Why Did the US Government Shut Down Claude 5 – and What Does Wall Street Have to Do With it?

On June 12, 2026, within a matter of hours, the US government forced the global shutdown of Anthropic's two newest models, Claude Fable 5 and Mythos 5, using a national security export control directive. The move was unprecedented in itself. It was the first time a government pulled a publicly available, frontier AI model off the market. The backdrop, though, is even more telling. For months, at the very highest level, tension had been building among the Treasury, the Fed, and CEOs of the largest banks over what these models might do to the security of the financial system. This post looks at two questions: How it could happen at all, and why now.

After a good deal of hesitation, I subscribed to Claude (specifically because I'd been nudged that the 5 model was free to try for a while) – and was met by a laconic "Claude Fable 5 is currently unavailable." My first suspicion, naturally, was the thing AI companies have lately taken to brazenly doing: Sure, you have a subscription, you just can’t use it right now, sorry. Not this time, though. The model had, in fact, been switched off by the US government. I dug in a little – and it turned out to be a far bigger story.

72 Hours at the Top

The whole thing played out in barely 72 hours. Anthropic released Fable 5 on June 9, the first publicly available model of the Mythos-class architecture, which the company celebrated as the most capable system it had ever put in front of the public. Three days later, on Friday evening, June 12, the Commerce Department's export control directive arrived – and the fresh, fanfare-launched flagship had to be shut down globally by its own maker. Between "the most capable ever" and "currently unavailable," just three days had passed.

According to Anthropic's terse statement, the government, "citing national security authorities," ordered the company to suspend access to Fable 5 and Mythos 5 for every foreign national – be they inside or outside the United States, including Anthropic's own non-citizen employees. Since it is technically impossible to selectively exclude a group that large, the company had no choice but to take the entire service offline worldwide. The other models – including Claude Opus 4.8 – were unaffected, so no real, mass disruption occurred; Fable 5 was, moreover, only three days old. Its significance lies not there, but in the fact that it happened at all.

For its part, Anthropic called the situation a misunderstanding and said it was working to restore access. The company says the government had learned of a "jailbreak" – a way around the safeguards. Anthropic's position, however, is that this bypass is narrow and non-universal. What was demonstrated with it was a handful of minor, already-known vulnerabilities that other publicly available models could find too; Fable 5's risk is no greater than that of systems already on the market. Pulling an entire model over so narrow a gap sets a dangerous precedent. The government, by contrast, deemed even the mere possibility unacceptable. The dispute, then, is not about the weight of any single flaw, but about how much a single demonstrated bypass should count.

The "Deemed Export" Twist

The legal mechanism that set all this in motion is itself remarkable. The directive did not order the servers switched off – it ordered that no foreign national may access the model. US export law has a concept called a "deemed export": if sensitive, controlled technology or knowledge is handed to a foreign national, it legally counts as an export even if the person is sitting physically in, say, San Francisco. By this logic, giving an Indian, British, or French engineer access to the model's "reasoning" is legally the same as shipping the server itself to Delhi, London, or Paris.

The US Federal Reserve Building in Washington DC

Anthropic could not even let its own foreign-born researchers near the system – the very people who had helped build it. And here comes the technical absurdity: the internet and cloud infrastructure are built to verify an API key, an OAuth token, an IP address, and a region – but not to determine a user's citizenship in a millisecond. Citizenship-based filtering simply does not exist at the network level, which is why the blunt, blanket shutdown that hit everyone was the only legally defensible move.

What Wall Street has Been Watching for Months

To understand the intensity of the government's reaction, we have to step back a couple of months. This is where the story becomes genuinely interesting for the financial world. When Anthropic unveiled the unrestricted, narrowly available version of the Mythos class, on April 7, 2026 Treasury Secretary Scott Bessent and Fed Chair Jerome Powell convened an urgent, closed-door crisis meeting with the CEOs of the country's largest, "systemically important" banks. According to CBS News and other outlets, the room included the heads of Citigroup, Morgan Stanley, Bank of America, Wells Fargo, and Goldman Sachs; JPMorgan's chief, Jamie Dimon, was invited but unable to attend.

