Anthropic Restores Claude Fable 5

For 18 days, one of Anthropic's most capable AI models simply vanished. On June 12th, the U.S. Department of Commerce placed export controls on Claude Fable 5, barring any foreign national—including Anthropic's own non-citizen employees—from using it. With no reliable way to check the nationality of everyone typing into a chat box, Anthropic pulled the model worldwide. On July 1st, it came back.

What ended the standoff wasn't a sweeping overhaul. It was a single safety filter, narrowly tuned to block one technique. That small fix, and what it reveals about how governments and AI labs now negotiate access to frontier systems, is the part worth watching.

What actually happened

The trouble started when Amazon researchers found a way to prompt Fable 5 into identifying software vulnerabilities—weaknesses in code that attackers can abuse—and, in one case, writing code showing how such a flaw could be exploited. That prompted Commerce to impose export controls on Fable 5 and on Mythos 5, the more capable model it's built on.

Anthropic's response was to train a new classifier—a filter that recognizes a specific type of request—to catch the technique Amazon flagged. The company says it blocks that prompt in more than 99% of cases and reroutes flagged requests to an older model, Opus 4.8. Commerce's own Center for AI Standards and Innovation reviewed the safeguards before lifting the controls. Fable 5 is now returning across Claude.ai, the Claude Platform, Claude Code, and Claude Cowork, with cloud providers AWS, Google Cloud, and Microsoft Foundry to follow.

The filter blocks the prompt, not the ability

Here's the important nuance: the classifier targets the reported request, not the underlying capability. Fable 5 can still identify the vulnerabilities in Amazon's report—the filter simply detects the request and reroutes it rather than removing the skill from the model. As a side effect, the change also catches some harmless coding and debugging requests.

That design has an obvious limit. Detection-based safeguards are exactly what were defeated to trigger the ban in the first place. A filter tuned to one known technique does nothing for techniques nobody has found yet. Anthropic concedes as much, acknowledging that no model can be made fully resistant to jailbreaks—attempts to trick a model into ignoring its safety rules—and that it expects more to surface.

Why the capability may have been oversold

A joint review by Anthropic, the government, and Amazon complicates the case for singling out these models. It found that Opus 4.8, OpenAI's GPT-5.5, and China's Kimi K2.7 could all identify the same vulnerabilities. Every model tested—including Haiku 4.5, Sonnet 4.6, and several Opus versions—could reproduce the single exploit demonstration. In other words, the cyber capabilities that justified the controls appear to be widespread across the field, not unique to Mythos-class systems.

The offline period carried a competitive cost, too. While Fable was gone, Chinese lab Z.ai's GLM-5.2 held top benchmark positions by default, including the leading accessible score on the AA-Briefcase multi-week task test. Fable 5's return reclaims those spots. Mythos 5, which carries fewer guardrails and stays limited to Project Glasswing partners, went back to a set of U.S. organizations on June 26th.

What's next

Anthropic has opened a HackerOne program inviting outside researchers to report new Fable 5 jailbreaks, and it committed to giving designated government partners earlier access to test future frontier models before public release. That last point may be the most consequential: a precedent for pre-release government review of powerful models.

The episode shows how quickly a single flagged prompt can pull a model off the global market—and how a narrow fix can put it back. But the deeper question lingers. If the risky capability is common across today's leading models and no filter fully stops jailbreaks, export controls aimed at one model may prove a blunt tool for a problem that lives across the whole industry.