On June 12, the US government did something it had never done before: it applied export controls to a domestic frontier AI model, forcing Anthropic to shut down both Claude Fable 5 and Claude Mythos 5 for all users worldwide. Eighteen days later, on June 30, those controls were lifted, and Fable 5 began redeploying on July 1. The swift reversal is not just a resolution for Anthropic: it is the first complete cycle of a new regulatory process that every AI founder will eventually navigate. And it came with something arguably more important than the model itself: a proposed industry-wide framework for scoring AI jailbreaks that could reshape how safety is measured across the entire field.

The Safeguard Fix That Unlocked the Redeployment

The export controls were triggered by an Amazon researcher's discovery of a method to bypass Fable 5's guardrails, causing the model to identify and demonstrate software vulnerabilities. Anthropic's investigation revealed that the behavior was a borderline case: every model they tested, including less capable ones like Claude Opus 4.8 and GPT-5.5, could produce the same demonstration. The bypass did not unlock Mythos-level offensive capabilities. But the government was not taking chances.

To get the controls lifted, Anthropic trained an improved safety classifier targeting the specific behavior described in the Amazon report. The new classifier blocks the reported technique in over 99% of cases. Researchers from the US Department of Commerce's Center for AI Standards and Innovation (CAISI) independently tested both the prior and new safeguards and confirmed they are extraordinarily strong. The tradeoff: the new classifier flags benign requests more often during routine coding tasks, increasing false positives. Users whose requests are blocked will have them automatically routed to Opus 4.8 instead.

This is a critical detail for founders building on top of Fable 5. If your application depends on consistent model behavior for cybersecurity-adjacent tasks like vulnerability scanning or code review, you will see more refusals than before. Plan for fallback models and test your prompts against the new classifiers before deploying.

The Four-Factor Jailbreak Framework: A CVSS for AI Models

Beyond the technical fix, Anthropic introduced something that may have longer-lasting implications than the redeployment itself: a consensus framework for scoring jailbreak severity, developed in partnership with Amazon, Microsoft, Google, and other Glasswing partners. The framework evaluates every discovered jailbreak on four dimensions:

Capability gain. How much does the jailbreak extend beyond existing tools? If weaker models or publicly available tools can already achieve the same capability, the score is low. If the jailbreak unlocks capabilities that accelerate even domain experts, the score is high.

Breadth of capability gain. How many distinct offensive tasks does the same jailbreak technique enable? Narrow targets score low; techniques that work across multiple targets score high.

Ease of weaponization. How much human effort does it take to turn the jailbreak into an actual attack? A technique requiring skilled prompting and many retries scores low; a single-prompt jailbreak scores high.

Discoverability. How easily can someone obtain the technique? Specialist knowledge scores low; techniques already widely shared online score high.

The framework is voluntary for now, but Anthropic has committed to using it to calibrate its response. For the most severe class of jailbreaks (those that could impact critical infrastructure), Anthropic says it will begin deploying preliminary mitigations immediately upon confirmation. The company is also launching a HackerOne program for cyber jailbreak submissions and standing up a 24/7 monitoring team.

What the Government Commitments Look Like

Anthropic's blog post also detailed a new set of commitments to deeper government collaboration that will apply to all future frontier model releases. These include pre-release government access and evaluation for models advancing the capability frontier in national security-relevant areas, rapid information sharing on significant jailbreaks and misuse patterns, dedicated compute allocations for government testing and research, and a commitment to working toward a shared voluntary security standard for all frontier model providers.

This is essentially a pre-clearance process. Anthropic will provide designated government partners with expanded early access to both models and their safeguards before broad release, with dedicated technical staff working alongside government evaluators. The company describes this as the beginning of a template for effective global coordination.

What Founders Need to Do

Audit your dependency chain. If your product uses Fable 5 or Mythos 5, test against the new classifiers immediately. The increased false-positive rate for cybersecurity-adjacent tasks means you need a fallback strategy. Do not assume pre-shutdown behavior will be identical post-redeployment.

Prepare for your own pre-clearance process. The Anthropic playbook (pre-release government evaluation, shared jailbreak frameworks, dedicated testing resources) will become the expectation for any company building frontier-capability models. If your model could be used for anything the government deems nationally significant, start building relationships with CAISI or equivalent bodies now.

Adopt a jailbreak severity framework. The four-factor scoring system Anthropic proposed is likely to become the industry norm, much like CVSS did for software vulnerabilities. Implementing it now, even as an internal tool, positions you ahead of what will likely become a compliance requirement.

Watch for the Mythos 5 precedent. While Fable 5 was redeployed globally, Mythos 5 is still restricted to a set of US organizations approved through the Glasswing program. This two-tier approach (a public model with guardrails and a restricted model available only to trusted partners) is likely to become the standard template for future frontier model releases. Founders should plan for multiple access tiers.