A single ban, three phone calls, an uncontrollable narrative: Anthropic's darkest 24 hours
- Core Insight: The U.S. Department of Commerce forced Anthropic to take its latest models, Fable 5 and Mythos 5, offline due to exploitable safety guardrails that could be bypassed, leveraging export controls. This incident exposes the complex and conflicting interests among AI companies, the government, and cloud providers, elevating model safety from a technical process to a matter of national security governance.
- Key Elements:
- The direct trigger for the takedown was Amazon's CEO reporting to the White House that Fable 5's safety guardrails could be circumvented, potentially for cyberattacks.
- Anthropic's CEO attempted to explain it as a specific vulnerability rather than a general jailbreak, but the White House, based on an NSA assessment, did not accept this explanation.
- Amazon is both Anthropic's largest investor ($8 billion) and cloud service provider, while simultaneously negotiating a massive $50 billion investment with OpenAI, creating a clear conflict of interest.
- This is not the first conflict; in March, the Pentagon listed Anthropic as a supply chain risk after the company refused to have its models used for surveillance and autonomous weapons.
- The White House believes Anthropic has previously likened its own technology's risks to a nuclear bomb but refused to take the model offline due to a known vulnerability, viewing it as an attitude problem.
- After the model was taken down, OpenAI's relative competitive position improved, and Amazon's hedging investment strategy regarding Anthropic also became more flexible.
On June 13, the U.S. government pressed pause on Anthropic's two most advanced models.
One is Fable 5, and the other is Mythos 5. The former was just publicly released, while the latter targeted more restricted cybersecurity customers. The ban, issued by the U.S. Department of Commerce, covers customers outside the United States as well as foreign nationals within the U.S. Anthropic's final choice was simple: take them all offline.
After reviewing all the details of this incident, we have roughly mapped out the timeline of those 24 hours.
On Thursday, June 11, two days after Fable 5's public release, Amazon CEO Andy Jassy raised concerns to the White House. He worried that Fable 5's safety guardrails could be bypassed. Amazon researchers allegedly used a series of prompts to get Fable 5 to provide information that should have been restricted, which could be used for cyberattacks.
By Friday morning, June 12, the issue had reached the highest-level White House meeting. Treasury Secretary Scott Bessent, White House Cyber Director Sean Cairncross, White House Chief of Staff Susie Wiles, and other senior officials participated in the discussion. Bessent was en route to Houston at the time and joined the meeting remotely.
Then came three phone calls.
When Anthropic CEO Dario Amodei entered the call, he faced about half a dozen senior officials. Besides Bessent and Cairncross, Commerce Secretary Howard Lutnick was also present. Other participants included Deputy Under Secretary for Industry and Security Jeffrey Kessler, White House Staff Secretary Will Scharf, Deputy Chief of Staff Richard Walters, and White House Policy Advisor Walker Barrett.
Amodei tried to frame the issue as a misunderstanding. He argued that what Amazon found was a specific method of bypass, not a general prompt jailbreak that could broadly dismantle safety guardrails. Anthropic later publicly stated that testers had not yet found a way to broadly bypass the model's safety systems.
But the White House was not convinced.
The Amazon CEO's findings were sent to the National Security Agency for assessment, and the White House believed it had gathered sufficient evidence. The government requested Anthropic voluntarily take the models offline and work with the government to fix the vulnerabilities. Amodei wanted more time and information but did not commit to removing the models. Bessent said directly on the call that he had made a "wrong decision."
Thereafter, export controls were imposed.
Anthropic offers a different narrative. They say the White House gave them only 90 minutes to take the models down without detailing the actual threat specifics. The White House, however, states that the export controls were a last resort after hours of failing to gain Anthropic's cooperation.
Another key point in this matter is Amazon's delicate position.
At the end of 2024, Amazon invested an additional $4 billion in Anthropic, bringing the total investment to $8 billion. Anthropic simultaneously set AWS as its primary training partner, using AWS chips for future model training and deployment. Claude has also consistently been one of the most important models on Amazon Bedrock.
The Microsoft and OpenAI alliance was already public, and Amazon's bet on Anthropic was originally a way to circumvent that.
