A single ban, three phone calls, an out-of-control narrative: Anthropic's darkest 24 hours

On June 13th, Anthropic's two most advanced models were put on hold by the U.S. government.

One is Fable 5, which was just publicly released, and the other is Mythos 5, aimed at more restricted cybersecurity clients. The ban came from the U.S. Department of Commerce, covering clients outside the United States as well as foreign citizens within the U.S. Anthropic's only choice was straightforward: take everything offline.

After reviewing all the details of this incident, we have roughly outlined the 24-hour timeline.

On Thursday, June 11th, two days after Fable 5 was publicly released, Amazon CEO Andy Jassy raised concerns with the White House. He was worried that Fable 5’s safety guardrails could be bypassed. Amazon researchers reportedly used a series of prompts to get Fable 5 to reveal information that should have been restricted, which could be used for cyberattacks.

By the morning of June 12th, the issue had reached the highest levels of White House meetings. Treasury Secretary Scott Bessent, White House Cybersecurity Director Sean Cairncross, White House Chief of Staff Susie Wiles, and other senior officials participated in the discussion. Bessent was on the road to Houston and joined the meeting remotely.

Then came three conference calls.

When Anthropic CEO Dario Amodei joined the call, about half a dozen senior officials were on the other end. Besides Bessent and Cairncross, there was Secretary of Commerce Howard Lutnick. Other participants included Jeffrey Kessler, Deputy Secretary of Commerce for Industry and Security; White House Chief of Staff Will Scharf; White House Deputy Chief of Staff Richard Walters; and Presidential Policy Advisor Walker Barrett.

Amodei tried to explain the situation as a misunderstanding. He believed Amazon had discovered a specific bypass method, not a general prompt jailbreak that could broadly disable safety guardrails. Anthropic later publicly stated that testers had not yet found a way to widely bypass the model’s safety systems.

But the White House was not convinced.

Amazon’s findings were sent for assessment to the U.S. National Security Agency, and the White House believed they had enough evidence. The government demanded that Anthropic voluntarily take down the models and work with the government to fix the vulnerabilities. Amodei wanted more time and information but did not promise to withdraw the models. Bessent directly said on the call that he had made a “wrong decision.”

Subsequently, export controls were imposed.

Anthropic offered a different narrative. They said the White House only gave 90 minutes to take the models offline and did not specify the actual threat details. The White House claimed that export controls were a last resort after hours of fruitless cooperation with Anthropic.

Another key point is Amazon’s delicate position in this incident.

At the end of 2024, Amazon invested an additional $4 billion in Anthropic, bringing the total investment to $8 billion. Simultaneously, Anthropic designated AWS as its primary training partner, with future model training and deployment using AWS chips. Claude has also been one of the most important models on Amazon Bedrock.

Microsoft and OpenAI’s alliance is already well-known, and Amazon’s bet on Anthropic was originally a way to circumvent that.

Microsoft owns OpenAI. Google has Gemini and also invested in Anthropic. Amazon lacks a sufficiently advanced in-house frontier model and can only rely on AWS’s computing power, Trainium chips, and Bedrock platform, tying itself to external model companies.

But a year and a half later, Amazon and OpenAI also connected.

This year, Amazon discussed investing up to $50 billion in OpenAI. At the same time, OpenAI was seeking up to $100 billion in new funding, with a potential deal including procurement of Amazon AI chips. Axios also mentioned that OpenAI’s annualized revenue in 2025 could exceed $20 billion, but its expenditure commitments reach $1.4 trillion.

Amazon needs frontier model companies to consume AWS’s computing power, validate its own chips, fill data centers, and also place the most powerful models on its enterprise cloud shelf. This is no longer just a financial investment.

So, Amazon is both investing in Anthropic and close to OpenAI. It’s both a funder and a supplier of these models. It helps sell their models and also explains to the government how dangerous these models are.

In the end, Amazon positioned itself against Anthropic. In Anthropic’s view, a partner providing funding, cloud, chips, and distribution channels presented a security signal strong enough to trigger a ban. Of course, Amazon’s official stance was, “The White House asked me, I just responded to their questions.”

Over the past two years, AI companies have liked to portray themselves as national assets. The more capable they are, the higher their valuation, the easier their financing, and the more government procurement they can imagine. Anthropic is especially skilled at this narrative. It uses more cautious safety language to distinguish itself from OpenAI and employs “frontier risk” rhetoric to prove to regulators that it should be taken seriously.

Now, the U.S. government truly treats these models as national security assets.

White House officials’ confusion also stems from this. Politico reported that White House officials heard Amodei compare the danger of Anthropic’s technology to nuclear weapons. When he refused to take down a model due to a known security vulnerability, government officials didn’t see it as a technical disagreement but as an attitude problem.

This isn’t the first conflict between the two sides. On March 3rd, the Pentagon listed Anthropic as a supply chain risk because Anthropic refused to allow its AI tools to be used for large-scale domestic surveillance and autonomous weapons.

Anthropic and the U.S. government have had a tense history.

And this time, Anthropic claimed that the government’s directive did not specify particular national security concerns and criticized the action for lacking transparency, clarity, and a legally grounded process based on technical facts. Anthropic argued that this incident was more like a narrow bypass method, insufficient to justify such a broad ban.

But from the government’s perspective, model safety is no longer an internal process of writing white papers, conducting red-team tests, and releasing systems. Who can access the models, who can train them, whether foreign employees can view model weights—all are now part of export control language.

When Anthropic announced in April that Mythos would only be open to select cybersecurity and tech companies, they had already held multiple meetings with the White House. Before Fable 5’s launch, it was also reviewed by the U.S. government and the UK AI Safety Institute. Anthropic believed that the government did not oppose the release beforehand.

This made the conflict more awkward.

Before model release, it was about safety cooperation. After release, it became a matter of national security.

OpenAI watched this incident unfold.

Anthropic was forced to take down its most powerful models, making OpenAI’s position more comfortable. The more Anthropic is entangled in regulatory issues, the easier it becomes for OpenAI to be seen as the “cooperative” option. If Amazon continues to lean toward OpenAI, it adds another layer of hedging.

Of course, there is no public evidence that Amazon’s goal was to help OpenAI undermine Anthropic.

A sharper reality is that frontier models are now entering a trillion-dollar capital expenditure cycle, and partnerships are no longer clean. Cloud providers invest in model companies, model companies buy cloud compute, governments inquire about security risks from cloud providers, and competitors are red-teaming within the same regulatory space.

Funder, supplier, distributor, and regulator—these roles are increasingly played by the same companies.

This is more significant than any jailbreak prompt.

On the night Fable 5 and Mythos 5 were shut down, Anthropic lost more than just access to two models. It lost some control over its own narrative.

Amazon still has its hand on the AWS console. OpenAI’s funding discussions are still ongoing. The U.S. government has already taken a front-row seat at the model launch event.