They Built the Safest AI. Three Days Later It Was Switched Off.

On Friday afternoon, at 5:21pm US Eastern time, the most capable artificial intelligence the public could buy was switched off. Not throttled. Not patched. Switched off — for every customer on earth — three days after it launched.

The model was Claude Fable 5. The order came from the US Commerce Department, citing national security. And here is the part that should make every business owner sit up: the order was aimed at "foreign nationals". That phrase, in a US export-control letter, means everyone who isn't American — which is to say, you, me, and every Australian business that had quietly started building on it.

Full disclosure before we go further: we build on these models at Jordan James Media. That's not a reason to look away from this story. It's the reason we can't. When a government can switch off a tool your business runs on, over a weekend, for reasons it won't show anyone, that stops being someone else's policy debate and becomes your supply chain. This is the story of what happened, the questions nobody in power has answered, and what it means if you've bet any part of your operation on AI you don't own.

A timeline of the three days that switched off the world's best AI

Strip out the noise and the sequence is stark. Anthropic — the company behind Claude — spent the spring publicly warning that its most powerful model class was dangerous. It previewed a model called Mythos in April and told government officials it raised the risk of large-scale cyberattacks. It then spent months building guardrails so a version of it could be released safely.

On June 9, that safer version — Fable 5 — went on sale to the public. Three days later, on June 12 at 5:21pm ET, Commerce Secretary Howard Lutnick sent Anthropic CEO Dario Amodei an export-control directive subjecting both Fable 5 and the restricted Mythos 5 to licensing for any "foreign national". Within hours, Anthropic disabled both models worldwide — every customer, everywhere — because it could not reliably separate foreign users from American ones in real time. Every other Claude model stayed online. (CNBC and Bloomberg Law confirm the scope.)

This is a developing story, and details are still moving. But the bones above are confirmed across the company's own statement and multiple independent newsrooms. Hold them in mind, because the questions that follow all hang off them.

The Richard Jewell question

Here's the framing I can't shake, and I'll flag up front that it's my analogy, not a label any outlet used.

Richard Jewell was the security guard at the 1996 Atlanta Olympics who found a backpack full of pipe bombs, raised the alarm, and cleared people away from the blast. He saved lives. And then, precisely because he was the man closest to the bomb, the FBI and the press turned him into their prime suspect. The person who did the responsible thing got punished for being near the danger he helped contain.

Now look at Anthropic. It is the lab that built its brand on safety. It publicly flagged that this model class was dangerous. It shipped heavier guardrails than anything it had released before, and it red-teamed them alongside the US government, the UK's AI Security Institute and outside teams for thousands of hours before launch. Then the very government it had been cooperating with switched the product off. TechCrunch put it bluntly: the safety warnings may have backfired.

Whether that makes this a true Richard Jewell story is the question this whole piece is really chewing on. To answer it honestly, you have to take the government's case seriously too — and we will. But first, the four things that don't add up.

AI-generated

There was no test

Start with the most basic question you'd ask before pulling any product off the market: what was the measurement?

There wasn't one you can see. By Anthropic's account, the government provided only "verbal evidence" of a "narrow, non-universal jailbreak" — getting the model to read a specific codebase and flag software flaws, which surfaced a handful of already-known, minor vulnerabilities. The directive letter, confirmed by four independent newsrooms, "did not provide specific details of its national security concern". No benchmark. No published red-team result. No measurable harm threshold. No number.

Think about what that means in any other regulated industry. You don't pull a drug, ground an aircraft, or recall a car on a phone call and a vibe. There's a test, a standard, a documented finding you can argue with. Here there is a deployed product used by hundreds of millions of people, switched off, and the public cannot see the thing it was switched off for. You're asked to trust that the line was crossed without being shown where the line is.

Nothing actually happened — yet

The second question is even simpler: did something break?

No. There is no documented real-world harm anywhere in the public record. No breach, no attack, no exploited system traced to Fable 5. What triggered the action, according to Axios — citing a single administration official — was that another company claimed it could jailbreak the model. That company has not been named anywhere, the claim is relayed second-hand through one outlet, and it doesn't appear in Anthropic's own account of the order. Treat it as exactly what it is: an unconfirmed claim about a capability, not a report of damage done.

The genuinely scary numbers floating around — autonomous discovery of zero-day vulnerabilities, exploit-chaining — come from Anthropic's own April disclosure about the raw Mythos model, the one it deliberately kept locked down. They are the reason the guardrails on Fable 5 exist. They are not evidence of a June incident. Acting before a catastrophe can be wise. But "we acted on a claim, with no measurement, before anything happened" is a very different posture from "we responded to an attack" — and the difference matters enormously when you're deciding whether the precedent is reasonable.

Why only them?

If Fable 5 is dangerous enough to switch off worldwide, the obvious follow-up is: why is it the only thing switched off?

Only Fable 5 and Mythos 5 were hit. Every other Claude model stayed live. No equivalent order was reported against OpenAI or Google — even though Anthropic argues the jailbreak capability in question is already "widely available from other models", including OpenAI's GPT-5.5. If the concern is a class of capability, the action doesn't match the concern. It lands on one company.