The meeting had a single purpose: to warn the banks that Mythos-like models pose serious new cybersecurity risks to the financial system, and ensure they shored up their defenses. When the heads of the Treasury and the central bank summon Wall Street's leaders over a single software product with less than 24 hours' notice, that is not a routine consultation. According to an analysis by the law firm Sullivan & Cromwell, the meeting directly reflected the ongoing discussions between Anthropic and the government about the model's offensive and defensive cyber capabilities. The unease did not stay an American affair: Canada's finance ministry and central bank reportedly sat down to discuss the same thing.

The global financial system runs on decades-old, sometimes half-century-old back-end systems

In other words, the June shutdown did not come out of nowhere. For weeks, the US financial establishment had been preparing at the highest level for the possibility that AI could become one of the gravest threats to financial infrastructure. The June move was the logical, if not necessarily proportionate, continuation of that accumulated anxiety.

There is a concrete reason banks worry the most. The global financial system runs on decades-old, sometimes half-century-old back-end systems: COBOL mainframes, ancient C libraries, deeply nested APIs that handle everything from SWIFT transfers to modern open banking data flows. This is precisely the terrain where a Mythos-like model is strongest. Across vast amounts of legacy code, it finds the tiny logical or memory-management flaws that human engineers routinely miss. For a bank, then, the threat is not an abstraction – its own machinery, long assumed irreplaceable, becomes at once auditable and attackable.

The Why: When AI not Only Finds the Flaw, but Exploits it

But what capability caused this much alarm? The essence of the Mythos class is that it does not merely find deeply buried, old software flaws – it can autonomously exploit them, too. According to reports, the model uncovered a flaw that had gone unnoticed for 27 years in OpenBSD – a most secure operating system – as well as a flaw in the FFmpeg video processor that had slipped past five million automated security tests. What truly frightened the regulators was not the bug-finding in itself, but that the model could chain several vulnerabilities into a working attack.

This is exactly why the public Fable 5 was fitted with safety classifiers that filter out risky requests and quietly hand them off to a weaker model. Behind it, however, the same powerful architecture is at work – the unrestricted version of which Anthropic did not even release publicly. Access was limited to vetted cyber-defenders, biologists, and critical-infrastructure operators, under the government collaboration known as Project Glasswing. The June trigger was that a bypass could coax the public Fable 5 into flashing some of the hidden Mythos capabilities – narrowly, Anthropic says, essentially amounting to having the model read a codebase and fix its flaws. But the line between "help me find the flaw" and "help me exploit the flaw" is frighteningly thin – and that thin line is not a theoretical question for the guardians of a system that moves credit, payments, and markets.

The Timing is Hard not to Find Ironic

What gives the story its piquancy is that the shutdown happened on the same day as the largest stock-market listing in history. On June 12, SpaceX debuted on the Nasdaq at a valuation of roughly $2.1 trillion, becoming the sixth most valuable company in the USA overnight – and, according to reports, that very success buoyed the mood around the impending market debuts of the AI players, OpenAI, and Anthropic. Anthropic, after all, is heading for an IPO of its own; it filed its confidential listing paperwork earlier this month.

Even as the market is pouring unprecedented capital into frontier AI, and the race to ship fastest is on, a single government letter sent the flagship model offline within days. Placed side by side, the two events map fairly precisely where AI stands today. The stakes are enormous, and the regulator's hand has suddenly moved very close to the switch.

What Does This Tell Us?

The Fable 5 shutdown is a watershed for several reasons. It was the first time a government took a publicly available, frontier model offline worldwide – and did so through an unusual, citizenship-based export-law mechanism, rather than by content or geography. The shift in regulatory philosophy is telling. The AI industry was for years characterized by voluntary, self-regulatory frameworks, but it has now become clear that the state, when it sees fit, will reach for the bluntest instruments, including classic export controls.

For the financial world, though, the real message is not technical but attitudinal. The spring crisis meeting and the June shutdown together show that in the eyes of the Treasury and the central bank, frontier AI is no longer product technology but a matter of financial stability and national security – in the same category as systemic banking risks. This is both a threat and an opportunity. The very models that can exploit decades-old flaws in back-end systems can also find and patch those same flaws before a hostile actor does.The question is not whether we use this capability, but who does, under what controls, and in whose hands.

The model I had wanted to try ultimately taught me the most by being unavailable. Anthropic says access will return soon, and it is probably right. But the question the shutdown raised remains: If a technology can both defend the financial system and bring it to its knees, then who should be in charge of the switch – and what happens when someone flips it at 5:21 on a Friday evening?

Cover photo: Anthropic