AI Safety, National Power, and the Suspension of Fable 5 and Mythos 5
A Service Interruption That Was Not Merely Technical
For the past few days, I had been enjoying Anthropic’s new flagship model, Fable 5. It felt noticeably capable, and I was looking forward to spending more time with it. Testing a new model is not only a matter of comparing benchmarks or searching for impressive answers. It is also a process of learning how the model works with us, where it becomes genuinely useful, where it remains uncertain, and how it might influence our own habits of thinking and working.
Then, one morning, I encountered a simple message saying that the service was unavailable. At first, I assumed it was an ordinary interruption. Online services occasionally become overloaded, systems undergo maintenance, and newly released products sometimes encounter technical difficulties. In most cases, we wait for a while and try again later.
This time, however, the explanation was much more serious. Anthropic had received a directive from the United States government requiring it to suspend access to Fable 5 and Mythos 5 for foreign nationals, including foreign citizens living or working inside the United States. The restriction reportedly extended even to Anthropic’s own foreign-national employees. Because the company could not immediately guarantee compliance through selective access controls, it disabled both models for everyone.
A short message on my screen was therefore connected to something much larger than a temporary server problem. Behind it stood national-security authority, export-control law, cybersecurity concerns, corporate resistance, international technology policy, and the increasingly difficult question of who should control advanced artificial intelligence. The immediate event appeared small, yet the implications were not. One model stopped responding, but companies, researchers, security organizations, developers, and international partners suddenly had to reconsider whether a system they had begun testing or integrating could remain available at all.
The episode resembles both a falling domino and a butterfly effect. A single decision made in one part of the United States government reaches users across the world. It affects not only access to a chatbot, but also expectations about technological cooperation, privacy, corporate infrastructure, national sovereignty, and the future direction of AI development.
Perhaps neither Anthropic nor the government fully predicted how widely the consequences would spread. The service may eventually return under a revised agreement or a new compliance structure, and Anthropic has said that it is trying to resolve the issue. Still, even a rapid restoration would not erase what has already been revealed. A frontier model is no longer simply a product. It can become a border.
When Safety Divides Into Different Meanings
The event is especially interesting because it forces us to reconsider what we mean by AI safety. Anthropic is widely known for presenting safety as a central part of its identity. The company has repeatedly warned that increasingly capable models could create serious risks, including cyber misuse, biological threats, autonomous weapons, mass surveillance, manipulation, loss of human control, and the possibility that future systems could improve themselves faster than institutions can respond.
In this first sense, AI safety concerns the behavior and capabilities of the system itself. Can the model be controlled? Can its safeguards be bypassed? Can it provide dangerous assistance? Can its actions be monitored? Can companies prevent it from causing harm while still making its benefits available?
The government’s intervention introduces another meaning of safety. National-security control is concerned less with the model’s behavior in general and more with who can access its capabilities. It asks whether a foreign government, organization, company, or individual could use the model against American interests. It also asks whether an advanced model should be treated as a strategic national asset rather than as a globally available commercial service.
Both perspectives speak in the language of safety, but they protect different things. General AI safety seeks to protect people and society from harmful capabilities. National-security control seeks to protect the state’s strategic position by controlling the distribution of those capabilities.
The two concerns overlap, but they do not always lead to the same conclusion. Anthropic may believe that Fable 5 is safe enough for broader access because its safeguards redirect or restrict sensitive requests. The government may believe that the model remains strategically dangerous even if those safeguards work most of the time. A bypass that Anthropic regards as narrow or manageable may still appear unacceptable to an agency concerned about hostile foreign actors.
The opposite conflict is also possible. A government may consider a powerful AI system acceptable when used by its own military or intelligence institutions, even if the developer believes those uses carry serious ethical or safety risks. The government may emphasize legality, national defense, and operational necessity. The developer may emphasize limits that should apply regardless of who is using the system.
A third meaning of safety therefore emerges, one concerned with institutional authority. Who has the right to decide when a model is safe enough? Is it the company that built and tested it, the government that possesses legal authority and classified intelligence, the military that understands operational threats, an independent scientific body, or the international community affected by the decision?
