The 5:21pm directive that took Fable 5 offline
At 5:21pm Eastern Time on Friday 12 June 2026, the US Commerce Department told Anthropic to stop letting any foreign national, inside or outside the United States, use Fable 5 or Mythos 5. Three days earlier, Fable 5 had gone on sale to the public as the most capable model on Vals AI's independent benchmarks, a guardrailed commercial version of Anthropic's Mythos class, priced at US$10 per million input tokens and US$50 per million output tokens, roughly double the cost of Opus 4.8 [1][13]. By the end of the weekend, the model was unavailable to every customer worldwide, including Anthropic's own foreign-national staff. Other Anthropic models, including Claude Opus 4.8, were not affected [1].
That global shutdown, not a foreign-only block, is the part that matters for Australian boards. Commerce Secretary Howard Lutnick's letter, signed under the Bureau of Industry and Security, framed the suspension as protection against the models being "deployed by, or diverted to, military intelligence users in China, Russia or other countries of concern" [3]. Anthropic responded that the underlying technical finding, a "narrow, non-universal jailbreak" that lets the model read a specific codebase and flag software flaws, describes a capability already inside OpenAI's GPT-5.5 and routinely used by defensive cybersecurity teams [1][8]. The company argued, in unusually direct language, that "the finding of a narrow potential jailbreak should [not] be cause for recalling a commercial model deployed to hundreds of millions of people" [1].
Why a US export control swept up Australian customers
The directive's language is what made the global blackout unavoidable. The Commerce order covers any export, re-export or "domestic transfer" of the models to foreign nationals, and treats US-based foreign-national employees of Anthropic, OpenAI, Google DeepMind and Meta as covered persons for export-licensing purposes [1][9]. Anthropic concluded that no technical architecture short of a full service suspension would keep the company compliant, so the only path was to disable both models for every customer. Anthropic's own safeguards, including independent classifier systems that operate separately from the model itself, do not, in the company's view, satisfy a directive that targets the underlying weights [1].
This is the second, harder test of the Trump administration's AI posture in two weeks. On 2 June 2026, the President signed a voluntary executive order, "Promoting Advanced Artificial Intelligence Innovation and Security," that gives the federal government up to 30 days of pre-release review of new models [12]. That order is explicit: it "shall [not] be construed to authorize the creation of a mandatory governmental licensing, preclearance, or permitting requirement" for new AI releases [12]. The Friday action is a separate, binding measure under BIS, not a recall under the EO, and it has triggered an emergency in commercial AI procurement rather than a process improvement. Per Sandy Carter's analysis in Forbes, the Commerce letter requires Anthropic to file additional applications for individually validated licences, with financial and civil penalties for non-compliance [9].
Anthropic's staff are meeting Commerce virtually every day in the week of 15 June, with senior technical staff due in Washington for face-to-face sessions [3]. More than 80 cybersecurity executives and experts, including leaders at Nvidia and Adobe, have signed an open letter to Lutnick and National Cyber Director Sean Cairncross supporting Anthropic's position and asking for the restrictions to be lifted [3]. None of that has changed the operational reality for users.
Glasswing was twelve days old in Australia
For Australian enterprises, the timing is what stings. On 3 June 2026, Anthropic extended Project Glasswing, its Mythos Preview programme, to about 150 new organisations across more than 15 countries, including Five Eyes members, NATO allies and the EU's cybersecurity agency ENISA [5][6]. The original cohort, launched 7 April 2026, was a closed circle of roughly 50 Wall Street and tech firms, including Apple, Nvidia, Microsoft, CrowdStrike, Palo Alto Networks, Google, Amazon and JPMorganChase [5][10]. The combined programme now sits at close to 200 organisations and has surfaced more than 10,000 high- or critical-severity software vulnerabilities since launch [5].
Australian organisations were reported to be in line for the second-wave access. According to coverage in the Sydney Morning Herald, the Australian Financial Review and the ABC, the cohort being onboarded included the big four banks, major energy and telecommunications critical-infrastructure operators, and government agencies such as the Australian Signals Directorate and the Department of Home Affairs [4][5][6]. Anthropic declined to name the Australian participants; the banks and critical-infrastructure operators have stayed tight-lipped about whether they had received an invitation [5][6]. As of 16 June, no Australian organisation has publicly confirmed participation in writing, so the right framing for any procurement team is "in line for access" rather than "had access".
The Mythos-class capability behind Glasswing is not theoretical. UK AI Security Institute testing found that Mythos could exploit defensive systems 73 percent of the time, a result that Gina Neff, Professor of Responsible AI at Queen Mary University London, described to the BBC as "a step change in capability in cyber security" [11]. Anthropic co-founder and president Daniela Amodei told Forbes Australia that the model cannot go to general release because "it's also very good at cyber warfare" [5]. The argument, in other words, is that the US is restricting a model whose defensive value is real and measurable, and that the allied countries preparing to use it for cyber defence are now collateral damage in a US-China-Russia risk calculus that never factored in the Five Eyes.
