional framing**— disguising sensitive requests as educational or creative content, such as studying for a certification exam. The most alarming result: screenshots showing functional **stack buffer overflow exploit code**, generated under the guise of studying for the OSED (Offensive Security Exploit Developer) exam. This is precisely the kind of capability that has kept Mythos 5 behind locked doors. ## How the Government Reacted According to reporting from NBC News, the Wall Street Journal, and CNBC, the Commerce Department acted after a third-party company — not a government agency — claimed to have found a jailbreak method that could unlock Mythos 5's capabilities through Fable 5. Commerce Secretary Howard Lutnick personally signed the letter to Dario Amodei, invoking national security authorities. The directive classified Fable 5 and Mythos 5 as **technologies subject to export controls** — the same legal framework historically applied to cryptographic algorithms, weapons components, and sensitive military technology. Analysts quickly drew comparisons to the Crypto Wars of the 1990s, when the U.S. government fought to restrict the export of encryption algorithms like RSA, a battle it ultimately lost. ## Anthropic Complied, But Pushed Back Hard Anthropic followed the directive but was unusually direct in publicly disputing it. In a detailed statement, the company argued: "We believe this is a misunderstanding, and we are working to restore access as quickly as possible." Their technical counterarguments were pointed: - The alleged jailbreak amounts to nothing more than **asking the model to read a codebase and fix software bugs**— something other publicly available models already do without any restriction. - The government provided only **verbal evidence** of a potential jailbreak, with no robust technical demonstration. - The same capabilities were already present in **OpenAI's GPT-5.5 with no jailbreak required at all**. - Applying this standard uniformly would require **taking down every major AI provider's frontier models**. Anthropic also noted that its cybersecurity classifiers operate independently from the core model, meaning that bypassing the chatbot's conversation layer does not actually disable the most critical safety protections. ## What This Means for Security Professionals This incident opens several critical discussions for anyone working in cybersecurity, red teaming, or offensive security. **Offensive AI is now firmly on government radar.** The fact that the U.S. government acted within hours, not weeks, signals active monitoring of AI capabilities with offensive potential. Mythos 5 was not a theoretical model — it was being actively tested by critical infrastructure defenders to find real vulnerabilities. The speed of regulatory intervention reflects how seriously these capabilities are being taken at the national security level. **Prompt injection and jailbreaks are legitimate attack vectors.** The Pliny the Liberator case makes it undeniable: AI security cannot rely solely on chat-level content filters. Techniques involving decomposition, long-context manipulation, and token substitution can bypass classifiers. This connects directly to [prompt injection attacks we have already seen in the real world](/blog/prompt-injection-brazil-labor-court-2026) — what happened in a Brazilian courtroom is now happening at the frontier model level. **The line between defensive and offensive AI is razor-thin.** Mythos 5 was originally designed to help defenders find and fix vulnerabilities faster. But the same capabilities that empower blue teams can just as easily be weaponized. This duality will demand regulatory frameworks far more sophisticated than simple export controls. As we covered in our analysis of [AI-powered cyber attacks in 2026](/blog/ai-powered-cyber-attacks-2026), the attacker-defender gap closes fastest at the capability frontier. **A massive regulatory precedent has been set.** This is the first documented case of the U.S. government forcing a commercial AI company to take a live model completely offline. It sends a clear signal that the era of deploying frontier AI models without regulatory scrutiny is coming to an end — and security teams need to plan for AI tool availability being subject to geopolitical and compliance constraints. ## The Jailbreak Techniques Security Teams Must Understand Whether or not you ever touch a frontier AI model, the jailbreak techniques demonstrated here are directly relevant to anyone defending systems that integrate LLMs. Each technique maps to a class of attacks that will appear in real engagements: **Character substitution attacks** bypass string-matching filters the same way SQL injection bypasses naive input validation — the fundamental lesson from[OWASP's injection categories](/blog/owasp-top-10-developers-guide)applies directly to LLM classifiers.**Long-context threading** exploits the stateless evaluation problem: classifiers that evaluate individual turns miss intent assembled across a conversation window. Red teams should test AI integrations with multi-turn attack sequences, not just single-prompt probes.**Decomposition and reassembly** is the AI equivalent of data exfiltration through covert channels — the harmful output never appears in any single request, only in the aggregated result. Detection requires session-level analysis, not per-request filtering.