Technical knowledge does not automatically produce political legitimacy, and political authority does not automatically produce technical understanding. Anthropic may know its model more deeply than government officials do, but the government may possess threat intelligence unavailable to Anthropic. Neither side can easily prove to the public that its judgment should be final.
The question is no longer simply whether AI is safe. It becomes a more difficult inquiry: safe for whom, safe from what, and safe under whose control?
The Reversal Between Anthropic and the State
The present situation also creates a striking reversal. Only a few months earlier, Anthropic had been involved in a serious conflict with the Pentagon. The company resisted demands that would have allowed broader military use of Claude. Anthropic maintained restrictions related to mass domestic surveillance and fully autonomous weapons, arguing that some boundaries should remain even when the customer was the United States government.
In that dispute, the Pentagon appeared to be the more aggressive party. It wanted greater freedom to use the technology for lawful national-security purposes. Anthropic appeared cautious, insisting that access to AI should not mean unlimited permission to use it in every context.
The public roles now seem to have changed. This time, the government is imposing restraint because it considers access to Anthropic’s most advanced models a national-security concern. Anthropic, meanwhile, argues that the intervention is excessive and that the reported safeguard bypass does not justify the global withdrawal of the models. The company that became famous for warning that advanced AI may be dangerous is now asking the government not to stop its advanced AI.
This is not a simple contradiction. Anthropic can consistently believe that autonomous weapons should be restricted while also believing that a narrow cybersecurity bypass does not justify disabling an entire model. The government can likewise believe that the military should have broad domestic access while foreign nationals should not receive access to strategically sensitive capabilities.
The legal situations also differ. During the Pentagon conflict, Anthropic was resisting the terms demanded by a powerful customer and responding to procurement pressure. In the present case, the government has reportedly used export-control authority. Refusing a customer’s preferred contract is very different from ignoring a direct legal instruction concerning the distribution of controlled technology. This helps explain why Anthropic appears more compliant now. It is not necessarily because the company suddenly agrees with the government. The available legal options and immediate risks are different.
Even so, the public symbolism is difficult to overlook. Anthropic has spent years explaining that frontier AI should not be treated like ordinary software. Its leaders have spoken openly about the possibility of systems becoming capable of assisting dangerous cyber operations, accelerating biological research, transforming scientific work, or eventually contributing to their own improvement. The company has asked governments and society to take these possibilities seriously.
Such warnings may be sincere and necessary. At the same time, danger can also become a form of competitive positioning. A company that claims to be managing unprecedented risks may appear more advanced than companies whose models are described in ordinary commercial language. The message is not only that the system is useful. It is that the system is so powerful that it requires an entirely new level of responsibility.
This gives frontier AI communication a theatrical quality. Companies speak about capabilities that may transform civilization, reshape employment, threaten security, and perhaps exceed human expertise. These claims generate concern, but they also generate prestige, investment, attention, and a sense that the company occupies a unique place in technological history.
Anthropic has been especially effective at building this identity. It has often presented itself as the cautious organization closest to the dangerous frontier, willing to warn the public even when those warnings might limit its own business. The current intervention reveals the risk of that strategy. Once a company persuades the state that its technology is extraordinarily consequential, it cannot fully control what the state will do with that belief.
Anthropic wanted advanced AI to be taken seriously. The government has now taken it seriously in a form that Anthropic did not choose. There is something almost comical about the reversal, but it is also revealing. Anthropic has recently raised concerns about systems contributing to the development of future AI, including the possibility of recursive improvement. The company has discussed the need to prepare for moments when AI development may have to slow down or become subject to greater coordination.
Now Anthropic itself has been forced to slow down, not according to its own safety framework, but according to the judgment of the state. The organization that warned that AI development might someday need to pause has discovered that a pause can be imposed from outside.