Microsoft has OpenAI. Google has Gemini and also invests in Anthropic. Amazon lacks a sufficiently strong in-house frontier model, forcing it to tie AWS's computing power, Trainium chips, and Bedrock platform to an external model company.
But a year and a half later, Amazon also connected with OpenAI.
This year, Amazon explored investing up to $50 billion in OpenAI. At the time, OpenAI was seeking up to $100 billion in new financing, with a potential deal possibly including OpenAI purchasing Amazon's AI chips. Axios also noted that OpenAI's 2025 annualized revenue exceeded $20 billion, but its spending commitments reached $1.4 trillion.
Amazon needs frontier model companies to consume AWS computing power, validate its self-developed chips, fill its data centers, and place the strongest models on its enterprise cloud shelves. This is no longer a purely financial investment.
So, it both invests in Anthropic and approaches OpenAI. It is both a model company's benefactor and its supplier. It must help them sell their models and explain to the government how dangerous these models are.
In terms of the outcome, this time Amazon stood against Anthropic. From Anthropic's perspective, a partner providing money, cloud services, chips, and distribution channels handed the government a security signal sufficient to trigger a ban. Of course, Amazon's own line is: "The White House asked me; I was just replying to their questions."
Over the past two years, AI companies have liked to portray themselves as national assets. The stronger the capability, the higher the valuation, the smoother the fundraising, and the more imaginative the government procurement. Anthropic, in particular, is skilled at this narrative. It distinguishes itself from OpenAI with more cautious safety language, and uses the rhetoric of "frontier risk" to prove to regulators that it should be taken seriously.
Now, the U.S. government truly treats these models as national security assets.
The confusion among White House officials also stems from this. Politico reported that White House officials had heard Amodei compare the danger of Anthropic's technology to nuclear bombs. When he refused to take down a model due to a known security vulnerability, government officials saw it not as a technical disagreement, but an issue of attitude.
This was not the first conflict between the two sides. On March 3, the Pentagon listed Anthropic as a supply chain risk because Anthropic refused to allow its AI tools to be used for large-scale domestic surveillance and autonomous weapons.
Anthropic and U.S. officials have had previous disagreements.
This time, Anthropic stated that the government directive did not specify the specific national security concerns and criticized the action for lacking transparency, clarity, and a legal process based on technical facts. Anthropic believes the issue is more akin to a narrowly scoped bypass method, insufficient to justify such a broad ban.
But from the government's perspective, model security is no longer an internal matter of companies writing white papers, conducting red team testing, and publishing system cards. Who can access the model, who can train the model, and whether foreign employees can view the model weights all fall into the language of export controls.
When Anthropic announced in April that Mythos would only be open to limited technology and cybersecurity companies, it had already held multiple rounds of meetings with the White House. Before Fable 5 was launched, it was also reviewed by the U.S. government and the UK's AI Safety Institute. Anthropic argues that the government raised no objections before the model's release.
This makes the conflict even more unpleasant.
Before model release, it's safety cooperation. After model release, it's national security.
OpenAI watched this accident from the sidelines.
With Anthropic forced to take its most powerful models offline, OpenAI's relative position becomes more comfortable. The more Anthropic is entangled in regulatory issues, the easier it is for OpenAI to become the "cooperative" option. If Amazon truly continues to move closer to OpenAI, it would also add another layer of hedging.
Of course, there is no public evidence suggesting Amazon acted to help OpenAI undermine Anthropic.
The sharper truth is that when frontier models enter a trillion-dollar capital expenditure cycle, partnerships are inherently no longer clean. Cloud vendors invest in model companies, model companies purchase cloud computing power, governments ask cloud vendors about security risks, and competitors red-team each other within the same regulatory arena.
The roles of financier, supplier, distributor, and reviewer are beginning to be played by the same group of companies.
This is more significant than a specific prompt jailbreak.
On the night Fable 5 and Mythos 5 were shut down, Anthropic lost not just access to two models. It lost a bit of control over its own narrative.
Amazon's hand is still on the AWS console. OpenAI's fundraising table hasn't cleared yet. And the U.S. government has already taken a seat in the front row of the model launch event.
