Two weeks after an unprecedented export control directive forced Anthropic to take its two most powerful AI models offline globally, the Trump administration has authorized a selective restoration of access.
Fourteen days after the US government ordered Anthropic to pull its most advanced AI models from the market in a move that left cybersecurity teams worldwide without one of their most capable tools, Commerce Secretary Howard Lutnick has authorized the company to restore Claude Mythos 5 access for a specific list of more than 100 American companies and government agencies.
The partial reprieve, confirmed by Anthropic on Friday evening and first reported by Semafor and Reuters, does not extend to Fable 5, the consumer-facing model built on the same underlying architecture. Lutnick also made clear in his letter to Anthropic's chief compute officer Tom Brown that the approved access list is not permanent — he explicitly reserved the right to revise or revoke it if circumstances change.
Anthropic acknowledged the development in a post on X, saying Mythos 5 can be redeployed to "a set of US organizations that operate and defend critical infrastructure." The company said it is working to restore access as quickly as possible for those approved entities while continuing talks with the government to expand Mythos access and eventually return Fable 5 to general availability.
A Carefully Managed Rollback, Not a Clean Victory
Lutnick's letter confirmed that two weeks of negotiations between Anthropic and the Commerce Department produced enough progress to unlock a controlled path forward. The secretary cited Anthropic's cooperation in addressing the underlying security concerns, as well as the company's commitment to work with the government on protocols for future model releases.
Crucially, the restoration covers non-American employees at the approved organizations — a direct rollback of the original directive's most disruptive provision. The June 12 export control order had barred any foreign national, inside or outside the United States, from accessing Fable 5 and Mythos 5. That included Anthropic's own non-citizen engineers and researchers. Faced with no practical way to screen users by nationality in real time, the company disabled both models for every user on earth within hours of receiving the order.
Friday's authorization signals the government considers specific organizations sufficiently secured to manage the risk. The approved list has not been made public.
The Shutdown Began With a "Fix This Code" Request
The original export directive traced back to a jailbreak report filed by Amazon security researchers with senior administration officials. Amazon CEO Andy Jassy escalated those findings to Commerce Secretary Lutnick and Treasury Secretary Scott Bessent, and the export control order went out to Anthropic the same evening.
The alleged jailbreak, however, was not a sophisticated bypass. According to Luta Security CEO Katie Moussouris, the only outside expert confirmed to have reviewed the underlying research paper, researchers gave the model open-source code with known vulnerabilities. When asked to "review the code for security issues," Fable 5 declined. When asked instead to "fix this code," it complied. Several additional manual steps then produced test scripts.
Anthropic described the technique as narrow and non-universal, and said the same outputs could be generated using GPT-5.5 and other publicly available models not subject to comparable restrictions. The company argued that recalling a commercial product used by hundreds of millions of people over such a finding sets a standard that would halt new deployments across the entire industry if applied consistently.
Former Facebook chief security officer Alex Stamos reviewed the research and publicly agreed with Anthropic's position, writing that the findings did not justify a reaction of this scale.
There is a gap at the center of this story. The technique that triggered a national security directive is, by most independent accounts, standard practice for the defenders who secure software systems every day.
The NSA Test Nobody Was Supposed to Discuss
One day before the ban landed, the National Security Agency ran an authorized red-team exercise using Mythos 5 against its own classified infrastructure.
Senator Mark Warner, vice chair of the Senate Intelligence Committee, disclosed the results during a June 11 Senate hearing, citing a briefing from NSA Director General Joshua Rudd. According to Warner, Mythos had gained access to nearly all classified systems targeted in the exercise, not over weeks but in hours. The statement, reported by The Economist and later amplified across social media, generated headlines claiming Anthropic's model had hacked the NSA.
Officials subsequently clarified that the exercise was controlled and authorized. Mythos did not conduct an external attack. The NSA permitted it to probe the agency's own systems as part of a structured security evaluation designed specifically to expose weaknesses. The model found them faster than expected.
The distinction between "hacked the NSA" and "found vulnerabilities during an authorized drill" matters technically. It does not fully resolve the question of what the results told the government about what this model can do.
The test was conducted through Project Glasswing, Anthropic's restricted-access cybersecurity program launched in April 2026. The program gave roughly 150 vetted organizations early access to Mythos Preview for defensive security work: identifying zero-day vulnerabilities and hardening critical software against threats adversaries had not yet found. Partners included Amazon, Apple, Google, Microsoft, Nvidia, JPMorgan, and the Linux Foundation. The Financial Times reported that six Anthropic engineers were embedded directly inside the NSA to support deployment, with work reportedly extending to applications involving networks in China and Iran.