Drawing a Digital Border Around Nationality
The directive is also troubling from the perspective of privacy, identity, and international employment. A restriction based on geographic location is relatively familiar. Online services can examine IP addresses, billing regions, account information, and local regulations. These methods are imperfect, but they are already widely used for sanctions, licensing agreements, content availability, and regional product releases.
A restriction based on nationality is much harder to enforce. A Japanese, Filipino, Canadian, French, or Indian citizen may legally live and work in the United States. A person may hold more than one nationality. An international employee may work inside Anthropic while collaborating with American colleagues. A multinational customer may operate one account across several countries. A security team may share prompts, outputs, repositories, and research findings among employees of many nationalities.
Nationality cannot be reliably determined from an IP address, and it is not visible in the ordinary technical signals used by cloud services. To enforce such a rule, Anthropic might need to collect stronger forms of identification. Users could eventually be required to prove citizenship or immigration status. Corporate customers might need to certify the nationality of employees who can access a model. Internal systems could require stricter separation between American and non-American workers.
The result could include more identity verification, access logging, monitoring, employee classification, and restrictions on collaboration. A policy introduced in the name of national security could therefore weaken privacy and anonymity. The more valuable AI becomes, the more companies may be asked to know exactly who is using it, where that person is located, which country claims that person, and how the model’s output is shared.
This represents a profound change in the character of online services. For many years, the internet was imagined as a network in which information could move across borders more freely than people or physical goods. Governments always retained regulatory power, but digital services often appeared less constrained by nationality than traditional industries. Advanced AI may reverse that direction. Access to intelligence could become linked to passports, citizenship, alliances, security clearances, and institutional membership.
The problem becomes even more difficult within Anthropic itself. Like other leading technology companies, Anthropic depends on an international workforce. AI research has developed through global movement, with researchers, engineers, policy specialists, and security experts crossing national and institutional boundaries.
If foreign-national employees cannot access the company’s own most advanced models, nationality becomes an internal permission level. Colleagues working inside the same organization may suddenly be placed on opposite sides of a legal boundary. That division could affect not only technical work but also trust and organizational culture. An employee may be qualified, loyal, legally employed, and deeply involved in a project, yet prohibited from accessing the system because of citizenship.
A modern global company would be forced to operate according to a much older conception of national separation. Anthropic’s decision to disable the models for everyone becomes more understandable in this context. The company could not simply block overseas users and continue serving Americans. It needed to ensure that no foreign national anywhere, including within the United States and within Anthropic itself, could use the system.
Constructing such a compliance mechanism would require time, legal interpretation, technical controls, and perhaps a level of surveillance that neither Anthropic nor its users expected. The global shutdown was blunt, but the rule itself was difficult to translate into the architecture of an ordinary commercial AI service.
The Model Inside the Supply Chain
The consequences extend beyond people directly chatting with Fable or testing Mythos. Frontier AI is becoming part of a complicated technological supply chain. Models are integrated into software development, cybersecurity research, financial analysis, cloud computing, customer support, scientific work, internal knowledge systems, and automated agents. In many cases, the final user may not even know which model is operating behind a service.
Mythos was connected to Project Glasswing, an initiative involving major technology companies, cybersecurity firms, financial institutions, infrastructure providers, and open-source organizations. Participants were exploring the model’s defensive-security capabilities, including its potential to identify vulnerabilities and help secure critical software.
When access is suddenly suspended, the effect does not stop at Anthropic’s website. It may interrupt evaluations, integrations, research programs, vulnerability analysis, software-development workflows, and strategic planning across partner organizations. Some of these effects will be visible. Others will remain hidden inside confidential projects, internal systems, and private contracts, which makes the total impact difficult to calculate.
A company may have invested months preparing an integration. A security team may have begun redesigning its workflow around a model’s capabilities. A cloud provider may have planned to make the model available to enterprise customers. A financial institution may have been testing it for risk analysis. Researchers may have scheduled evaluations or depended on continued access for an ongoing project.
