A week ago, on this blog, we wrote about Claude Mythos and Project Glasswing. That post ended on a line I keep coming back to. The defenders got a head start, and the head start has a clock on it.
I did not expect the clock to run out in three days.
On 12 June the US government issued an emergency export-control directive, and Anthropic pulled Claude Fable 5 and Mythos 5 offline. Worldwide. Seventy-two hours after Fable 5 went on sale as the most capable model the public had ever been handed. Every customer, from a solo developer to an enterprise running it in production, was reverted to the older Opus 4.8 with no warning and no say.
This post is not really about export law, or jailbreaks, or who gets to hold the frontier. It is about a plainer question that landed on a lot of desks that Friday afternoon. What happens to your business when a tool you have built on disappears by someone else's decision?
What actually happened to Fable 5?
Anthropic launched Fable 5 on 9 June as a public, general-availability model. Three days later, after a serious security flaw was reported to Washington, the US Commerce Department ordered access suspended for every foreign national. Anthropic could not filter users by nationality in real time, so it shut the model down for everyone and routed all traffic back to Opus 4.8.
The trigger was a jailbreak. Two, in fact. A researcher published one in the open, and Anthropic argued it was minor. The one that mattered was found privately by Amazon, who proved the consumer model could be talked into the restricted cyber capabilities it was supposed to wall off. Amazon took the finding straight to the White House.
What followed moved fast.
| When | What happened |
|---|---|
| 9 June | Fable 5 launches publicly, built on the same Mythos-class architecture as the restricted cyber model. |
| 10–11 June | A public jailbreak and a more serious private one, found by Amazon, expose the model's locked capabilities. |
| 12 June, midday | Washington gives Anthropic an ultimatum: fix it or pull it. Anthropic declines, calling the flaw narrow. |
| 12 June, 5:21pm ET | Commerce issues an emergency directive banning foreign-national access. |
| 12 June, evening | Anthropic shuts both models down worldwide and reverts everyone to Opus 4.8. |
Were Fable and Mythos really the same model?
Yes. Fable 5, sold to the public, and Mythos 5, reserved for vetted security partners, ran on the exact same neural weights. The only thing separating the consumer model from the cyber-grade one was a layer of safety classifiers that blocked certain requests. Same engine, different permission slip.
When a blocked request came in, Fable 5 did not refuse. It quietly rerouted the query to the weaker Opus 4.8 mid-conversation. Anthropic also used the same machinery to silently block tasks that looked like a rival training off Fable's output, then had to apologise to developers days before the shutdown when the practice came to light. The whole safety story rested on classifiers catching the right requests. Researchers got past them within a day.
Why is the jailbreak the least important part?
Because the cause does not change the lesson. Whether the ban was a proportionate response to a real cyber-weapon, or a clumsy overreaction to a flaw common across the industry, the outcome for a business running Fable 5 was identical. A tool that worked on Thursday was gone on Friday, by a decision made in a room they were never in.
Sit with the timing. Fable 5 shipped with a million-token context window and the ability to run long, self-correcting tasks on its own. Exactly the sort of capability you wire deep into a workflow. Thousands of teams spent the launch weekend doing precisely that. Then the endpoint started returning errors, active jobs died mid-run, and there was nothing on the customer's side to fix. The off switch was never theirs to hold.
Was this a one-off, or a pattern?
No. This was the second time in three months Anthropic lost a market overnight. In March the US Department of Defense labelled the company a supply-chain risk after it declined certain military uses, and defence contractors lost access without notice. Different reason, same shape. Vendor access now moves with politics as much as uptime.
That is the part to internalise. For years we have assessed AI vendors on price, capability, and reliability, the things a status page measures. The Fable 5 shutdown adds a variable that no status page tracks: a government, a court, or a boardroom can revoke your access for reasons that have nothing to do with you. It belongs on the same list as the questions we set out in Agentic AI Security, because both are really about how much of your business you have handed to a system you do not control.
And as we covered in Mythos, Glasswing and what it means for NZ business, New Zealand already sits at the back of the queue for early access. This incident shows we sit near the front of the queue for disruption, and we have the least power to do anything about it.
What does model-agnostic actually mean?
It means no single AI provider is load-bearing in your system. The model sits behind a routing layer instead of being wired straight into your application. Swap one provider for another and it is a configuration change, the work of an afternoon. If a vendor raises prices, rewrites its terms, or vanishes by directive, the workflow keeps running on a fallback.
In practice that is three habits. Put an abstraction between your code and any model provider, so the provider is a setting and not an assumption. Keep a tested fallback ready, whether that is a second commercial API or a local open-weight model for the critical paths. And know your exit before you need it, because the time to plan a migration is not the afternoon the endpoint goes dark.
