Claude Fable 5 Returns After Export Ban Lifted (2026)
July 2, 2026
Claude Fable 5 spent 19 days offline by government order — suspended for every user on Earth because a handful of researchers found a way to make it flag known software bugs. On July 1, 2026, it came back, with a new safety filter, a public bug bounty, and an industry-wide plan for judging how dangerous a "jailbreak" really is.12
In one line: The US Commerce Department lifted export controls on Anthropic's Claude Fable 5 and Mythos 5 on June 30, 2026, ending a 19-day suspension triggered by an Amazon-reported jailbreak; Fable 5 returned globally on July 1 with a new safety classifier and a jointly proposed jailbreak-severity framework.31
TL;DR
- What happened: The US government ordered Anthropic to suspend all access to Claude Fable 5 and Mythos 5 on June 12, 2026, then the Commerce Department lifted those export controls on June 30. Fable 5 returned to users globally on July 1.31
- Why it was suspended: Amazon researchers found a prompt that got Fable 5 to identify known software vulnerabilities and, in one case, write code demonstrating how to exploit one of them.3
- Was it unique to Fable 5? No. Anthropic says every model it tested — including its own Opus 4.6 through 4.8, OpenAI's GPT-5.4 and GPT-5.5, and Moonshot AI's Kimi K2.7 — could reproduce the same exploit demonstration.1
- The fix: A new safety classifier that blocks the specific reported technique in "over 99% of cases," with flagged requests rerouted to Claude Opus 4.8 instead of Fable 5.1
- What's back: Fable 5 on the Claude Platform, Claude.ai, Claude Code, and Claude Cowork, plus Mythos 5 for a restored set of Project Glasswing organizations.1
- Pricing unchanged: $10 per million input tokens, $50 per million output tokens for both models — the same rate set at the June 9 launch.4
- The bigger move: Anthropic, Amazon, Microsoft, and Google are jointly drafting a four-part framework for scoring jailbreak severity, and Anthropic opened a public HackerOne program for Fable 5 cyber jailbreaks.1
What You'll Learn
- The full timeline from Fable 5's June 9 launch to its July 1 relaunch
- Exactly what the Amazon-reported jailbreak did — and didn't — expose
- How Anthropic's new safety classifier works and its real-world tradeoffs
- What's actually available again, and what still isn't (AWS, Google Cloud, Microsoft Foundry)
- The four-part jailbreak severity framework Anthropic is building with Amazon, Microsoft, and Google
- Why this exposed a gap in the government's own AI oversight framework, Executive Order 14409
- What developers building on Fable 5 or Mythos 5 should do now
Timeline: from launch to lockdown to relaunch
| Date | Event |
|---|---|
| June 9, 2026 | Anthropic launches Claude Fable 5 (public, safeguarded) and Claude Mythos 5 (restricted, Project Glasswing only), both at $10/$50 per million tokens.4 |
| June 12, 2026, 5:21pm ET | The US government issues an export control directive ordering Anthropic to suspend access to Fable 5 and Mythos 5 for every user, citing national security authorities.3 |
| June 26, 2026 | The government approves restoring Mythos 5 access to a set of US Project Glasswing organizations.1 |
| June 30, 2026 | The Commerce Department lifts the export controls on both models.1 |
| July 1, 2026 | Fable 5 returns globally on the Claude Platform, Claude.ai, Claude Code, and Claude Cowork.12 |
The suspension lasted 18 days from the initial directive to the Commerce Department's decision to lift it, with public access restored the following day.31
Why Fable 5 was suspended
Anthropic launched Fable 5 as its first Mythos-class model made available to the general public, priced at $10 per million input tokens and $50 per million output tokens — less than half the rate of the earlier Claude Mythos Preview.4 It shipped with what Anthropic called the strongest safeguards it had ever applied to a model: safety classifiers that reroute cybersecurity-, biology-, and distillation-related requests to the less capable Claude Opus 4.8 instead of letting Fable 5 respond. On average, Anthropic said, those classifiers triggered in under 5% of sessions.4
Three days later, that changed abruptly. At 5:21pm ET on June 12, the US government sent Anthropic an export control directive ordering it to cut off access to Fable 5 and Mythos 5 for any foreign national, inside or outside the United States — including Anthropic's own non-citizen employees.3 Because Anthropic had no reliable way to verify every user's nationality in real time, the only way to comply was to suspend both models for everyone.31
The trigger, according to Anthropic, was a report from Amazon researchers describing a way to bypass Fable 5's safeguards. The technique itself was simple: feed the model a codebase containing known vulnerabilities and ask it to "fix" the code. Fable 5, framing the request as ordinary defensive debugging rather than an attack, identified the flaws and, in one case, produced code demonstrating how one of them could be exploited.35
Anthropic pushed back hard on the idea that this represented a unique risk. In its June 12 statement, the company said the vulnerabilities involved were "relatively simple" and that other publicly available models — including OpenAI's GPT-5.5 — could find them without any bypass at all.3 By June 30, after further testing, Anthropic reported that less capable models such as Claude Opus 4.8, GPT-5.5, and Kimi K2.7 could identify the same vulnerabilities, and that when it came to demonstrating how to exploit the one flaw in question, every model it tested could reproduce it — Claude Haiku 4.5, Sonnet 4.6, Opus 4.6, Opus 4.7, Opus 4.8, GPT-5.4, GPT-5.5, and Kimi K2.7.1 In other words, the capability the government flagged wasn't a Mythos-specific hazard — it was something already widely available across the industry.