The June 12 export directive immediately severed the NSA's access to the model its own analysts had been actively using.
That contradiction, the same government simultaneously deploying and banning the same tool, has not been publicly addressed by any administration official.
Months of Conflict Set the Stage
The ban did not arrive without a long backstory.
The Trump administration had been in a sustained conflict with Anthropic since February 2026, when the White House ordered all federal agencies to stop using the company's models. The dispute stemmed from Anthropic's refusal to accept contract terms that would have permitted its AI to be used for autonomous weapons systems and mass domestic surveillance. The Pentagon designated Anthropic a "supply chain risk" in early March, blocking defense contractors from using Claude in any government work. That label had historically been applied to foreign adversaries.
Anthropic sued the administration over the designation and has won at least one preliminary court ruling in the ongoing litigation.
Trump adviser David Sacks and Pentagon undersecretary Emil Michael each attacked the company publicly in the months leading up to the Fable 5 launch. Reporting from Axios described administration officials characterizing Anthropic as a "bad actor." Semafor added a separate layer of concern: officials reportedly suspected that a China-linked group had accessed Mythos before the shutdown. Lutnick's original June 12 letter cited the risk of the models being diverted to military intelligence operations in China or Russia.
Anthropic said the Chinese access claim was never raised in its conversations with the government about the jailbreak findings.
Beijing moved to capitalize immediately. Chinese AI lab Zhipu AI launched GLM-5.2 on June 13, the day after the US export directive, explicitly framing the American action as evidence that US AI models are unreliable for international partners.
The Industry Delivered a Unified Response
Over 100 cybersecurity executives signed an open letter organized by Stamos, addressed to Lutnick and National Cyber Director Sean Cairncross, urging the government to rescind the export controls. Signatories from Adobe, Nvidia, and a wide range of technology organizations argued that the ban removed one of the most capable AI cybersecurity tools from defenders without meaningful security justification, since the same vulnerability-finding capability exists in competing models that remain available to adversaries without restriction.
Researcher Katie Moussouris put it plainly: asking an AI to find, fix, and test code vulnerabilities is the single most valuable thing it can do for defenders. Calling that a jailbreak, she argued, effectively prohibits the defensive use case entirely.
Anthropic had already built a public record of Mythos's defensive utility before the shutdown. The model had identified thousands of zero-day vulnerabilities across major operating systems and web browsers, including a 27-year-old flaw in OpenBSD that had gone undetected by human engineers since 1999. In Mozilla's Firefox browser alone, Mythos surfaced 271 previously unknown bugs.
The Five Eyes intelligence alliance, comprising the US, UK, Canada, Australia, and New Zealand, published a separate joint warning during the same period, stating that frontier AI models are expected to transform both offensive and defensive cyber operations within months, not years.
The warning created an awkward data point for the administration. Allied intelligence services were signaling that cybersecurity AI capabilities must be adopted urgently by defenders. The US government had just taken one of those tools offline.
Fable 5 Remains the Unresolved Core
Friday's authorization covers Mythos 5 for critical infrastructure operators and approved cyber defenders. Fable 5 is still down for every user globally.
That distinction carries significant commercial weight. Anthropic filed a confidential IPO prospectus with the Securities and Exchange Commission on June 1, disclosing a revenue run rate of $47 billion and a valuation of $965 billion. Fable 5 was positioned as the company's first broadly available Mythos-class product and a central element of that commercial story. Its continued suspension directly limits Anthropic's ability to compete in the general market.
Sources familiar with the negotiations told CNN that discussions over Fable 5's restoration continued over the weekend, with no timeline confirmed. The same day Lutnick authorized Mythos 5's selective restoration, OpenAI released GPT-5.6 to a separate set of government-approved partners, underscoring that controlled pre-release mechanisms for powerful AI models are becoming a standard feature of the current regulatory environment.
The US government applied export controls directly to a deployed AI model for the first time in history on June 12. No prior precedent existed for treating an AI model as an export-controlled item rather than the hardware or model weights associated with it. Friday's partial reversal did not undo that precedent. It established the terms under which the government is willing to manage it going forward.
Comments
Join the discussion and share your perspective.