← Back to Blog
Domenic DiNatale ·
Why You Can't Use Anthropic's Best Models (and OpenAI's Still Work)

Why You Can't Use Anthropic's Best Models (and OpenAI's Still Work)

By Domenic DiNatale

If you tried to use Anthropic's Fable 5 this month and found it switched off, you are not doing anything wrong, and it is not a bug. On June 12, 2026, the U.S. government issued an export-control directive ordering Anthropic to suspend access to Fable 5 and its companion model Mythos 5 — for every customer, not just those in the United States. Anthropic complied, and models that hundreds of millions of people had been using went dark.

A lot of the coverage since has been loud and political. This is not that. The more useful exercise is to understand, in plain terms, why a government would reach for a switch this big, what you actually get by pulling it, what you give up — and what the whole episode should teach anyone whose business has quietly come to lean on a single AI provider.

What Actually Happened

Strip away the jargon and the sequence is simple. Government officials said they had found a way to "jailbreak" Fable 5 — to get it to do something it was designed not to do. Anthropic was shown a demonstration of the technique. By Anthropic's own account, the jailbreak was narrow and non-universal: it amounted to asking the model to read through a body of software code and point out flaws in it.

On the strength of that single demonstration — reportedly surfaced by outside researchers, and amid unconfirmed suspicions that a foreign group had gained access to the model — the government invoked national-security authorities and required the model to be taken offline. It did not publish the specific harm it was worried about. There was no public example of the jailbreak being used to cause real-world damage. There was a capability, a concern, and a directive. It was the first time the U.S. government had ever used an export-control directive against an AI company.

That is the whole story at the surface. The interesting part is the reasoning underneath it — on both sides.

Is It Just Anthropic? Yes — and That's the Strange Part

This is the question worth sitting with, because the answer is genuinely odd. The directive named one company. Anthropic's Fable 5 and Mythos 5 were switched off. OpenAI, Google, and the other major providers were not touched — their most capable models stayed online and available the entire time.

What makes that strange is that the capability the government objected to is not unique to Anthropic. Anthropic said as much directly: the level of capability shown in the jailbreak is widely available from other models, including OpenAI's GPT-5.5, and that the same technique could pull similar behavior out of other publicly available systems that are under no comparable restriction. In other words, the thing deemed too dangerous to leave running is, by the affected company's own account, still running everywhere else.

You do not need a theory of why one vendor was singled out to notice the practical consequence. Two companies can offer roughly the same capability, and a government action can land on one and not the other. For a business deciding what to build on, that asymmetry is the whole point — and we'll come back to it.

Why a Government Would Pull the Switch

Reading a codebase and spotting its weaknesses is a genuinely dual-use skill. In the hands of a security team, it is exactly what you want: find the flaw before an attacker does and fix it. In the hands of someone hunting for a way into a power grid, a bank, or a hospital, the same skill becomes a weapon. The capability does not change. Only the intent of the person using it does.

When a tool is dual-use and is available to anyone with an internet connection, a government's instinct is to ask a worst-case question: not "how is this usually used?" but "what is the most damage it could do, and who could do it?" A model that can scan software for vulnerabilities at machine speed, available to millions of people at once including those a country would rather not arm, is the kind of thing that makes a national-security office reach for the most decisive lever it has. Shutting the model off is blunt, immediate, and total. From a pure risk-avoidance standpoint, blunt and total is the point.

That is the honest case for restriction. A powerful capability, freely available, that could in principle help a hostile actor do real harm — and a government deciding it would rather absorb the cost of switching it off than find out.

What Shutting It Down Actually Costs

The case on the other side is just as real, and it is mostly about proportion.

First, the capability did not disappear; only this model did. As noted above, the ability to read code and flag weaknesses is available from other models that stayed online, and it is used every single day by the defenders who keep systems running. Turn off one company's model and the genuine attackers still have other tools. The people most affected are the legitimate users who were relying on the one that went dark.

Second, the trigger was narrow. The standard being applied — that the discovery of one non-universal jailbreak, with no demonstrated harmful result, justifies recalling a model used by hundreds of millions — is a very low bar. Apply that bar evenly and you would struggle to keep any frontier model online, from any provider, because a determined researcher can eventually find some narrow edge case in all of them. A rule that would shut down everything is not really a rule about Fable 5. It is a rule about whether advanced models can be deployed at all.

Third, there is a quieter cost. Security is built in layers — Anthropic calls it defense in depth — precisely because no single safeguard is ever perfect. The expectation built into that approach is that you respond to a narrow weakness by strengthening the layers, not by demolishing the building. When the response to any imperfection is total shutdown, you remove the incentive to deploy carefully and improve in the open, and you push capability toward the places that answer to no directive at all.

So the ledger is genuinely two-sided. Full, unrestricted access to a capable model means a powerful dual-use tool is available to bad actors as well as good ones. Shutting it down removes a tool defenders depend on, does little to stop attackers who have alternatives, and sets a precedent that could freeze the whole field. Reasonable people can weigh those differently. What no one should pretend is that either side is free.

The Part That Actually Concerns Your Business

Here is where I want to pull this back from policy and onto the ground where most of us work.

Notice what didn't happen in this story. No business that depended on Fable 5 was consulted. No customer did anything wrong. No contract was breached. A capability that companies had built workflows, products, and expectations around simply became unavailable, overnight, because of a decision made between a government and a vendor — a room none of those companies were in.

That is the lesson worth keeping, long after this particular model comes back or doesn't. If your product, your operations, or your team's daily work depends on one specific model from one specific vendor, you have a single point of failure that you do not control and cannot fix. It does not matter whether the switch gets flipped by an export-control directive, a pricing change, a deprecation notice, an outage, or a policy update. The effect on you is identical: the thing you were counting on is gone, and you had no vote.

We have written before that your dependencies are your attack surface and that the goal is designing systems that fail well. An AI vendor is a dependency like any other, and this month it failed in a way most teams never modeled: not slow, not buggy, just off, by order. The teams that felt this as an inconvenience rather than a crisis were the ones who had treated the model as a replaceable component instead of a foundation.

The asymmetry makes this concrete. The same capability stayed available from other providers throughout — so the teams that had wired in a second vendor barely felt the outage, while the teams hard-wired to Anthropic alone were simply stuck. The difference between those two outcomes was not luck. It was architecture.

In practice that means a few unglamorous habits. Put a layer of your own between your application and any model, so that swapping providers is a configuration change and not a rewrite. Keep a fallback model from a different vendor qualified and ready, even if it is a little worse, so "the primary is unavailable" degrades your service instead of ending it. Know which parts of your business would actually stop if a given model vanished tomorrow, and decide in advance which of those are acceptable risks and which need a backup. None of this is exotic. It is the same resilience thinking that has always separated systems that wobble from systems that fall over — applied to a dependency that, until recently, few people thought could be switched off by anyone.

The Takeaway

Why can't you use Anthropic's best models? Because a government decided the risk of leaving a capable, dual-use model freely available outweighed the cost of taking it offline, had the authority to make that call stick, and applied it to one vendor while leaving its competitors running. Whether that was the right trade is a fair debate, and a genuinely two-sided one.

But the more durable point has nothing to do with who was right. It is that the availability of the tools you build on is not entirely yours to control — and the businesses that come through moments like this in good shape are the ones that planned for the switch to be flipped before anyone reached for it.

Read more on building and operating intelligent systems on the Intellitech blog.

artificial intelligence ai policy large language models vendor risk business continuity