Threat Intelligence Bullish 7

Amazon Found Fable 5 Bypass; Mythos 5 Still Restricted to 30% of U.S. Orgs

· 5 min read · Verified by 2 sources ·
Share

Key Takeaways

  • The Trump administration lifted bans on Anthropic's Claude models after a cybersecurity alert from Amazon researchers, but the most powerful model remains under tight federal control.
  • This incident underscores AI's growing role as a zero-day discovery engine and signals a new tiered access regime for national security.

Mentioned

Anthropic company Claude Fable 5 product Mythos 5 product Amazon company AMZN Commerce Department government agency OpenAI company GPT-5.6 Sol product Trump Administration government

Key Intelligence

Key Facts

  1. 1The Commerce Department blocked foreign nationals from using Anthropic's Claude Fable 5 and Mythos 5 on June 12, forcing a global takedown just days after launch.
  2. 2Amazon cybersecurity researchers found a method to bypass Fable 5's safeguards, enabling the model to discover and potentially exploit software vulnerabilities.
  3. 3Fable 5 is now widely available again, but Mythos 5 remains restricted to a select group of U.S.-based organizations approved by the federal government.
  4. 4OpenAI simultaneously restricted its new GPT-5.6 Sol to a temporary pool of government-vetted customers at the administration's request.
  5. 5President Trump signed an AI oversight executive order last month establishing a voluntary 30-day review framework for advanced AI systems' national security risks.
  6. 6Anthropic had previously warned that its Mythos model was adept at finding software flaws that could be weaponized against critical computer networks.

had found a method of bypassing Fable 5's safeguards that enabled it to discover and potentially exploit software vulnerabilities.

Anthropic Spokesperson Company Statement

Blog post explaining the reasoning behind the government ban

AI Cybersecurity Risk Outlook

Analysis

For cybersecurity professionals, the temporary freeze and partial thaw of Anthropic's Claude models is more than a regulatory drama: it is a real-world stress test of AI's offensive cyber capabilities. The discovery by Amazon researchers that Fable 5's safeguards could be bypassed to find and exploit software vulnerabilities transforms frontier models from abstract risks into concrete tools that adversaries could wield against critical infrastructure. With Mythos 5—expressly noted for its vulnerability-finding prowess—still restricted to a government-vetted pool, defenders must now operate under the assumption that AI-accelerated attacks are not a future scenario but a present danger.

The Trump administration's lifting of restrictions on Anthropic's Claude models marks a significant pivot in the uneasy dance between AI innovation and national security. On June 12, the Commerce Department had blocked foreign nationals from accessing the company's latest models—Claude Fable 5 and the more potent Mythos 5—after cybersecurity researchers at Amazon, Anthropic's primary cloud provider, found a method to bypass Fable 5's safeguards. The exploit allowed the AI to discover and potentially exploit software vulnerabilities, a capability that authorities feared could be weaponized by malicious actors against critical infrastructure.

The Trump administration's lifting of restrictions on Anthropic's Claude models marks a significant pivot in the uneasy dance between AI innovation and national security.

Now, weeks later, the administration has relented, albeit conditionally. Fable 5 is once again widely available, but Mythos 5 remains tightly restricted: only a hand-picked group of U.S.-based organizations approved by the federal government gain access. This graduated approach reflects a broader recalibration in how the U.S. evaluates frontier AI. The timing is notable: just last month, President Trump signed an executive order establishing a framework for the federal government to review the national security risks of the most advanced AI systems for up to 30 days before their public release. While participation is technically voluntary, the dual-track reinstatement of Anthropic's models—and the simultaneous announcement that OpenAI will restrict its own GPT-5.6 Sol to a similar government-vetted pool—suggests the framework is already exerting coercive pressure.

The immediate catalyst, the Amazon cybersecurity report, underscores a critical vulnerability residing not in the models themselves but in the safeguards meant to contain them. Bypassing Fable 5's guardrails essentially made it a zero-day discovery engine. The potential for abuse is stark: a state-sponsored group could use a model like Mythos 5 to scan power-grid software, communication protocols, or financial systems, identifying entry points far faster than human teams. This is precisely why the administration's initial reaction was a blanket ban on foreign access. The targeting of foreign nationals—a blunt instrument—highlighted the administration's preoccupation with preventing model weights or outputs from leaking to rival states, a concern amplified by Anthropic's own earlier warnings that Mythos was adept at finding software flaws.

The partial lift now signals that the 30-day review window, still under development, has produced some level of reassurance. For Fable 5, the government appears satisfied that the safeguard bypass has been patched or that the model's capabilities do not meet a catastrophic threshold. Mythos 5, however, remains in a liminal state, accessible only to U.S. entities vetted by the government. This hints at a tiered classification system emerging: models with high but not extreme offensive potential can be released widely; those with the power to systematically undermine cybersecurity at scale require ongoing surveillance.

For the cybersecurity industry, this episode injects new urgency into the conversation around AI red-teaming and automated vulnerability discovery. It underscores that external safety evals—especially from a model's own cloud provider—are becoming a prerequisite for government approval. Amazon's role here is pivotal; it acted as a de facto auditor, perhaps unintentionally setting a precedent that cloud hyperscalers could be compelled to police the AI workloads running on their infrastructure. This could strain commercial relationships and raise antitrust questions, even as it creates a de facto security layer.

What to Watch

The implications for enterprise security teams are immediate. If models like Mythos 5 can be accessed by an adversary even under restricted conditions, defenders must assume that software flaws discoverable by AI will be found and exploited within hours, not weeks. The patch-response window is shrinking. Organizations that rely on frameworks like CVSS for prioritization may need to adopt AI-informed threat models, where models themselves simulate attack paths. Conversely, the restricted-access approach could create a dual-use AI ecosystem where U.S.-allied entities gain an asymmetric advantage in vulnerability discovery, setting off a cyber arms race.

Looking ahead, the story is far from over. The executive order's review framework remains a work in progress, and its voluntary nature could crumble if companies feel the administration has overstepped. Anthropic's decision to comply with the Commerce Department's ban so rapidly—bringing down the products for all users—shows a willingness to cooperate that may be tested as restrictions tighten. OpenAI's parallel move with GPT-5.6 Sol suggests a de facto licensing regime is already forming. The cyber community will be watching closely to see whether these controls actually reduce the risk of AI-enabled attacks or simply drive capable models into the shadows, where they can be used without oversight. The next frontier: international coordination, as the U.S. alone cannot prevent a model developed overseas from being unleashed on American networks. The temporary nature of the current peace, with Fable 5 free but Mythos 5 still caged, ensures that the debate over AI and cybersecurity will only intensify.

Timeline

Timeline

  1. Commerce Department Blocks Foreign Access

  2. Restrictions Lifted, Access Restored

Sources

Sources

Based on 2 source articles

From the Network

How we covered this story

Every story in our cybersecurity coverage is assembled from multiple primary sources, cross-referenced for factual consistency, and scored along three independent dimensions: sentiment, operational impact, and source-cluster confidence. Single-source rumors and unverifiable claims do not pass our editorial gate. When a story shows "Verified by N sources" with N≥2, the development is independently corroborated; when N=1, we mark it explicitly so readers can weigh the signal accordingly.

Impact scoring uses a 1-10 scale weighted toward regulatory, financial, and operational consequence rather than coverage volume. A topic that runs in every outlet but moves no real decisions ranks lower than a niche regulatory filing that reshapes how operators in the cybersecurity space have to behave. Read our full methodology for the scoring rubric, our glossary for term definitions, and our trends index for the longitudinal view across the beat.