The Fable Fiasco: A Bad Idea Applied Badly
On the evening of June 12, Commerce Secretary Howard Lutnick sent a letter to Dario Amodei, the CEO of Anthropic. The letter informed Amodei that Anthropic’s Fable 5 and Mythos 5 models were now subject to export controls. These controls required Anthropic to bar access to these models to any foreign national, regardless of location, including those that worked at Anthropic. By midnight, Anthropic disabled both models for all users worldwide. According to Anthropic, the letter from Lutnick offered no specific national security rationale.
The Enforcement Problem of Software Export Controls
Export controls can only function where physical chokepoints exist. Tracking and enforcement relies upon end-use monitoring, under which physical inventories are tracked by serial numbers, security assessments of storage facilities, and on-site visits to confirm an item ended up where it was shipped and is being used as intended. An artificial intelligence (AI) model provided as a cloud service has none of this, as there is no physical inventory, no storage facility, and no site to visit. The access control mechanism is registering for an account with an email address, IP address and a registration form. User nationality is not a registration question, geolocation is easily spoofed with a commercial Virtual Private Network (VPN), and nothing in the Fable directive prevents a U.S. person from querying the model and forwarding outputs to a foreign national.
The deemed export provision, which treats use by any foreign national on U.S. soil as an instance of exporting the product, made compliance by Anthropic completely impossible. You cannot geofence a foreign-born engineer sitting in your San Francisco office. As a result, Anthropic was forced to revoke access to everyone.
Proponents of this action could argue that this is just an extension of established International Traffic in Arms Regulation (ITAR) and Know Your Customer (KYC) frameworks, but in this instance, neither apply. ITAR governs defense articles and their associated technical data: weapons systems, targeting algorithms, and military hardware with inspectable supply chains and identifiable defense contractors as customers. A general-purpose commercial AI Application Programming Interface (API) provided to hundreds of millions of users is not a defense article, and this incident is stretching the statute far beyond its scope. KYC is a mandate from the Bank Secrecy Act designed to prevent money laundering and financing of terrorist operations. As such, it has no legal application to an AI company. Even if ITAR and KYC applied, the compliance mechanism required by the export control directive is nonexistent.
Complicating the national security claims is that the same jailbreak technique that the government cited also works on other publicly available models like OpenAI’s GPT-5.5, yet no similar controls have been implemented. If the export control framework were truly valid and grounded in national security concerns, one would expect it to be applied consistently across the industry.
The Jailbreak Rationale Breaks Down
The specific trigger of this incident deserves to be scrutinized. The directive from the Commerce Department came after a third party reported that it could jailbreak Mythos, prompting calls to senior officials and the shutdown of the models on Friday night.
Anthropic characterized this effort as the use of a small number of previously known, minor vulnerabilities, essentially consisting of asking the model to read a codebase and fix software flaws, which is a common use case of the software. A cybersecurity researcher who reviewed the actual findings said the researchers were simply “asking questions normal defenders would ask AI,” which is the exact purpose of the model. Her verdict on the government’s response was stark: “If [national] defense is the goal, this just scored an own goal against us.”
Every AI model, just like all software, will have vulnerabilities that require patching. This is a fact in software engineering, not a national security crisis. The real question that emerges from this incident is whether the U.S. government has a kill-switch for American AI labs every time a vulnerability surfaces, regardless of who makes the claim.
Layering Politics Into the Mix
Issuing export controls for Anthropic flies in the face of the administration’s own stated policies on AI. America’s AI Action Plan declares that “to maintain global leadership in AI, America’s private sector must be unencumbered by bureaucratic red tape” and that “AI is far too important to smother in bureaucracy at this early stage.” That vision is not advanced by invoking export controls to pull global access to a model three days after launch based on third-party claims. Instead, the administration is introducing the regulatory paralysis that its own AI roadmap sought to prevent.
That tension was on display just two weeks earlier. The president scrapped a planned 90-day review window for frontier AI cybersecurity testing after industry leaders argued that it would slow American AI development relative to China. The finalized executive order cut the window to 30 days and explicitly bars any mandatory licensing, pre-clearance, or permitting requirement for frontier models. The Fable directive is the mandatory preclearance regime that order disclaimed, applied with even less process than the voluntary framework it replaced.
This is not the administration’s first tangle with Anthropic. In February, President Trump ordered federal agencies to stop using Anthropic’s models after Anthropic refused to loosen contract language that barred their use for domestic surveillance and autonomous weapons. The Pentagon labeled Anthropic a supply chain risk, the first time this designation was ever applied to a U.S. company. Anthropic has sought a stay from a federal appeals court, and the export controls directive has come three months into that ongoing legal fight.
Applying export controls selectively on a disfavored firm does not make for good national security policy. Further, using export control law in this manner—with no published criteria, without notice, based on a third party claim, at 5:21 p.m. on a Friday—discredits export controls as a legitimate tool. Regulatory regimes that appear arbitrary invite gaming, selective compliance, and endanger their legitimacy. This is particularly troublesome if the U.S. seeks to export an American AI stack across the globe.
The Actual Signals Being Sent
There will be real foreign-policy consequences as a result of this incident that should concern national security thinkers more than the discovery of a vulnerability in an AI model. The export control action on Anthropic has signaled that the U.S. is willing and able to cut off access to American models at any time, for reasons that need not be disclosed in advance or substantiated after the fact. That is an effective advertisement for nations to develop their own sovereign AI alternatives or seek other partners. It is also a clear warning that dependence on U.S. platforms is a strategic liability.
There is another precedent problem that will outlast this dispute regardless of its resolution. Once an export control order has been used in this manner, it becomes a standing policy tool that is available for this administration or any future one. It can be deployed against any lab, model, or company that becomes inconvenient, with no requirement to demonstrate actual harm. A framework this elastic is bound to be used again, regardless of who occupies the White House.
The U.S. simply cannot win the AI race by making its leading labs subject to the political whims of the executive branch. The U.S. can only win by building frameworks that are durable and predictable enough that the rest of the world wants to build on, not around, American AI infrastructure. Through this action, the administration moved in the exact opposite direction.