None of these activities necessarily disappears permanently. Organizations can return to older models or move to competitors. Still, switching is not free. It consumes time, money, technical effort, training, and organizational attention. The event reveals how quickly an AI model can become infrastructure.
Cloud computing offers a useful comparison. A company that builds its operations around one cloud provider becomes dependent not only on the technology but also on the provider’s commercial stability, regulatory environment, and home government. The same is now becoming true of AI models.
This raises an uncomfortable question for institutions outside the United States. Can they safely build essential services around an American model whose availability may be changed overnight by an American policy decision?
The United States has long benefited from the global trust placed in its technology companies. Businesses and governments around the world depend on American operating systems, cloud platforms, cybersecurity tools, payment networks, and software services. That dependence gives the United States considerable influence, but influence depends partly on predictability. Customers must believe that a service will remain available under understandable rules.
A sudden nationality-based restriction could weaken that confidence. Foreign companies may conclude that dependence on a single American frontier model carries political risk. Governments may accelerate sovereign AI programs. Enterprises may diversify across several providers or prefer models that can be hosted locally.
The restriction may strengthen American control in the immediate moment while reducing long-term dependence on American platforms. That is one of the incident’s central paradoxes. A policy intended to protect national technological advantage may encourage the rest of the world to become less reliant on the country exercising that advantage.
The Power and Weakness of Restricting One Model
The government’s action is simultaneously powerful and limited. It is powerful because it can immediately affect millions of users and numerous institutions. One directive can make an advanced service disappear across national borders. It can disrupt commercial plans, research programs, security work, and individual experimentation.
It is limited because the underlying capability does not belong permanently to one model or one company. AI development is moving too quickly for any single system to remain uniquely capable for long. While Anthropic deals with government restrictions, other laboratories continue training and releasing new models. Techniques spread through research, staff movement, investment, competition, and experimentation.
A level of performance that appears exceptional today may become ordinary within months. Anthropic itself has warned that other companies could soon develop systems with Mythos-class capabilities. Some may adopt similar safeguards. Others may release models under different safety standards. Some may operate outside the United States and therefore outside the direct reach of American export controls.
This raises a basic question about the effectiveness of model-specific restrictions. If the feared capability is available only through Mythos, restricting Mythos may provide meaningful protection. If comparable capabilities are already appearing in other commercial or open systems, limiting one model may create disruption without reducing the underlying risk for very long.
The policy could then become both highly impactful and strategically ineffective. It hurts current users, partners, and international customers, but it does not stop technological development. It may delay access to one system while encouraging demand for alternatives.
China makes this paradox especially visible. China is deeply affected by American technology restrictions, particularly controls involving advanced semiconductors, manufacturing equipment, investment, and computing infrastructure. It would therefore be inaccurate to say that China is unaffected by American AI policy.
Yet China may be less directly affected by the withdrawal of an Anthropic service because it has developed a more separate ecosystem of AI companies, cloud platforms, internet services, data resources, and increasingly capable domestic models. American allies may feel the immediate loss of Fable and Mythos more strongly than Chinese organizations that were never dependent on them.
This creates an uncomfortable geopolitical outcome. A policy designed partly around concern about strategic rivals may impose its clearest immediate costs on international researchers, businesses, and institutions within countries friendly to the United States. It may also encourage China and other countries to intensify their efforts toward technological self-reliance. Each restriction becomes another reason to build domestic alternatives that cannot be switched off by Washington.
We can already see how quickly physical AI and robotics are developing, including advances in industrial machines, autonomous systems, humanoid robots, and embodied intelligence. Future capabilities will not exist only through cloud-based chat interfaces. They will be distributed across models, chips, machines, factories, laboratories, vehicles, and local devices.
A governance strategy focused on blocking one hosted model may become increasingly inadequate as intelligence spreads across many forms of technology. The government can control a service endpoint more easily than it can control a global scientific and industrial process.
This does not mean restrictions are always useless. Temporary delays can matter, access controls can make abuse more difficult, and governments have legitimate reasons to prevent sensitive technologies from reaching hostile actors. But restrictions must be proportionate, technically informed, internationally coordinated, and realistic about how quickly capabilities can be reproduced elsewhere.
