The Statute That Pulled Claude Offline Was Written for Physical Goods. Nobody Is Sure It Applies Here.
On June 12, Commerce Secretary Howard Lutnick signed a Bureau of Industry and Security directive forcing Anthropic to suspend Claude Fable 5 and Mythos 5 globally. Both models remain offline on day 13. The directive cited EAR § 744.22(b) — a statute written to control physical exports and hardware — and applied it to API inference access to a cloud-hosted language model. Whether that application is legally valid is an open question. If it is, BIS now has authority to take any cloud AI service offline for any foreign national, with no advance notice and no appeal mechanism in the statute. That is a bigger story than any single model suspension.
The Statute That Pulled Claude Offline Was Written for Physical Goods. Nobody Is Sure It Applies Here.
At 5:21 PM ET on June 12, 2026 — three days after Anthropic launched Claude Fable 5 and Mythos 5 to the public — Commerce Secretary Howard Lutnick signed a Bureau of Industry and Security directive ordering Anthropic to immediately cease providing both models to any foreign national, anywhere in the world.
Because Anthropic cannot verify user citizenship in real time, it suspended both models for every customer globally. Claude Fable 5 and Mythos 5 are still offline on day 13.
The directive cited two legal authorities: the Export Control Reform Act of 2018, § 4817(b)(1), and the Export Administration Regulations, § 744.22(b) — the military-intelligence end use and end user restriction. These statutes were written to control physical exports: hardware, chips, weapons-relevant technology, tangible goods that cross borders. This is the first documented application of either to API inference access to a cloud-hosted consumer AI model.
Whether that application is valid is legally contested. The answer matters far beyond Anthropic's current situation.
The jailbreak that triggered a global suspension
The government's stated basis: a technique in which "asking the model to read a specific codebase and fix any software flaws" unlocked Mythos 5's cybersecurity capabilities beyond the restrictions Anthropic had applied to commercial-tier users. The concern was that foreign nationals could use this technique to access the Glasswing-tier capabilities — vulnerability discovery, exploit generation — that Anthropic had designed to be available only to its vetted government and cybersecurity partners.
Anthropic disputed the severity publicly, characterizing it as "a narrow potential jailbreak" producing "minor findings already achievable by GPT-5.5." The company argued in its official statement that "the finding of a narrow potential jailbreak should not be cause for recalling a commercial model deployed to hundreds of millions of people."
This public dispute is legally and strategically deliberate. Anthropic complied with the directive. It also went on record contesting it. That combination — compliance plus documented disagreement — builds a factual record for any future appeal, litigation, or legislative challenge. Companies that comply silently give up the ability to argue later that the authority was improperly applied. Anthropic chose not to be silent.
What EAR § 744.22(b) was written for
The Export Administration Regulations govern the export of "items" — defined in the statute to include commodities, software, and technology. The EAR was developed primarily to control the export of dual-use goods: technology with both commercial and military applications, physical hardware with national security implications, exportable software that could enable weapons development.
The statute has been applied expansively over time: to semiconductor designs, to source code with defense applications, to specific technical knowledge in certain contexts. The CHIPS Act extended export control logic to advanced chip designs and manufacturing processes. What it has not previously been applied to is API inference access — the act of a user sending text to a server, receiving a generated response, and not retaining any underlying model weights, training data, or technical parameters.
The legal question is whether providing API access to a cloud-hosted model constitutes an "export" of an "item" under EAR. A group of bipartisan House lawmakers sent a letter to Lutnick pressing him on this exact statutory basis. Their concern: if the government can designate API inference as an "export" subject to EAR, BIS can restrict any cloud AI service to foreign nationals — without legislation, without public rulemaking, and with a compliance timeline measured in hours.
Legal scholars who have published on EAR scope have reached inconsistent conclusions. The statute's text does not contemplate cloud inference. The legislative history does not contemplate cloud inference. But the statute's "technology" category is broad and has been stretched in prior BIS actions. This is genuinely unsettled law, and the directive just created the first case study.
The Glasswing irony
The most consequential detail in this story is not the jailbreak. It is Project Glasswing.
Anthropic designed Project Glasswing specifically to give the US government controlled, pre-cleared access to Mythos 5 — before and after public launch. Fifty partners initially, expanding to 150+ organizations across 15+ countries under a cybersecurity cooperation framework. Anthropic was doing exactly what the Trump EO (signed June 2, ten days before the directive) was designed to formalize: voluntary government cooperation, advance access, safety-evaluated deployment.
The government's response was to serve Anthropic a directive forcing global suspension of the same models it had been given controlled access to, citing a jailbreak that Anthropic says produces results already achievable by GPT-5.5.
The most government-cooperative major AI lab in the United States had its two flagship commercial models pulled from the market in the same month it publicly endorsed the administration's AI cooperation framework. OpenAI, Google, and Meta — none of which had equivalent government-access programs for their most capable models — were unaffected.
