Decoding the world of cybersecurity

Anthropic suspension exposes AI dependency

A US directive forced Anthropic to suspend access to Fable 5 and Mythos 5 for foreign nationals, exposing dependency risk around frontier AI security tools.

Anthropic suspension exposes AI dependency
Summary
  • Anthropic says a US export control directive required it to suspend access to Fable 5 and Mythos 5 by foreign nationals.
  • The company disabled access for all customers to ensure compliance, while other Anthropic models were unaffected.
  • The case exposes foreign policy, supplier concentration, AI security, and European sovereignty risk.

Anthropic says a US government export control directive forced it to suspend access to its Fable 5 and Mythos 5 models by foreign nationals, exposing a dependency risk for organisations building security and software workflows around frontier AI systems.

The company said the directive required suspension of all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign-national Anthropic employees. Anthropic said the practical effect was that it had to disable the two models for all customers to ensure compliance. Access to other Anthropic models was not affected.

Anthropic said the directive cited national security authorities but did not provide specific details of the concern. The company said it understood the government believed it had become aware of a method for bypassing, or jailbreaking, Fable 5. Anthropic said it reviewed a demonstration of the technique and that the identified vulnerabilities appeared to be previously known and minor. It also said other publicly available models could discover them without requiring a bypass.

The company confirmed that it is complying with the legal directive while disputing the proportionality of the action. It said a narrow potential jailbreak should not justify recalling a commercial model deployed to customers, and warned that applying such a standard across the industry could halt new model deployments by frontier providers.

The immediate operational effect is model access disruption. Organisations adopting advanced AI for secure development, vulnerability discovery, code review, malware analysis, threat modelling, red teaming, and defensive automation depend not only on model capability but also on the legal and political environment governing the provider.

That dependency has direct relevance for UK and European users of US-headquartered AI services. Security workflows can be built around a model, its interfaces, its performance profile, and its integration into development or operations processes. Access can still change quickly because of legal directives outside the customer’s jurisdiction.

Security adoption of frontier AI sits inside a difficult policy environment. More capable models may improve defensive testing, secure development, vulnerability triage, and code assurance, while the same capabilities raise misuse concerns. Governments are beginning to decide whether some frontier cyber capabilities should be treated not only as software services but as controlled strategic technologies.

The Fable and Mythos suspension turns that policy choice into a procurement and resilience issue. Enterprises using AI in security operations need to understand which model functions are critical, what alternatives exist, how workflows degrade if access is removed, and whether sensitive code or system information can be moved between providers without creating new exposure.

European discussions about digital sovereignty have often focused on cloud hosting, telecoms, data access, and semiconductor supply. Frontier AI security tooling belongs in the same frame. Dependency is not only about where data is stored. It also concerns who can withdraw access, which legal regime controls high-capability models, and how quickly organisations can move if the service changes.

The suspension does not remove the case for using advanced AI in cyber defence, but it does place continuity planning around model access, contractual notice, export controls, foreign-national restrictions, data portability, audit trails, and fallback tooling closer to the centre of AI security governance.

×