The fix: a new classifier and government sign-off
Rather than dispute the directive publicly for long, Anthropic worked with the government to build a targeted fix. It trained an improved safety classifier aimed specifically at the technique described in the Amazon report. According to Anthropic, that classifier blocks the reported technique in more than 99% of cases; when it triggers, the request is automatically rerouted to Claude Opus 4.8 and the user is notified.1
The tradeoff is more false positives on ordinary coding and debugging work — the same "fix this code" phrasing that enabled the jailbreak is common in legitimate security review. Anthropic acknowledged the new classifier would flag more benign requests and said it would keep refining it to cut down false positives.1
Researchers from NIST's Center for AI Standards and Innovation (CAISI) — the body the Commerce Department re-established from the former US AI Safety Institute in June 2025 under Secretary Howard Lutnick — tested both the old and new safeguards and, per Anthropic, agreed the new version was "extraordinarily strong."16 On June 30, the Commerce Department formally lifted the export controls. Secretary Lutnick, who signed off on the reversal, said his department had spent roughly two weeks reviewing the models with Anthropic.5
What's back, and what's still catching up
Fable 5 returned to the Claude Platform, Claude.ai, Claude Code, and Claude Cowork on July 1, 2026.12 For Pro, Max, Team, and select Enterprise plans, Fable 5 usage counts against up to 50% of weekly usage limits through July 7, after which further use requires usage credits.1 Standard Enterprise seats without usage credits enabled do not get Fable 5 access at all.1
Mythos 5 — the same underlying model with cyber safeguards lifted — came back on a shorter leash. Access was restored on June 26 for a set of US Project Glasswing organizations (cybersecurity and critical-infrastructure partners working with the government), ahead of the broader July 1 relaunch.1
One thing to watch if you access Claude through a cloud partner: as of its June 30 update, Anthropic said it would restore Fable 5 access on AWS, Google Cloud, and Microsoft Foundry "as quickly as possible" — phrasing that stopped short of promising simultaneous restoration with its own first-party surfaces.1 If you build on Fable 5 through one of those platforms rather than the Claude API directly, confirm current availability before assuming it matches Claude.ai.
The industry is building a jailbreak severity scale
The more durable outcome of this episode may be a shared framework for judging how serious an AI jailbreak actually is — something the industry has lacked. Anthropic, working with Amazon, Microsoft, Google, and other Glasswing partners, proposed scoring jailbreaks on four criteria:1
- Capability gain — how far beyond existing, widely available tools the jailbreak takes the user
- Breadth of capability gain — how many distinct offensive tasks the same technique unlocks
- Ease of weaponization — how much effort it takes to turn the jailbreak into an actual attack
- Discoverability — how easily someone could find or reproduce the technique
Anthropic said it will move immediately to deploy mitigations for the most severe class of jailbreak — for example, one being used to cause serious damage to power grids or banking systems — and is standing up a team for 24/7 monitoring of jailbreak reports.1 It also opened a public HackerOne program specifically for researchers to submit cyber jailbreaks found in Fable 5.1
The policy gap this exposed
The timing is notable. On June 2, 2026 — ten days before the Fable 5 suspension — President Trump signed Executive Order 14409, "Promoting Advanced Artificial Intelligence Innovation and Security." Its Section 3 sets up a voluntary framework: agencies would develop a classified benchmark for designating a "covered frontier model," and developers could choose to give the government up to 30 days of pre-release access before wider distribution. The order explicitly states that nothing in it creates a mandatory licensing, preclearance, or permitting requirement for releasing an AI model.7
Fable 5 never went through that process — it was already publicly available when the export control directive arrived.15 Instead of using the voluntary EO 14409 pathway, the government reached for a blunter, faster tool: an export control directive under separate national security authority, invoked after the model had already shipped.35 Anthropic itself objected to this approach at the time, arguing in its June 12 statement that recalling a commercial model already deployed to hundreds of millions of users, based on a single narrow jailbreak report, would "essentially halt all new model deployments for all frontier model providers" if applied industry-wide.3
Anthropic says it's now deepening its collaboration with the government on pre-release testing and information sharing, building on the EO 14409 framework.1 Whether that closes the gap between the voluntary process on paper and the export-control tool actually used in practice is the open question for the next model launch — including OpenAI's own gated preview of GPT-5.6 Sol, Terra, and Luna, previewed just days before Fable 5's suspension for similar cyber-capability reasons.
