ProBackend
ai export controls geopolitical access
1 hour ago6 min read

Anthropic's Claude Models Return to Global Users After US Government Safety Review

The U.S. has lifted export controls on Anthropic's Claude models, Fable 5 and Mythos 5, after a three-week national security review and safety overhaul.

The Three-Week Blockade Ends

Export controls are incredibly easy for Washington bureaucrats to sign into existence, and almost impossible for engineering teams to actually enforce without breaking everything else. The U.S. Commerce Department just blinked. Roughly three weeks after the Trump administration threw a red flag over Anthropic’s newest Claude models—Fable 5 and Mythos 5—it has officially lifted its export restrictions.

Lutnick's Direct Letter to Anthropic

Commerce Secretary Howard Lutnick made it formal in a letter sent directly to Anthropic. The core message: the company no longer needs a license for international exports or in-country transfers of its Claude Mythos and Fable models. In public, the mood was self-congratulatory. White House Chief of Staff Susie Wiles and Lutnick both took to X (formerly Twitter) to celebrate the redeployment. Anthropic itself confirmed the global availability in a blog post, stating that access to Mythos 5 for U.S. organizations was restored back on June 26, while Fable 5 was freed up for the global market shortly after.

But behind the celebratory social media posts lies a messy reality. The entire three-week standoff exposed a massive gulf between federal risk policies and the practical plumbing of modern cloud software.

The Amazon Jailbreak that Triggered a Panic

To understand how we got here, you have to look at the trigger. It wasn't a spy agency or a foreign intelligence report that set off the alarm bells on June 12. It was Amazon's own security researchers. While stress-testing Anthropic's Claude models, the researchers discovered a highly specific jailbreak method.

Why Mythos 5 Left Washington Terrified

The bypass technique allowed users to systematically identify software vulnerabilities and exploit them. The Commerce Department panicked. The Trump administration feared that hostile state actors like China or Russia would harness this exact capability to disable or compromise critical U.S. infrastructure. We’re talking about the electric grid, the banking system, and municipal water systems.

The Department’s primary target was Mythos 5. Regulators deemed it "uniquely attractive to malicious actors" due to its ability to find and execute software exploits far more effectively than other models. The irony is that Fable 5, which shares the exact same underlying architecture but lacked those offensive-cyber peculiarities, got swept up in the dragnet anyway. It was a blunt policy tool applied to a complex technical stack.

The Blunt Reality of Direct Access Geo-Blocking

When the Commerce Department ordered the shutdown on June 12, they expected a surgical geofence. The mandate was simple: block foreign access to the frontier models. But actually doing that is a contractor's nightmare.

Anthropic couldn't just flip a geographic switch. They didn't have a reliable, foolproof way to segment their user base by physical country without risk of leaks. The restriction didn’t just lock out foreign adversaries; it would have locked out Anthropic’s own distributed team of non-U.S. employees. Under export control laws, a foreign national working inside a U.S. company accessing controlled software constitutes a "deemed export."

Faced with the threat of massive civil penalties and regulatory wrath, Anthropic took the nuclear option. They shut down access entirely. Domestic developers and international users alike found themselves locked out. For two weeks, the tech policy sector watched a major AI lab paralyzed because Washington demanded a border wall on an API endpoint.

The Safety Overhaul and the Classifier Trade-off

To get the handcuffs off, Anthropic had to play ball. They agreed to a sweeping safety overhaul. The centerpiece of this agreement is an expanded red-teaming partnership with the federal government and a newly created 24/7 internal response team to monitor jailbreak threats.

They also deployed a new safety classifier. This classifier is trained specifically to catch and intercept the bypass technique discovered by Amazon. Anthropic claims it blocks the jailbreak method in over 99 percent of cases.

When Benign Code Gets Blocked

But security is never free. The trade-off is a classic false-positive headache. Benign prompts—developers just trying to debug ordinary code or run security stress tests—are now being swept up and blocked by the aggressive classifier. If you’re a developer whose everyday debugging prompt gets flagged, you get rerouted to the older Claude Opus 4.8.

Anthropic itself downplayed the unique danger of Mythos 5 in their compliance filings. They noted that rival models, such as OpenAI’s GPT-5.5 or Moonshot’s Kimi K2.7, can identify the exact same vulnerabilities. Mythos, they argued, does not possess unique offensive capabilities. It is just extremely good at standard defensive cybersecurity. Lutnick’s clearance letter has strings attached: the Commerce Department reserves the right to reimpose the export ban if circumstances change or if Anthropic slips up on its monitoring commitments.

Glasswing and the New Severity Framework

Part of the compromise is a program called Glasswing. Glasswing creates a controlled environment where vetted cybersecurity researchers can access Mythos 5 for defensive work. Over 100 U.S. corporations and federal agencies received partial access under this program.

Four Pillars of Jailbreak Scoring

Furthermore, Anthropic has teamed up with Amazon, Microsoft, and Google to build a unified framework for scoring jailbreaks. Rather than letting the government panic over every new exploit, the coalition established four specific criteria to evaluate threats:

  1. The novel capability provided by the jailbreak.
  2. The number of offensive tasks the model can perform under its influence.
  3. The ease of weaponizing the resulting output.
  4. The level of specialist knowledge required to execute the exploit.

There is also a new HackerOne crowdsourced program. Security researchers can submit Claude jailbreaks directly to Anthropic for bounties, turning the chaotic wild-west of AI testing into a structured bureaucratic pipeline.

The Broader Fight Over Autonomy and Trust

This confrontation didn't happen in a vacuum. The relationship between Anthropic and the Pentagon has been deteriorating for months. Earlier in 2026, the Department of Defense designated Anthropic a "supply chain risk." The reason was simple: Anthropic refused to grant the military access to its models for surveillance operations or autonomous warfare.

From Supply Chain Risk to Early Access Agreements

Anthropic didn't take this lying down. They sued the U.S. government, alleging that the national security risk designation was retaliatory. Dario Amodei, Anthropic’s CEO, has voiced deep frustration with Washington’s legislative pace. He recently compared Congress to Treebeard from Lord of the Rings—painfully slow, deliberative, and out of step with the velocity of AI development.

Yet, Anthropic is still playing the Washington game. They are pursuing an IPO that could value the company close to $1 trillion. You cannot go public with a pending national security ban hanging over your head. As part of their peace offering, Anthropic has agreed to give the government early access to all frontier models prior to public deployment. They also urged Congress to punish Chinese competitors, claiming Alibaba launched a massive cloning attack on Claude.

For now, the servers are back online, and the export curbs are gone. But the lesson is clear: in the era of frontier AI, the line between software engineering and geopolitics has completely evaporated.

More blogs