Sovereignty, vendor concentration and the EU parallel
The Verge, in its 13 June analysis, framed the shutdown as the moment the case for non-American AI became operational rather than philosophical [2]. Politico Europe ran the same story from Brussels, noting that the 12 handpicked closest-circle Mythos partners are all headquartered in the United States, and that European regulators and ENISA were "left in the dark" on the policy change [10]. A European Commission spokesman told the BBC the move "further underlined Europe's need for technological sovereignty" [11]. The Commission had earlier this month unveiled measures to slash the bloc's dependence on US and Asian suppliers of key technologies, including AI [11].
The Australian implication runs in the same direction. Treasury, the Reserve Bank and the country's critical-infrastructure stewards had been briefed on the Glasswing expansion [5]. None of those briefings anticipated a hard cut-off within a fortnight. The Albanese government's National Reconstruction Fund and its AI Action Plan both point toward a sovereign-friendly buildout, but those programmes do not on their own produce a frontier model that a Five Eyes partner can rely on being able to use next quarter. The UK AISI result, 73 percent defensive exploit success, is the metric the sovereign-AI case now has to beat, and it is being measured against a US-controlled system that Washington can revoke at will.
The contrarian case: safety marketing and the open letter
A cleaner read of the directive requires holding two uncomfortable possibilities at the same time. Sandy Carter, writing in Forbes on 13 June, put it plainly: "The real question is whether Fable actually needed this level of restriction, or whether Anthropic oversold the dangers of Mythos to justify the company's safety-first positioning. Both may be true" [9]. OpenAI chief executive Sam Altman made a sharper version of the same point in April 2026, in comments that have resurfaced this week: "It is clearly incredible marketing to say, 'We have built a bomb. We were about to drop it on your head. We will sell you a bomb shelter for $100 million'" [8].
Anthropic's own response is the strongest single source of dissent. The company's 12 June statement argues that the jailbreak claim describes a capability already in other public models, that the response is disproportionate, and that if applied across the industry, "it would essentially halt all new model deployments for all frontier model providers" [1]. Anthropic had also worked with the US government to test Fable 5 pre-release and received approval to deploy it before the Friday directive [3]. The open letter from 80-plus cybersecurity executives, signed by senior figures at Nvidia and Adobe, is a near-unanimous rejection of the underlying premise from the people who would, in theory, be most exposed to a genuinely weaponised Mythos [3]. A US judge has separately ruled that the Pentagon's March 2026 "supply chain risk" designation of Anthropic cannot be enforced while litigation continues, which means US federal agencies and defence contractors can still use Anthropic models under court order, even as Australian banks cannot [3][11].
The Anthropic-administration relationship ruptured earlier in 2026 after the Pentagon in March designated Anthropic a supply-chain risk, following the company's refusal to allow Claude to be used for mass domestic surveillance or fully autonomous weapons [3][13]. Anthropic had been the only AI vendor with defence security clearance; it is now suing to have the designation lifted, and the directive is being litigated around its edges [3][11][13].
What ANZ procurement teams should do now
The procurement lesson is that frontier AI, for Australian enterprises, now belongs in the same risk register as cloud concentration, just-in-time supply chains and any other single-vendor infrastructure dependency. Three things follow.
First, treat US-controlled frontier models as revocable. The "in line for access" Glasswing cohort, including ASD, Home Affairs, the big four banks and the major telcos and energy operators, was switched off with no transition window [4][5]. SmartCompany's reporting from 15 June is direct: "SMEs don't have vendor-risk teams. They sign up for the best model, integrate it, and find out it's been turned off when the dashboard says 'unavailable'" [7]. The Forbes view is the same in board-room language: "Regulatory risk now belongs in your vendor selection criteria" [9].
Second, run a multi-vendor model mix by default, not as a hedge. Anthropic's commercial proposition, with Fable 5 priced at US$10 input and US$50 output per million tokens, is now paired with a non-trivial probability of a US Commerce action pulling the rug [13]. A working multi-vendor architecture spreads that risk and gives the CIO a fallback when a single provider goes dark. The Anthropic-Pentagon dispute that triggered the March 2026 supply-chain risk designation showed the same pattern in slow motion: an AI vendor that refuses US government use for mass surveillance and autonomous weapons is now on a national-security blacklist and cut off from defence work, with all the commercial consequences that follow [3][5][13].
Third, follow the engagement, not the press release. Anthropic is meeting Commerce every day, the 80-signatory open letter is gaining signatures, and the directive is being litigated around its edges. The decision is not necessarily permanent. But the operating assumption for any Australian enterprise building a production workload on Fable 5, Mythos 5 or their successors should be that the model can be turned off by a Washington official who has never heard of your business case.
Anthropic's confidential filing on 2 June 2026 for a US$1-trillion-plus (around A$1.4 trillion) IPO, and its US$1.25 billion-a-month data-centre lease from Elon Musk's xAI, mean the company has every commercial reason to get both models back online [5][13]. Whether that happens before or after Australia has rebuilt its sovereign-AI options is the question every ANZ chief information officer should be asking this week.