I want to be straight about this, because it is easy to oversell. Not every system can be made truly provider-neutral. The voice agents we build on Vapi and ElevenLabs carry real switching cost in the orchestration layer, and pretending otherwise would be selling you something. The principle still holds. You design new builds so the expensive parts do not assume one vendor will be there forever, and for anything genuinely critical you keep a way out that you have actually tested.
Local and sovereign open-weight models are the strongest version of that exit. They put the off switch in your own hands and keep your data onshore, which matters under the Privacy Act 2020. We dug into that trade in Privacy-First Wearable AI. The honest catch is that they trail the frontier on raw capability and ask for hardware and upkeep. For most businesses they earn their place as a fallback for the workflows that cannot stop, sitting underneath a frontier model that does the day-to-day work. This is what we mean by embedded, not bolted on. The intelligence lives inside the workflow, with a path that survives the vendor.
What does this look like from a New Zealand desk?
It means the switches that turn your AI on and off are thrown offshore, by governments and companies you have no relationship with. Nearly every NZ business runs its AI on American infrastructure, the same way it runs on Microsoft 365 and Xero. That has been a fair trade for years. Fable 5 is the first time the bill for it arrived as a sudden, total outage.
None of this argues for ripping out the tools that work. It argues for knowing where you are exposed. The same closed-loop thinking that keeps client data out of consumer chatbots, which we covered in AI in NZ Professional Services, applies to continuity. Map the dependency, then decide which parts of it deserve a backup.
What should you check before wiring AI into anything that matters?
Start with five questions. None of them are technical, and you do not need a security team to ask them. They are about continuity: what breaks if a vendor disappears, and how fast you recover. Run them before you sign, not after the endpoint returns errors.
Five questions before you wire AI into anything critical
1. What stops if this vendor disappears tomorrow?
Name the exact workflow and what it costs you per day while it is down. If you cannot answer, you do not yet know your exposure.
2. Is the model a setting, or an assumption?
Good sign: there is a layer between your application and the provider, and swapping models is a config change. Red flag: the vendor's name is hard-coded through your system.
3. What is the fallback, and has it been tested?
A fallback you have never run is a hope. It should be a second API or a local model you have actually switched to under load.
4. Where does your data go, and under whose law?
Know which country processes your data and which rules apply. For anything covered by the Privacy Act 2020, onshore or on-device options deserve a serious look.
5. Who owns continuity?
One named person should be responsible for knowing the dependencies and the exit plan. Shared ownership of this tends to mean nobody owns it.
The first question is the one that makes the rest easy. You cannot plan around a dependency you have never written down.
The deal has not changed as much as the headlines suggest. Use the best models, build on the best infrastructure, and keep a tested way out of each of them. Boring, and it is exactly the work that turns a Fable 5 weekend into a non-event.
If you want a hand mapping where your business depends on AI, and working out which of those paths needs a backup, get in touch. It is the kind of afternoon that pays for itself.
Frequently asked questions
Frequently asked questions
- Does the Fable 5 shutdown mean I should stop using Claude or American AI?
No. The lesson is about dependence. Use the best model for the job, and build so that if any single provider raises prices, changes terms, or goes offline, you can switch without rebuilding the system around it.
- Am I exposed if I just use Claude or ChatGPT through a chat window?
Casual use carries little operational risk. The exposure appears when a model is wired into a workflow your business runs on, such as call handling, claims triage, or dispatch. If that endpoint disappears, the workflow stops. That is the situation thousands of companies woke up to with Fable 5.
- Does running a local or open-weight model fix the problem?
It removes the off-switch risk, because nobody can revoke a model you host yourself. The trade is real. Local models sit behind the frontier on capability and need hardware and upkeep. For most NZ businesses they make sense as a fallback for critical paths, not a wholesale replacement.
- What does a model-agnostic build actually cost?
Some upfront design work and a routing layer between your application and the AI providers. It is a modest cost set against a rebuild after a shutdown, or a workflow that stops earning while you scramble for an alternative. You pay a little now to not pay a lot later.
- What is the first thing an NZ business should do about this?
Write down which parts of your business now depend on an AI vendor, and what happens to each one if that vendor disappears tomorrow. Most owners have never made that list. The afternoon it takes turns a vague worry into a short, fixable set of decisions.
Sources and further reading
- Anthropic: Statement on the US government directive to suspend access to Fable 5 and Mythos 5
- VentureBeat: Anthropic blocks all public access to Fable 5 and Mythos 5, and what enterprises should do
- TIME: Anthropic pulls its most powerful AI models after the US bars foreign access
- SecurityWeek: Anthropic disputes the Fable 5 jailbreak
- Semafor: White House move to limit Anthropic linked to concerns about Chinese access
- AWS: Claude Fable 5 on Amazon Bedrock