A few weeks ago we wrote about the morning our Chief Executive and Founder, Lisa Ventura MBE FCIIS, logged on to find that Claude Fable 5 had been switched off. Not slowed down or glitching, but gone, along with its sibling model Mythos 5, removed from public use by a United States government export control directive.

That post asked a set of questions about how a decision on that scale should be made. We said we would follow the situation closely. Here is where things now stand.

Claude Fable 5 Is Back

On 30 June 2026 the US Department of Commerce lifted the export controls it had imposed on 12 June. Anthropic began restoring access to Fable 5 the following day, 1 July, across the Claude Platform, Claude.ai, Claude Code and Claude Cowork, with the major cloud platforms to follow in stages. Access to Mythos 5, the more cyber capable of the two models, was restored to a set of approved US organisations.

The suspension lasted just under three weeks. For an export action that is unusually quick. Restrictions of this kind, particularly on hardware, tend to run for months. A model going dark and coming back in under a month is a different kind of event, and the speed of it is part of the story.

What Anthropic Says It Changed

Anthropic has now published a fuller account of what triggered the suspension. According to the company, researchers at Amazon found a way to get around some of Fable 5’s safeguards, prompting it to identify a number of software vulnerabilities and, in one case, to produce code showing how a vulnerability could be exploited.

Anthropic’s position is that this was a borderline case rather than a dangerous capability. The company says its own testing showed that several less capable models, including its own Claude Opus 4.8 and other widely available systems, could identify the same vulnerabilities, and that the technique did not expose anything unique to its most capable models. In its account the blocked behaviour involved routine defensive security work of the kind many practitioners do every day.

Even so, Anthropic moved to close the gap. It trained a new safety classifier aimed specifically at the reported technique, which it says now blocks that behaviour in more than 99 per cent of cases. That figure is Anthropic’s own, and we would treat it as a claim rather than an independently measured result, though the company says researchers at the US Center for AI Standards and Innovation reviewed the safeguards. When the classifier flags a request, the user is told, and the request is handled by a different model instead. Anthropic is candid that the new classifier will also catch some harmless requests during ordinary coding and debugging, a trade off it has chosen to accept.

The Part That Matters Most

The return of one model is the smaller story. The larger one is what the episode has prompted across the industry.

Anthropic has said it is working with Amazon, Microsoft, Google and other partners on a shared way to score the severity of an AI jailbreak. The proposal rates a given technique on how much new capability it hands an attacker, how many different attacks it enables, how much effort it takes to weaponise and how easy it is to find in the first place. The aim is a common language so that developers know which findings to treat as urgent and governments know when action is warranted.

This is the gap the AICSA pointed to in our first post. When there is no agreed standard for judging how serious a bypass is, every new finding arrives without context, and the response can swing from nothing at all to pulling a model used by millions. A shared framework will not remove judgement from these decisions, but it should make them more consistent and easier to explain. We welcome the direction, and we will be watching how it is built and who gets a say in it.

Anthropic has also set out closer working arrangements with the US government, including earlier access to frontier models for testing before release, faster sharing of information about misuse, and a move towards a common security bar across model developers. There is a great deal to think through here about transparency and about who holds whom to account, but a move from improvised emergency action towards a defined process is a step in a healthier direction.

Did the Outcome Meet the Test We Set

In June we argued that a decision of this scale needs to be transparent, evidence led and proportionate, and that on the information available it was hard to see how disabling a widely used model met that bar.

The resolution has done something to answer that. Anthropic’s own testing supports the view that the underlying capability was not unique to Fable 5, and the fact that the controls came off in under three weeks, through a negotiated safety commitment rather than a drawn out dispute, suggests the original concern was narrower than an emergency shutdown of the whole model implied. On the evidence now public, the AICSA’s initial reading looks reasonable.

What has not gone away is the precedent. A frontier model was switched off by government order, outside any settled legal process for doing so. A voluntary review route created by an executive order signed in early June existed at the time, and this model did not go through it. That should give every organisation building on these tools pause, not because the outcome here was wrong, but because the mechanism was improvised. Speed cut both ways. The same speed that brought Fable 5 back could take the next model away.

What This Means for Your Organisation

The practical lesson from June has only been reinforced. Resilience is not an afterthought. If a single model or vendor sits at the centre of a critical workflow, a disruption that has nothing to do with your own systems can still stop you working. Contingency planning, tested fallback options and a clear view of your supply chain risk belong in every AI adoption decision.

A second lesson has come into focus since. The model that came back is not guaranteed to behave exactly as it did before. Anthropic has been open that the new safeguards will affect some legitimate requests. If you rely on Fable 5 for security or development work, it is worth revalidating your integrations rather than assuming continuity. Back online is not the same as unchanged.

Where the AICSA Stands

We said in June that the way governments and frontier developers handle moments like this will shape the trust the whole sector depends on. That is still true, and this episode has given us an early sense of how it can be handled better. A quick resolution, a fuller public explanation and the beginnings of a shared framework are all preferable to silence and uncertainty.

The work now is to turn a one off recovery into a dependable process, one that is transparent about the evidence, proportionate in its response and open to voices beyond a small circle of the largest developers and a single government. That is the conversation the AICSA exists to help lead, and we will keep our community informed as it develops.

If you would like to talk through what this means for your own organisation, or you want to be part of the conversation as it unfolds, we would be glad to hear from you at hello@aisec.org.uk.

Sources: Anthropic, “Redeploying Fable 5”, 30 June 2026. The lifting of the controls and its wider coverage were reported during 30 June and 1 July 2026 by outlets including CNBC, The Hacker News and 9to5Mac, with the lifting first reported by Politico.