When Anthropic released Claude Fable 5 on June 9, the company presented it as a new kind of high-powered artificial intelligence system: capable enough to help with advanced cybersecurity tasks but wrapped in safeguards meant to keep users from turning those same abilities toward attacks.
Just days later, Fable 5 was offline.
Citing national security concerns, the Trump administration ordered Anthropic to suspend foreign nationals’ access to Fable 5 and Mythos 5, a closely related version with some safeguards lifted. Anthropic responded by disabling the models for all customers; the company said the order applied to any foreign national, whether inside the country or not, including those who are Anthropic employees.
On supporting science journalism
If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.
The move exposes a difficult trade-off at the center of AI security. The administration is trying to stop powerful models from being used by hostile actors, but the same systems are also becoming tools for defenders trying to find and fix weaknesses before attackers exploit them. If the most capable AI systems can be withdrawn overnight by political order, the result may not be a safer Internet but a more fragmented one, where companies and critical infrastructure providers, especially outside the U.S., are pushed toward weaker tools, rival Chinese systems or workarounds that are harder to monitor.
Two recent cases show what defenders stand to lose. Mozilla has said its Firefox team used Claude Mythos Preview to identify 271 vulnerabilities that were later fixed in Firefox 150, and that earlier work with Anthropic’s Opus 4.6 helped uncover 22 security-sensitive bugs in Firefox 148. Cloudflare has also said it tested Mythos against live code in critical parts of its infrastructure, where the model could chain lower-severity bugs and generate proof-of-concept code to test whether those vulnerabilities were exploitable.
Peter Swire, a professor at the School of Cybersecurity and Privacy at the Georgia Institute of Technology and a former adviser to the Clinton and Obama administrations, says Anthropic’s broader shutdown may have been precisely the outcome the Trump administration wanted. Although the order was framed as an export-control action aimed at foreign nationals, the company responded by pulling the models for everyone. “The administration used the legal tool of export controls, but their real goal was to block use by everyone, Americans included,” Swire says.
Swire sees an analogue in the 1990s fight over encryption. In the early part of that decade, U.S. rules treated encryption products as munitions and tightly restricted their export. The result was an awkward split between what could be used domestically and what could be shared abroad, before the Clinton administration loosened many of those controls later in the decade.
Cybersecurity leaders are now making a related argument about AI. In an open letter, dozens of cybersecurity experts and executives urged the government to lift the restrictions. Cutting off access, they argued, could slow the people trying to find and fix software flaws before hackers exploit them.
They have a point, Swire argues. “Going forward, banks and other critical infrastructure should be using the best AI to scan their own systems for defensive purposes,” he says. And despite the Trump administration’s “America First” policy, blocking access outside the U.S. could also harm the nation’s security. “The U.S. hurts its own national security if the critical infrastructure of U.S. allies is undermined due to blockage of the best tools for defenders, so we end up in a less safe place,” Swire says.
In interconnected financial and software systems, a vulnerability in an overseas partner does not remain a foreign problem for long. Modern corporate networks, financial systems and software supply chains are interdependent, and attackers can enter U.S. systems through a weaker partner abroad and then move laterally.
“If major European banks go down, that hurts the United States,” Swire says. “U.S. cybersecurity defense depends on effective protections for all of their counterparties, many of whom are outside of the United States.”
Alan Woodward, a professor of cybersecurity at the University of Surrey in England, says the restriction is a “very blunt instrument.” Anthropic has emphasized the power of its “Mythos-class” models, but Woodward says that message may now be working against the company.
Woodward worries about the signal the restriction sends. “What they are going to do, of course, is put people off relying on U.S. companies,” he says. “My fear, then, is that the Chinese will storm in—and they already are, which we saw happen with DeepSeek—and they’ll capture the market, and they’ll be controlling our use of it in a very different way.”
The question for Washington is whether it has made the dangerous use harder—or simply made legitimate defense slower. As Woodward says, if you have an outright ban on something, “you effectively do lose control of it, because people will find other ways around it.”