Otherwise, regulation becomes symbolic. It demonstrates authority without addressing the deeper source of the risk.
The comparison with other American AI companies will therefore be important. If models developed by OpenAI, Google, or others reach comparable capabilities, will the same restrictions apply? Will the government create a general standard, or will Anthropic remain a special case?
If comparable models remain globally available, the action against Anthropic may look inconsistent or politically influenced. Anthropic’s unusually dramatic safety messaging and its difficult relationship with parts of the government may then appear relevant, even if retaliation cannot be proven.
If similar restrictions spread across the industry, the incident will mark the beginning of something larger. Frontier models may be treated less like ordinary software services and more like controlled strategic technologies. Either outcome would be significant.
After Mythos Became a Myth
Anthropic has said that it is working to resolve the situation. Perhaps access will return soon. The company and the government may reach an agreement, clarify the technical concern, introduce additional safeguards, or develop a temporary compliance framework. At present, however, there is no reliable way to know whether restoration will take days, weeks, or longer.
The speed of AI development adds pressure to every delay. A few weeks can be a meaningful period in a field where companies release new capabilities in rapid succession. While Anthropic negotiates, competitors continue advancing. Users who had begun relying on Fable may move elsewhere. Partners may reconsider their dependence on Mythos. The market does not pause simply because one company has been forced to pause.
Even if the models return next week, the event will remain important. It has shown that a frontier AI service can be withdrawn globally with little warning. It has revealed the difficulty of enforcing restrictions based on nationality. It has exposed tension between corporate safety judgment and sovereign authority. It has demonstrated how deeply one model can become connected to cybersecurity, finance, cloud infrastructure, scientific research, and international business.
It has also clarified that AI safety is not one unified idea. Safety can mean preventing a model from producing harmful information. It can mean preventing governments from using AI for unacceptable purposes. It can mean protecting a country’s strategic advantage. It can mean limiting access according to nationality. It can mean preserving privacy, institutional trust, or international stability.
These meanings can support one another, but they can also conflict. A policy intended to protect national security may require intrusive identity monitoring. A restriction intended to stop foreign misuse may damage allied institutions. A company’s warning about dangerous capabilities may invite government control. A government’s effort to preserve technological leadership may encourage other countries to create independent alternatives.
The incident also reveals a deeper tension in the idea of global AI. The models are trained, financed, developed, tested, and used through international networks. Their effects cross borders almost instantly. Yet their legal ownership remains rooted in particular countries, and those countries retain the power to determine who may access them.
AI may be global in capability while remaining national in control.
That tension will grow as models become more central to economic activity and scientific development. Access to advanced intelligence may eventually matter as much as access to energy, computing infrastructure, education, or financial systems. Decisions about model availability will then affect not only consumers but also the relative development of entire countries.
The suspension of Fable and Mythos may prove temporary. It may eventually be remembered as a misunderstanding resolved through technical and legal negotiation. It may also be remembered as an early sign of a new era in which AI models began acquiring borders, citizenship requirements, strategic classifications, and geopolitical identities.
For users, it began with a modest message saying that a service was unavailable. Behind that message stood a much larger reality. Artificial intelligence had become important enough that one government could interrupt its global distribution, yet distributed enough that stopping one model could never stop the broader movement.
This is why the episode is both concerning and intellectually fascinating. It is not only about whether one model is too powerful. It is about who may decide what power means, who is trusted to possess it, and how far one country’s authority can reach into a technology already woven into global life.
Fable and Mythos were names chosen to suggest storytelling, imagination, and the human effort to make meaning. For a brief moment, they represented Anthropic’s newest vision of advanced intelligence. Then a government directive transformed them into symbols of safety, sovereignty, technological dependence, and international division.
For now, Mythos has become a myth, and Fable has become a fable. Yet the questions they have raised are no fiction.
Photo by Immo Wegmann on Unsplash
Tom’s Blog 