On June 26, 2026, the U.S. Department of Commerce issued a letter to Anthropic's Chief Computing Officer Tom Brown, granting the company limited permission to distribute its Claude Mythos 5 model among more than one hundred trusted American organizations—including major Fortune 500 corporations and federal agencies responsible for protecting critical infrastructure. This decision marked a partial rollback of the strict ban enacted exactly two weeks earlier, on June 12, when Commerce Secretary Howard Lutnick ordered Anthropic to immediately terminate access to Mythos 5 and Fable 5 for all foreign nationals, including the company's own international employees.
The shutdown was triggered by an alert from Amazon: CEO Andy Jassy informed the White House of a "jailbreak" method capable of bypassing Fable 5’s safety protocols. Although Anthropic disputes the severity of the vulnerability, characterizing it as "narrow rather than universal," the Trump administration viewed the report as evidence of an unacceptable risk to national security. An attempt by Anthropic CEO Dario Amodei to persuade officials that more time was needed to address the issue proved fruitless; Treasury Secretary Scott Bessent told him bluntly that he was making a "bad decision," and export controls were implemented shortly thereafter.
The new authorization issued by Lutnick on Friday evening contains a key concession: access is being restored not for all, but for select partners subject to additional security measures. The myth of an absolute ban has been replaced by a model of selective control. Anthropic’s foreign employees and the international staff of trusted organizations now have the opportunity to work with Mythos 5—a significant concession after two weeks of a total block. Fable 5, the public version, remains closed; Anthropic is continuing negotiations for its return, though no specific timeline has been established.
The model is positioned as the "most powerful cybersecurity" tool to date—capable of identifying and exploiting vulnerabilities in critical software with unprecedented speed. Anthropic claimed that Mythos Preview had already identified thousands of vulnerabilities, including a 27-year-old flaw in OpenBSD—one of the world's most secure operating systems. This makes the model both a defensive asset and a potential weapon in the hands of bad actors, which explains the government's heavy-handed regulatory approach.
The Mythos 5 story demonstrates a radical shift in the Trump administration's approach to regulating frontier models. Earlier in the month, on June 2, the President signed the Executive Order "Promoting Advanced Artificial Intelligence Innovation and Security," which provides for a voluntary coordination mechanism with the federal government prior to the release of advanced models. But while this mechanism is still being developed with a deadline of August 1, 2026, the administration has not hesitated to act on its own initiative, using export controls as a tool of enforcement. The decision regarding Mythos 5 shows that compromise is born not from mutual agreements, but from state pressure.
The government's letter indicates a willingness to negotiate, but not necessarily a sense of trust. In the correspondence, Lutnick speaks of "significant progress" and "appropriate security measures," yet he reserves the right to "review or revoke the authorization at any time should circumstances change." This is not a reversal of the ban, but rather a conditional partial restoration, reflecting Washington’s clear intent to maintain leverage over the company without adopting a full legislative framework.
Interestingly, the authorization was released on the same day that OpenAI announced a limited rollout of its GPT-5.6 model to approved partners. Both developments have become part of a single process: an emerging regime of state control over frontier models. The regulator is effectively embedding itself into the development and release chain while maintaining the appearance of voluntary cooperation.
From a technical standpoint, Mythos stands out among Anthropic's other models for its specific focus on cyber tasks. Unlike general reasoning models such as Claude Opus or Sonnet, Mythos disrupts the usual balance: its cyber-offensive capabilities are more powerful than alternatives, but its safeguards are deemed too weak for a public release. This is why, until June, Anthropic provided Mythos Preview only to select partners under the Project Glasswing initiative—a collaboration with Amazon Web Services, Apple, Google, Microsoft, Nvidia, JPMorgan, and the Linux Foundation. However, the lack of public benchmarks and full architectural details, such as parameters, training data, and evaluation protocols, leaves questions about the model's true capabilities and generalization risks unanswered.
Compared to the approaches taken by other nations, the American model looks like a hybrid of export control and selective industrial policy. OpenAI, with its GPT-5.5-Cyber, also chose a limited release, though it did so on its own initiative rather than under government pressure. Europe watches these developments with growing concern: as Washington controls access to frontier models, Europe remains almost entirely dependent on the decisions of American regulators. Canadian Prime Minister Mark Carney condemned the ban as a reminder of the vulnerability of alternative sources of AI technology. China, by contrast, has tightened internal control over its own developers' models, but without such public theatrics.
For the industry, this means that compliance speed has become a competitive advantage: companies that can quickly adapt models to government requirements and negotiate on the fly gain access ahead of their rivals. Cybersecurity researchers and developers now have access to a powerful tool, but only within a limited circle, which could slow down scientific collaboration and the independent verification of model capabilities. Developers of frontier models, in turn, are forced to invest in compliance and safeguards during the early stages of development, rather than waiting until after a release.
It remains unclear how effective these safeguards will be in the long term and whether this precedent will lead to a more formalized, legally established system of export controls for AI models. The decision could serve as a template: if Anthropic has passed the test of a two-week ban and conditional restoration, will the same scheme be applied to OpenAI, Meta, or as-yet-unknown companies vying for frontier status? The next steps taken by the administration and Anthropic itself will show whether such a model can scale to other frontier systems and if it can truly find a balance between innovation and security.
Ultimately, the Mythos 5 story highlights a global shift in the regulation of advanced AI models: moving from blanket bans toward selective access and verifiable safeguards, and from abstract principles to concrete negotiations where Washington acts as the arbiter. This is not regulation in the traditional sense, but rather a game of cat and mouse between the state and private corporations, where every move serves to rewrite the rules.