This is not an argument that the government acted in bad faith. It may have had classified intelligence about specific foreign threat actors and specific Mythos 5 capabilities that justified the action on grounds not publicly disclosable. But the incentive structure the directive creates is clear: labs that give the government access to their most capable models give the government the information needed to designate those models as export-controlled. Labs that do not cooperate do not face that risk. If Anthropic's cooperative posture created the conditions for the export control designation, the voluntary cooperation framework the EO promotes has a serious free-rider problem.
Enterprise governance: a new operational risk category
The Cloud Security Alliance framed the suspension in its June 2026 research note as the first live case study for enterprise AI governance under export control conditions. The framing is accurate.
Every enterprise that integrated Fable 5 or Mythos 5 into production workflows via API in the three days between launch and suspension now has a concrete answer to a question that previously had no concrete answer: yes, the government can force your AI provider to disable a model without notice, and your production systems will break.
SLA clauses in Anthropic's enterprise agreements did not contemplate this scenario. Force majeure provisions may or may not cover a government directive — and whether compliance with a disputed government order constitutes force majeure is itself a contract law question that differs by jurisdiction. Enterprise legal teams are now reviewing AI vendor contracts specifically for model recall provisions.
For enterprise AI procurement going forward, "government recall risk" has moved from theoretical to documented. The question procurement teams now ask: which AI providers have the most government-entangled models? Perversely, the answer — Anthropic, through Glasswing — is also the provider most likely to have been designated precisely because of that entanglement.
The IPO problem
Anthropic confidentially filed its S-1 with the SEC on June 1, 2026. The export control directive was served on June 12 — 11 days later. The S-1 does not disclose the suspension, because the suspension had not yet occurred when the S-1 was filed.
The suspension is now a material development for an IPO-track company. Anthropic's two flagship commercial differentiators — the models that justify a $965 billion pre-IPO valuation and a $30 billion+ annual run rate — have been offline for 13 days. The amended S-1 or the formal S-1 registration statement will need to disclose: the export control directive, the ongoing suspension, the legal dispute with BIS, and model recall risk as a new operational risk category.
Public market investors pricing a $1 trillion IPO will read those disclosures and reprice the risk. "Our models can be taken offline by government directive without advance notice, without a defined appeal mechanism, and without clear statutory authority" is a disclosure that changes the risk calculus for the infrastructure ownership thesis Anthropic's IPO narrative is built around.
The two return paths
Anthropic is not litigating the directive. It is building around it.
Return path one: Anthropic's privacy policy update, effective July 8, introduces government ID and biometric collection enabling real-time US citizenship verification. If that mechanism works at scale — verifying citizenship for Anthropic's hundreds of millions of users is a non-trivial engineering problem — Fable 5 and Mythos 5 can be restored for verified US citizens. Foreign nationals would remain locked out under the directive's terms. Prediction markets put the odds of restoration before July 17 at 75%.
Return path two: The August 1, 2026 deadline for the Trump EO framework (SIGNAL-021). If the implementing agencies — Treasury, NSA, CISA — produce a framework that includes formal criteria for when export controls apply to AI models, it may provide a mechanism for Anthropic to seek a formal BIS review with defined standards. The EO framework and the BIS directive are separate authorities, but the August 1 deadline is the next moment when the government's AI policy apparatus has a scheduled deliverable.
The July 8 path is a technical compliance solution. The August 1 path is a policy resolution. Whether either works depends on whether the BIS directive's underlying legal theory is treated as a one-time response to a specific threat or as the first move in a broader export control framework for frontier AI models.
If it is the former, Anthropic restores access, updates its enterprise SLAs, and the industry learns a narrow lesson about jailbreak response times. If it is the latter, the BIS directive of June 12 is the moment the US government established that frontier AI model APIs are subject to the same export control authority as physical weapons technology — and every cloud AI service in the world is operating under a new and largely undefined regulatory risk.
- https://www.anthropic.com/news/fable-mythos-access
- https://www.axios.com/2026/06/12/anthropic-trump-mythos-fable-national-security
- https://cybersecuritynews.com/claude-mythos-5-and-fable-5-export/
- https://aiweekly.co/node/3228
- https://labs.cloudsecurityalliance.org/research/governance-fable-mythos-export-control-v1-0/
- https://fortune.com/2026/06/13/anthropic-disables-fable-mythos-export-controls-national-security-threat/
- https://news.kalshi.com/p/fable-5-odds-anthropic-access-restored-july-57-percent
- https://explainx.ai/blog/is-fable-5-back-2026
- https://www.aljazeera.com/news/2026/6/13/us-orders-anthropic-to-disable-ai-models-for-all-foreign-nationals