**Fictional and educational framing** abuses context to shift the model's "intent interpretation" away from sensitive categories. This is why purpose-built safety classifiers matter more than general content policies. If your organization deploys AI in any capacity — customer-facing chatbots, developer copilots, security tooling — these are the attack surfaces your pentest should be covering. Most reports do not include AI-specific attack paths, which is part of what [makes traditional pentest reports inadequate](/blog/why-your-pentest-report-is-lying-to-you) in 2026. ## The Crypto Wars Parallel Multiple analysts drew comparisons to the Crypto Wars of the 1990s, when the Clinton administration attempted to restrict the export of strong encryption algorithms through mechanisms like the Clipper Chip and export-grade cipher requirements. The government lost that battle — not through a legal ruling but through the practical reality that cryptographic knowledge cannot be contained once it is public, and that weakening security tools harms defenders more than attackers. The parallel to AI is imperfect but instructive. Advanced AI capabilities will not remain exclusive to vetted American users if the underlying techniques are already documented. Restricting access to frontier models may slow the most casual misuse while doing little to impede sophisticated actors who can replicate or approximate the capabilities through other means — including the exact jailbreak techniques now publicly documented for Fable 5. What is different this time is the speed of the capability curve. Encryption algorithms were mature when export controls were applied. AI capabilities are accelerating. The regulatory framework is chasing a moving target. ## Current Status All other Anthropic models — including Claude Opus 4.8 and Haiku — remain fully available. Anthropic has stated it is working to restore access to Fable 5 and Mythos 5 within the government's required framework, but has given no timeline. Competing platforms including ChatGPT and Gemini were not affected by the directive. The incident leaves open a question that security teams should be actively preparing for: what happens to your workflows, tooling, and security coverage when an AI capability you depend on becomes unavailable overnight — not because of a technical failure, but because of a regulatory action? ## What Security Teams Should Do Now The Fable 5 shutdown is not just a regulatory story. It is a signal about how the field is evolving. Practical steps for security teams include: **Audit your AI dependencies.** Map which tools, workflows, and detection capabilities rely on specific AI models or providers, and identify single points of failure.**Add AI attack surfaces to your pentest scope.** If you deploy LLMs in any form, your next engagement should include prompt injection, jailbreak, and context manipulation tests — not just traditional[cloud and application attack paths](/blog/cloud-security-misconfigurations-2026).**Build classifier-independent safety layers.** Anthropic's own argument — that their classifiers operate independently from the core model — is the right architecture. Security controls that depend solely on the AI's judgment fail when the AI is manipulated.**Track AI regulation as a risk category.** Export controls, national security directives, and compliance requirements will increasingly constrain which AI capabilities are accessible to which users. Security risk registers should include AI regulatory risk.**Test AI-assisted attack scenarios.** The same capabilities that Mythos 5 brought to defenders are being approximated by adversaries. Offensive security engagements should simulate AI-accelerated recon and exploitation to validate that detection and response can keep up. [pentesty.co](https://pentesty.co) is purpose-built to help organizations test against exactly this kind of [AI-accelerated threat landscape](/blog/ai-powered-cyber-attacks-2026) — combining automated scanning with human tradecraft to surface the attack paths that matter before an adversary does. [See our offensive security services](/#servicos). The tools are getting more powerful, the oversight is intensifying, and the responsibility on those who use them is growing with it. The Fable 5 shutdown is the first of many inflection points. Related on Pentesty AI-Powered Cyber Attacks in 2026 → How adversaries integrate AI across the kill chain — and what defenders can do to keep pace. Prompt Injection in a Brazilian Courtroom → The same techniques used to jailbreak Fable 5 were already appearing in real-world attacks against judicial AI. OWASP Top 10: The Developer's Guide → Injection attacks — whether targeting SQL, shells, or LLM classifiers — share the same root causes. Why Your Pentest Report Is Lying to You → AI attack surfaces rarely appear in traditional reports. Here is what is missing. Cloud Security in 2026 → AI-assisted recon finds cloud misconfigurations at machine speed. Regulatory constraints on AI tools do not slow this down. TL;DR References [1] Anthropic Suspends Fable 5, Mythos 5 AI Models After US Security Order — *NDTV* [2] Anthropic suspends new AI models after government directive — *NBC News* [3] Governo dos EUA restringe Claude, e Anthropic tira modelos do ar — *Alo Alo Bahia* [4] Anthropic Halts Access to Top AI Models After U.S. Ban on Foreign Use — *Wall Street Journal* [5] U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals — *The Hacker News* [6] Anthropic's new model is Mythos on a leash — *CyberScoop* [7] Claude Fable 5 Jailbreak Enables Stack Exploit Generation — *CyberPress* [8] Anthropic Disputes Fable 5 AI Jailbreak — *SecurityWeek* [9] Anthropic's Fable 5 and Mythos 5 banned in US — *ET Now News* [10] U.S. Issues Export Controls, Anthropic Disables Fable and Mythos — *Let's Data Science* [11] Anthropic disables access to Fable 5 and Mythos 5 to comply with government directive — *CNBC* [12] Anthropic cuts top-tier AI access after US foreigner ban — *DW* [13] US orders Anthropic to disable AI models for all foreign nationals — *Al Jazeera* Ready to test your defenses against AI-powered attack paths? [Request early access to Pentesty](/#pricing).