And it's not the first time this administration has landed on this company. Months earlier, the Pentagon designated Anthropic a "supply chain risk" and moved to cut it out of government work, after Anthropic refused to let its models be used for mass surveillance and autonomous lethal decisions. Anthropic sued in federal court; the administration denies any retaliation. I'm not going to assert a motive the record doesn't prove. But "only this company, again" is a pattern worth naming, not waving away. Anthropic's own warning is that if this standard were applied evenly, it "would essentially halt all new model deployments for all frontier model providers." A rule that would freeze the whole industry, applied to exactly one player, is either not really a rule or not really about the rule.

After this, who will tell you their AI is dangerous?

This is the question with the longest tail, and the one that should worry anyone who cares about AI being built carefully.

Anthropic's whole strategy was to be loud about risk — to publish the dangers, ship the safeguards, and invite the government in to test them. That openness is exactly what drew the scrutiny that pulled the product. OpenAI's Sam Altman had already mocked the posture as fear-based marketing: "We have built a bomb… we will sell you a bomb shelter." Days before the shutdown, Anthropic had also been caught quietly downgrading some responses without telling users, apologised — "we made the wrong tradeoff" — and promised to make those moments visible.

So sit in the seat of the next lab's executives. You can disclose your model's dangers and watch a competitor get switched off for doing exactly that. Or you can say less, test quietly, and ship. The Fable 5 episode just made the second option look a lot smarter. When transparency becomes the thing that gets you regulated and silence is the thing that gets you to market, you have built a system that punishes the honest. That is the opposite of what anyone says they want from AI safety, and it's the most damaging part of this whole affair.

Where is the line — and why can't we see it?

Pull the four threads together and they knot into one: there is no public line.

No published rule defines what capability, in what test, gets a deployed commercial model switched off. The only concrete proposal on the table is Anthropic's own — a call for FAA-style certification of frontier models, with defined risk categories and quantitative thresholds. That's a proposal, not law, and the June 12 action didn't use anything like it. It used export-control authority and a phone call.

A line you can't see isn't a line — it's discretion. And discretion applied to the infrastructure that a growing share of the economy now runs on is its own kind of risk, separate from anything an AI model might do. You can believe powerful AI needs hard limits (I do) and still insist those limits be written down, measured, and applied to everyone. Secret and selective is the worst of both worlds: it doesn't reliably stop the dangerous thing, and it does reliably teach builders to go quiet.

AI-generated

The case that the government got it right

I promised a fair hearing, so here it is, made as strongly as I can.

Anthropic itself spent the spring telling Washington this model class materially raised the odds of a large-scale cyberattack — alarming enough that senior economic officials reportedly convened banks over it. When the company that has been ringing the alarm then ships a public version, and within a day a well-known jailbreaker publicly claims to have stripped its guardrails, a national-security agency moving fast — before a demonstrated catastrophe — is a defensible call. You don't wait for the bridge to fall to close it. And the remedy, on paper, was narrow: two models, foreign-national access, framed as temporary while the security apparatus catches up. Governments are supposed to act on weapon-adjacent capability under uncertainty. That's the job.

It's a real argument, and if the line were public and applied evenly, I'd find it hard to fault. The problem isn't that the government acted. It's that it acted with no visible standard, on one company, on a claim rather than a measurement — and in doing so taught every lab that candour is a liability. You can take the threat completely seriously and still think this was the wrong way to handle it.

What this means if your business runs on AI

Step back from the politics, because here's the part that actually lands on your desk.

If you've built anything on a single AI model — a content engine, a support bot, an internal tool, a chunk of your delivery — you just watched that category of thing get switched off in an afternoon. Not by an outage you could wait out. By a government decision, aimed at a class of users that includes you, with no notice and no appeal. The model your funnel depends on is part of a supply chain that runs through a capital you don't vote in, governed by rules you can't read.

That's not a reason to abandon AI. We haven't, and we won't — the productivity is real and the businesses that use it well are pulling ahead. It's a reason to stop treating any one model as a permanent utility. Electricity doesn't get recalled by a foreign export office on a Friday. Your AI vendor can. Price that in.

AI-generated

What to do now

Five moves, in priority order, for any business leaning on AI — the resilient-by-design checklist we run ourselves:

The bottom line

So — was Fable 5 a Richard Jewell moment? Partly. The structural parallel holds: the most transparent player, the one cooperating most closely with the authorities, got punished hardest, and the lesson the rest of the industry takes away is to stay quiet. Where the analogy strains is that powerful AI genuinely can be dangerous in a way a falsely-accused security guard never was — the government's instinct to act isn't crazy.

But you don't need to resolve the analogy to take the warning. A deployed AI used by hundreds of millions was switched off worldwide, with no public test, no proven harm, no visible line, and a remedy that fell on one company. For any business, the takeaway is the same whether you side with Anthropic or with Washington: the AI you rent can be switched off overnight, by people you'll never meet, for reasons you'll never see. Build like that's true — because last Friday, it was.

If you want a marketing and operations stack that bends instead of breaking when a model disappears — one where the engine is swappable and the system is yours — that's the work we do. Have a look at AI application development and marketing automation, or talk to us about making your AI resilient by design.