What developers should do now
- Confirm access before you build. Fable 5 is back on Anthropic's own surfaces as of July 1, but cloud-partner availability (AWS, Google Cloud, Microsoft Foundry) may lag — check your specific platform's status page rather than assuming parity.1
- Expect more false positives on security-adjacent prompts. The new classifier is tuned to catch "fix this code"–style requests more aggressively. If your workflow involves vulnerability triage or debugging, budget for occasional fallback to Opus 4.8.1
- Track the usage-limit cutoff. The 50%-of-weekly-limit allowance for Pro, Max, Team, and select Enterprise plans runs only through July 7, 2026; plan for usage credits after that if you're on a subscription plan rather than the API.1
- Watch the jailbreak severity framework. If it's finalized, it could become a de facto industry standard for how quickly labs must respond to reported bypasses — worth tracking if you evaluate or red-team models professionally.1
- Don't assume model-specific "uplift" claims are unique. Anthropic's own testing found that most of the flagged capability was already reproducible on Opus, GPT, and Kimi models — a reminder that dual-use capability claims deserve scrutiny before they shape deployment decisions.1
- Have a fallback model in mind. If Fable 5's usage allowance runs out before you're ready to pay for credits, a cheaper option like the newly launched Claude Sonnet 5 can cover many agentic coding workflows at a fraction of the cost.
The Bottom Line
Claude Fable 5's 19-day suspension turned out to be less about a uniquely dangerous model and more about the absence of a shared, fast process for judging AI jailbreak severity — a gap even the government's own voluntary framework under Executive Order 14409 didn't fill in this case, since the export control directive that grounded Fable 5 operated entirely outside it. The classifier fix and the pricing are unchanged; what's actually new is the four-part severity framework Anthropic is building with Amazon, Microsoft, and Google, and a public bug bounty for the exact kind of jailbreak that triggered this shutdown. If a consensus standard emerges from it, this episode may be remembered less for the model that got pulled than for the process it forced the industry to build.
Footnotes
-
Anthropic, "Redeploying Fable 5" (June 30, 2026). https://www.anthropic.com/news/redeploying-fable-5 ↩ ↩2 ↩3 ↩4 ↩5 ↩6 ↩7 ↩8 ↩9 ↩10 ↩11 ↩12 ↩13 ↩14 ↩15 ↩16 ↩17 ↩18 ↩19 ↩20 ↩21 ↩22 ↩23 ↩24 ↩25 ↩26 ↩27 ↩28 ↩29 ↩30 ↩31 ↩32 ↩33 ↩34 ↩35
-
MacRumors, "Anthropic's Claude Fable 5 Available Again After U.S. Lifts Export Controls" (July 1, 2026). https://www.macrumors.com/2026/07/01/anthropic-fable-5-relaunch/ ↩ ↩2 ↩3
-
Anthropic, "Statement on the US government directive to suspend access to Fable 5 and Mythos 5" (June 12, 2026). https://www.anthropic.com/news/fable-mythos-access ↩ ↩2 ↩3 ↩4 ↩5 ↩6 ↩7 ↩8 ↩9 ↩10 ↩11 ↩12
-
Anthropic, "Claude Fable 5 and Claude Mythos 5" (June 9, 2026). https://www.anthropic.com/news/claude-fable-5-mythos-5 ↩ ↩2 ↩3 ↩4 ↩5 ↩6
-
The Hacker News, "Anthropic Restores Claude Fable 5 After U.S. Lifts Jailbreak-Linked Export Controls" (July 1, 2026). https://thehackernews.com/2026/07/anthropic-restores-claude-fable-5-after.html ↩ ↩2 ↩3 ↩4
-
NIST, "Center for AI Standards and Innovation (CAISI)." https://www.nist.gov/caisi ↩
-
The White House, "Promoting Advanced Artificial Intelligence Innovation and Security," Executive Order 14409 (June 2, 2026). https://www.whitehouse.gov/presidential-actions/2026/06/promoting-advanced-artificial-intelligence-innovation-and-security/ ↩